Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'origin/pr/254'

Browse Source 
* origin/pr/254:
  vm: allow StandaloneVM to be a DVM template
  vm: do not allow setting template_for_dispvms=False if there are any DispVMs
  vm: move DVM template specific code into separate mixin
This commit is contained in:
Marek Marczykowski-Górecki 2020-08-12 01:25:57 +02:00
commit f2b047c47e
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
7 changed files with 119 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
qubes/tests/vm/__init__.py
View File

@ -55,6 +55,9 @@ class TestVMsCollection(dict):
def close(self):
self.clear()
def __iter__(self):
return iter(self.values())
class TestVolume(object):
def __init__(self, pool):
self.pool = pool

38
qubes/tests/vm/dispvm.py
View File

@ -60,6 +60,9 @@ class TC_00_DispVM(qubes.tests.QubesTestCase):
self.addCleanup(self.cleanup_dispvm)
def cleanup_dispvm(self):
if hasattr(self, 'dispvm'):
self.dispvm.close()
del self.dispvm
self.template.close()
self.appvm.close()
del self.template
@ -118,6 +121,41 @@ class TC_00_DispVM(qubes.tests.QubesTestCase):
with self.assertRaises(qubes.exc.QubesValueError):
dispvm.template = qubes.property.DEFAULT
def test_003_dvmtemplate_template_change(self):
self.appvm.template_for_dispvms = True
orig_domains = self.app.domains
with mock.patch.object(self.app, 'domains', wraps=self.app.domains) \
as mock_domains:
mock_domains.configure_mock(**{
'get_new_unused_dispid': mock.Mock(return_value=42),
'__getitem__.side_effect': orig_domains.__getitem__,
'__iter__.side_effect': orig_domains.__iter__,
'__setitem__.side_effect': orig_domains.__setitem__,
})
self.dispvm = self.app.add_new_vm(qubes.vm.dispvm.DispVM,
name='test-dispvm', template=self.appvm)
with self.assertRaises(qubes.exc.QubesVMInUseError):
self.appvm.template = self.template
with self.assertRaises(qubes.exc.QubesValueError):
self.appvm.template = qubes.property.DEFAULT
def test_004_dvmtemplate_allowed_change(self):
self.appvm.template_for_dispvms = True
orig_domains = self.app.domains
with mock.patch.object(self.app, 'domains', wraps=self.app.domains) \
as mock_domains:
mock_domains.configure_mock(**{
'get_new_unused_dispid': mock.Mock(return_value=42),
'__getitem__.side_effect': orig_domains.__getitem__,
'__iter__.side_effect': orig_domains.__iter__,
'__setitem__.side_effect': orig_domains.__setitem__,
})
self.dispvm = self.app.add_new_vm(qubes.vm.dispvm.DispVM,
name='test-dispvm', template=self.appvm)
with self.assertRaises(qubes.exc.QubesVMInUseError):
self.appvm.template_for_dispvms = False
def test_010_create_direct(self):
self.appvm.template_for_dispvms = True

22
qubes/vm/appvm.py
View File

@ -24,10 +24,12 @@ import copy
import qubes.events
import qubes.vm.qubesvm
import qubes.vm.mix.dvmtemplate
from qubes.config import defaults
class AppVM(qubes.vm.qubesvm.QubesVM):
class AppVM(qubes.vm.mix.dvmtemplate.DVMTemplateMixin,
qubes.vm.qubesvm.QubesVM):
'''Application VM'''
template = qubes.VMProperty('template',
@ -35,11 +37,6 @@ class AppVM(qubes.vm.qubesvm.QubesVM):
vmclass=qubes.vm.templatevm.TemplateVM,
doc='Template, on which this AppVM is based.')
template_for_dispvms = qubes.property('template_for_dispvms',
type=bool,
default=False,
doc='Should this VM be allowed to start as Disposable VM')
default_volume_config = {
'root': {
'name': 'root',
@ -97,15 +94,6 @@ class AppVM(qubes.vm.qubesvm.QubesVM):
super(AppVM, self).__init__(app, xml, **kwargs)
@property
def dispvms(self):
''' Returns a generator containing all Disposable VMs based on the
current AppVM.
'''
for vm in self.app.domains:
if hasattr(vm, 'template') and vm.template is self:
yield vm
@qubes.events.handler('domain-load')
def on_domain_loaded(self, event):
''' When domain is loaded assert that this vm has a template.
@ -126,10 +114,6 @@ class AppVM(qubes.vm.qubesvm.QubesVM):
if not self.is_halted():
raise qubes.exc.QubesVMNotHaltedError(self,
'Cannot change template while qube is running')
if any(self.dispvms):
raise qubes.exc.QubesVMInUseError(self,
'Cannot change template '
'while there are DispVMs based on this qube')
@qubes.events.handler('property-set:template')
def on_property_set_template(self, event, name, newvalue, oldvalue=None):

8
qubes/vm/dispvm.py
View File

@ -26,12 +26,18 @@ import qubes.vm.qubesvm
import qubes.vm.appvm
import qubes.config
def _setter_template(self, prop, value):
if not getattr(value, 'template_for_dispvms', False):
raise qubes.exc.QubesPropertyValueError(self, prop, value,
'template for DispVM must have template_for_dispvms=True')
return value
class DispVM(qubes.vm.qubesvm.QubesVM):
'''Disposable VM'''
template = qubes.VMProperty('template',
load_stage=4,
vmclass=qubes.vm.appvm.AppVM,
setter=_setter_template,
doc='AppVM, on which this DispVM is based.')
dispid = qubes.property('dispid', type=int, write_once=True,

64
qubes/vm/mix/dvmtemplate.py Normal file
View File

@ -0,0 +1,64 @@
# -*- encoding: utf-8 -*-
#
# The Qubes OS Project, http://www.qubes-os.org
#
# Copyright (C) 2017 Marek Marczykowski-Górecki
# <marmarek@invisiblethingslab.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, see <http://www.gnu.org/licenses/>.
import qubes.events
class DVMTemplateMixin(qubes.events.Emitter):
'''VM class capable of being DVM template'''
template_for_dispvms = qubes.property('template_for_dispvms',
type=bool,
default=False,
doc='Should this VM be allowed to start as Disposable VM')
@qubes.events.handler('property-pre-set:template_for_dispvms')
def __on_pre_set_dvmtemplate(self, event, name,
newvalue, oldvalue=None):
# pylint: disable=unused-argument
if newvalue:
return
if any(self.dispvms):
raise qubes.exc.QubesVMInUseError(self,
'Cannot change template_for_dispvms to False while there are '
'some DispVMs based on this DVM template')
@qubes.events.handler('property-pre-del:template_for_dispvms')
def __on_pre_del_dvmtemplate(self, event, name,
oldvalue=None):
self.__on_pre_set_dvmtemplate(
event, name, False, oldvalue)
@qubes.events.handler('property-pre-set:template')
def __on_property_pre_set_template(self, event, name, newvalue,
oldvalue=None):
# pylint: disable=unused-argument
if any(self.dispvms):
raise qubes.exc.QubesVMInUseError(self,
'Cannot change template '
'while there are DispVMs based on this qube')
@property
def dispvms(self):
''' Returns a generator containing all Disposable VMs based on the
current AppVM.
'''
for vm in self.app.domains:
if getattr(vm, 'template', None) == self:
yield vm

4
qubes/vm/standalonevm.py
View File

@ -19,10 +19,12 @@
#
import qubes.events
import qubes.vm.mix.dvmtemplate
import qubes.vm.qubesvm
import qubes.config
class StandaloneVM(qubes.vm.qubesvm.QubesVM):
class StandaloneVM(qubes.vm.mix.dvmtemplate.DVMTemplateMixin,
qubes.vm.qubesvm.QubesVM):
'''Standalone Application VM'''
def __init__(self, *args, **kwargs):

1
rpm_spec/core-dom0.spec.in
View File

@ -391,6 +391,7 @@ done
%dir %{python3_sitelib}/qubes/vm/mix/__pycache__
%{python3_sitelib}/qubes/vm/mix/__pycache__/*
%{python3_sitelib}/qubes/vm/mix/__init__.py
%{python3_sitelib}/qubes/vm/mix/dvmtemplate.py
%{python3_sitelib}/qubes/vm/mix/net.py
%dir %{python3_sitelib}/qubes/storage