Commit Graph

1019 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
28737d16ce
Migrate qubes.NotifyTools, qubes.FeaturesRequest, qubes.NotifyUpdates
Make them call into qubesd. Create separate socket for "misc" calls - VM
accessible, but not part of Admin API.
2017-06-06 03:33:30 +02:00
Marek Marczykowski-Górecki
43fd1d76e8
tools/qubesd-query: add option to report failure with exit code 2017-06-06 03:33:30 +02:00
Marek Marczykowski-Górecki
05ba73bb3a
api/internal: add methods for handling host suspend 2017-06-06 03:33:29 +02:00
Marek Marczykowski-Górecki
f80fddf7ae
vm: restore code for suspending domains with PCI devices 2017-06-06 03:33:29 +02:00
Marek Marczykowski-Górecki
4c4f903fe3
vm: change kernel=None to kernel=''
vm.kernel property have type 'str'. Putting None there makes a lot of
troubles: it gets encoded as 'None' in qubes.xml and then loaded back as
'None' string, not None value. Also it isn't possible to assign None
value to str property throgh Admin API.

kernel='' is equally good to specify "no kernel from dom0".

QubesOS/qubes-issues#2622
2017-06-05 23:38:30 +02:00
Marek Marczykowski-Górecki
d5cd58df51
templatevm: set default netvm to None for templates
Since we have qrexec-based updates proxy, we can even stronger isolate
templates from outside threats.

QubesOS/qubes-issues#1854
2017-06-05 23:38:30 +02:00
Marek Marczykowski-Górecki
1ed0b14d93
vm: make vm.hvm=True by default
QubesOS/qubes-issues#2185
2017-06-05 23:38:30 +02:00
Marek Marczykowski-Górecki
5d3204c730
vm: remove prepare_dvm parameter from methods and events
It was related to DispVM savefile preparation, but it is no longer
applicable in Qubes 4.0
2017-06-05 23:38:30 +02:00
Marek Marczykowski-Górecki
018877a19c
vm: avoid starting the same VM multiple times simultaneously
While libvirt handle locking itself, there is also Qubes-specific
startup part. Especially starting qrexec-daemon and waiting until
qrexec-agent connect to it. When someone will attempt to start VM the
second time (or simply assume it's already running) - qrexec will not be
connected yet and the operation will fail. Solve the problem by wrapping
the whole vm.start() function with a lock, including a check if VM is
running and waiting for qrexec.

Also, do not throw exception if VM is already running.

This way, after a call to vm.start(), VM will be started with qrexec
connected - regardless of who really started it.
Note that, it will not solve the situation when someone check if VM is
running manually, like:

    if not vm.is_running():
        yield from vm.start()

Such code should be changed to simply:

    yield from vm.start()

Fixes QubesOS/qubes-issues#2001
Fixes QubesOS/qubes-issues#2666
2017-06-05 23:38:30 +02:00
Marek Marczykowski-Górecki
257c8c0821
devices : make DeviceInfo sortable 2017-06-05 23:33:58 +02:00
Marek Marczykowski-Górecki
b08574acf3
api/internal: make GetSystemInfo not crash on not set default DispVM 2017-06-05 23:33:58 +02:00
Marek Marczykowski-Górecki
b5a4573290
storage: remove DomainPool
Replaced by BlockDevice extension
2017-06-05 23:33:58 +02:00
Marek Marczykowski-Górecki
9bb5054e50
ext: BlockDevices extension
Handle block devices exposed by VMs
2017-06-05 23:33:58 +02:00
Wojtek Porczyk
d9f5192cc2 last fixes (thanks, @marmarek!) 2017-06-05 14:34:06 +02:00
Wojtek Porczyk
dc793be81f Fixes from marmarek's review 2017-06-01 12:31:14 +02:00
Wojtek Porczyk
cb3c9a82b3 qubes/tests: fix qrexec policy context
Now it removes policy file if it was created while entering the context.
2017-06-01 12:31:14 +02:00
Wojtek Porczyk
bbe757d0a7 Make pylint very ♥ 2017-05-30 15:06:05 +02:00
Wojtek Porczyk
42cbd9ff68 qubes.tests asyncio, part 2
QubesOS/qubes-issues#2622
2017-05-29 19:08:38 +02:00
Wojtek Porczyk
df03800278 Fix miscellaneous warnings
Among them:
- explicitly close files (possibly using with: syntax)
- use non-deprecated methods
2017-05-29 17:34:15 +02:00
Wojtek Porczyk
b212a75ba3 qubes/vm/qubesvm: don't use .run_service() for .run()
QubesOS/qubes-issues#2622
2017-05-29 17:34:15 +02:00
Wojtek Porczyk
a9755ed76a qubes/ext/gui: remove is-fully-usable and is_guid_running 2017-05-29 17:34:15 +02:00
Wojtek Porczyk
b256af3bfb qubes.tests asyncio
QubesOS/qubes-issues#2622
2017-05-29 17:34:15 +02:00
Marek Marczykowski-Górecki
7f3dd8b3d7
storage: don't fail on import if lvm is not installed 2017-05-26 15:08:20 +02:00
Marek Marczykowski-Górecki
e54cc11a2c
vm: expose to VM only features with 'service/' prefix
And place them in /qubes-service/ QubesDB directory. This allows
extensions to easily store some data not exposed to VM, but also have
control what VM will see. And at the same time, it make it compatible
with existing services framework

QubesOS/qubes-issues#1637
2017-05-26 15:08:19 +02:00
Marek Marczykowski-Górecki
607dcbaf37
admin-api: fix handling admin.vm.property.Set with None VM value
Setting VMProperty to None VM should be encoded as '' value (according
to VMProperty._none_value). But value validation rejected this value.

QubesOS/qubes-issues#2622
2017-05-26 15:08:18 +02:00
Marek Marczykowski-Górecki
305fb5b6d0
Move qvm-template-postprocess tool to core-admin-client
Since implementing admin.vm.volume.Import, this migrated to Admin API.
2017-05-26 15:08:17 +02:00
Marek Marczykowski-Górecki
d42197e94c
make 'mgmt-permission:' event compatible with check-events script
It doesn't support str.format().
2017-05-26 15:08:17 +02:00
Marek Marczykowski-Górecki
3177fc504f
tests: basic tests for admin.vm.volume.Import 2017-05-26 15:08:16 +02:00
Marek Marczykowski-Górecki
d7af67d875
storage: minor error handling fix 2017-05-26 15:08:15 +02:00
Marek Marczykowski-Górecki
6c29c653a0
tests: improve qubes_basdir_patching
File storage pool use qubes.config.qubes_base_dir, not
qubes.config.system_path, so patch that too.
2017-05-26 15:08:15 +02:00
Marek Marczykowski-Górecki
3cacf290bb
admin: implement admin.vm.volume.Import
Implement this in two parts:
1. Permissions checks, getting a path from appropriate storage pool
2. Actual data import

The first part is done by qubesd in a standard way, but then, instead of
accepting all the data (which may be several GB), return a path to which
a shell script (in practice: `dd` command) will write the data.
Then the script call back to qubesd again to report success/failure and
qubesd response from that call is actually returned to the user.

This way we do not pass all the data through qubesd, but still can
control the process from there in a meaningful way. Note that the last
part (second call to qubesd) may perform all kind of verification (like
a signature check on the data, or so) and can also prevent VM from
starting (hooking also domain-pre-start event) from not verified image.

QubesOS/qubes-issues#2622
2017-05-26 15:08:14 +02:00
Marek Marczykowski-Górecki
46b60dbf42
storage: add Pool.import_data to the API
Allow importing not only from another volume, but also raw data. In
practice, for all currently implemented storage pools, this is the same
as Pool.export, because path returned there is read-write. But lets not
abuse this fact, some future implementation may need different methods.

QubesOS/qubes-issues#2622
QubesOS/qubes-issues#2256
2017-05-23 15:35:55 +02:00
Marek Marczykowski-Górecki
1692601fcd
typo fix 2017-05-23 15:35:21 +02:00
Marek Marczykowski-Górecki
74689dd998
qubesd: reduce verbosity
Remove debug prints, log full traceback (of handled exception) only when
debug mode enabled (--debug, introduce in this commit too).
--debug option also enables sending tracebacks to the API clients.

QubesOS/qubes-issues#853
2017-05-23 04:47:50 +02:00
Marek Marczykowski-Górecki
64b83fa95a
admin: raise QubesNoSuchPropertyError for non-existing properties
Accessing non-existing property is a common action (for example
hasattr() do try to access the property). So, introduce specific
exception, inheriting from AttributeError. It will behave very similar
to standard (non-Admin-API) property access.

This exception is reported to the Admin API user, so it will be possible
to distinguish between non-existing property and access denied. But it
isn't any significant information leak, as list of valid properties is
publicly available in the source code.

QubesOS/qubes-issues#853
2017-05-23 04:32:59 +02:00
Marek Marczykowski-Górecki
f93583e2be
devices: adjust XML serialization of device options
Use '<option name="option_name">option_value</option>' instead of
'<options option_name="option_value"/>'. It's more consistent with the
rest of qubes.xml - have one thing per element.

Also, add options deserialization test.
2017-05-22 17:11:20 +02:00
Marek Marczykowski-Górecki
29f3c9b58f
vm: don't try to define libvirt domain when just checking its state
When libvirt domain is not defined, it isn't running for sure.
This commit fixes the case when vm.is_running() appears anywhere in the
code used during libvirt xml building. In this case, it's mostly about
PCI device description for libvirt.
2017-05-22 17:11:19 +02:00
Marek Marczykowski-Górecki
6bc44b43de
pci: adjust PCIDeviceExtension device identifier syntax
':' is not allowed in device identifier, replace it with '_'.

Warning: this breaks existing qubes.xml
2017-05-22 17:11:19 +02:00
Marek Marczykowski-Górecki
fe37e0933e
Devices-related formating fixes
QubesOS/qubes-issues#
2017-05-22 03:21:13 +02:00
Marek Marczykowski-Górecki
dde9085920
vm: fix autostart-related events handling
event signature contains 'name', not 'prop' (it's no longer positional
argument).
2017-05-22 03:21:13 +02:00
Marek Marczykowski-Górecki
402afa1925
pci: use device attach options for disabling strict reset
Since we have now per-device options, it's more logical to use it here,
instead of features with device identifier encoded into feature name.
2017-05-22 03:21:13 +02:00
Marek Marczykowski-Górecki
d0b8933374
devices: add assignment.device property
Make it easy to retrieve DeviceInfo object out of DeviceAssignment
object. The only missing piece of information for that is device class,
so add it. Make it optional, as it can be filled on demand when passing
the object through DeviceCollection (either by listing devices, or
attaching/detaching).

This is mostly to ease handling options in libvirt template - to get
them, you need to use `assignments()`, istead of `persistent()` or
`attached()`, but there were no _simple_ way of getting actual device
object.

This also makes DeviceCollection._device method not needed anymore.
2017-05-22 03:21:07 +02:00
Marek Marczykowski-Górecki
227010d433
pci: fix device-pre-attach event signature
Now it contains also options. PCI extension do not use it, yet.
2017-05-19 18:49:22 +02:00
Marek Marczykowski-Górecki
f9fa27dacc
property: add property.__str__ 2017-05-19 18:49:21 +02:00
Marek Marczykowski-Górecki
f7cb8f27c5
admin: add admin.vm.Remove method
QubesOS/qubes-issues#2622
2017-05-19 18:49:21 +02:00
Marek Marczykowski-Górecki
0ef010cc70
qmemman: fix list/filter handling on python3
Filter in python3 returns a generator, can be iterated only once.
This is about list of existing domains - store it as a list, otherwise
domains will "disappear" after being discovered.
2017-05-18 09:44:48 +02:00
Marek Marczykowski-Górecki
1831088c9b
api/internal: don't try to start dom0
qrexec-policy do try to start a VM before executing service. Avoid this
here, instead of qrexec-policy to keep the later clean.
2017-05-17 14:24:59 +02:00
Marek Marczykowski-Górecki
ae28d32af7
vm: make sure qmemman connection is closed even on failed VM startup
Qmemman hold global lock while serving requests, so not closing
connection will prevent any further action.
2017-05-17 11:17:22 +02:00
Marek Marczykowski-Górecki
e5daf902b3
vm/net: fix IP address calculation
7 is not the same as 7 bits...
2017-05-17 11:17:22 +02:00
Marek Marczykowski-Górecki
4d6d6c913a
qubesd: make sure NOTIFY_SOCKET variable is not propagated
qubesd do start other daemons - make sure they will not try to signal
systemd about it. In some cases such daemons (qubesdb-daemon) behave
differently based on this variable.
2017-05-17 11:17:22 +02:00