Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
4,768 Commits 1 Branch 0 Tags 15 MiB
3074a4064c
Commit Graph

1084 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
3074a4064c
vm/qubesvm: forbid changing VM name 
We've decided to make VM name immutable. This is especially important
for Admin API, where some parts (especially policy) are sticked to the
VM name.

Now, to rename the VM, one need to clone it under new name (thanks to
LVM, this is very quick action), then remove the old one.

Fixes QubesOS/qubes-issues#2868
 2017-06-26 02:00:45 +02:00
Marek Marczykowski-Górecki
a6c16d00be
vm/qubesvm: fix handling empty kernel value 
Do not fail on empty kernel value - which means "use booloader on
root.img".

Fixes 3ddc052 "vm: move kernel presence validation to event handler"
 2017-06-26 01:59:39 +02:00
Marek Marczykowski-Górecki
26013122a0
Merge remote-tracking branch 'woju/devel-adminext' into core3-devel 2017-06-23 10:34:11 +02:00
Marek Marczykowski-Górecki
4208a98bd7
Merge branch 'core3-devel-20170619' 2017-06-23 02:53:17 +02:00
Marek Marczykowski-Górecki
f976f7ec6c
storage: simplify coroutine handling 
Suggested by @woju
 2017-06-23 02:35:49 +02:00
Marek Marczykowski-Górecki
57e293eb54
Merge branch 'core3-qmemman-fix' 2017-06-22 23:16:35 +02:00
Wojtek Porczyk
8c9ce0587b ext/admin: add explanation to PermissionDenied 2017-06-22 13:21:37 +02:00
Wojtek Porczyk
2942f8bcac qubes: admin extension 
for managing tags
 2017-06-21 23:12:54 +02:00
Marek Marczykowski-Górecki
c1f4c219f9
tests: adjust TC_00_QubesDaemonProtocol for reorganized api module 2017-06-21 06:59:58 +02:00
Marek Marczykowski-Górecki
588ff04f0d
qmemman: fix units on meminfo parsing 
meminfo (written by VM) is expected report KiB, but qmemman internally
use bytes. Convert units.
And also move obscure unit conversion in is_meminfo_suspicious to more
logical place in sanitize_and_parse_meminfo.
 2017-06-21 06:34:00 +02:00
Marek Marczykowski-Górecki
ea0cbe3a56
tests: improve tests for qrexe exit code handling 
Check if exit code retrieved from dom0 is really the one expected.

Fix typo in test_065_qrexec_exit_code_vm (testvm1/testvm2), adjust for
reporing remote exit code and remove expectedFailure.

QubesOS/qubes-issues#2861
 2017-06-21 05:23:35 +02:00
Marek Marczykowski-Górecki
a73dcf6016
tests: wait for session in tests requiring running GUI 
Since tests expose qubesd socket, qvm-start-gui should handle starting
GUI daemons (so, GUI session inside VM). Add synchronization with it
using qubes.WaitForSession service.
 2017-06-21 04:45:46 +02:00
Marek Marczykowski-Górecki
376ac4b32d
tests: fix vm.run_for_stdio in some more places 
When test expect to wait for remote process, use vm.run_for_stdio.
Additionally, when the call fail, (stdout, stderr) is not assigned - use
the one attached to exception object instead.
 2017-06-21 04:33:10 +02:00
Marek Marczykowski-Górecki
a0f616f14e
tests: fix checking exit code 
Since run_for_stdio raise an exception for non-zero exit code, it isn't
ignored anymore. So, check if qrexec-client-vm return expected value,
instead of keep ignoring it.

QubesOS/qubes-issues#2861
 2017-06-21 00:17:43 +02:00
Marek Marczykowski-Górecki
72240c13b6
tests: fix vm_qrexec_gui/TC_10_Generic/test_000_anyvm_deny_dom0 
When method (as expected) raise an exception, service output would not be
assigned. Extract it from exception object.
 2017-06-21 00:17:43 +02:00
Marek Marczykowski-Górecki
a469c565f4
tests: fix QrexecPolicyContext 
Flush new policy file to the disk, otherwise it will stay only in write
buffer.
 2017-06-21 00:17:43 +02:00
Marek Marczykowski-Górecki
3ddc052af3
vm: move kernel presence validation to event handler 
Setter is called also on qubes.xml load, so missing kernel breaks
qubes.xml parsing - for example qubesd startup to fix that property.
 2017-06-21 00:17:43 +02:00
Marek Marczykowski-Górecki
4241b39b94
tests: fix tests cleanup 2017-06-21 00:17:42 +02:00
Marek Marczykowski-Górecki
60443259d0
vm: raise CalledProcessError on failed service/command call 2017-06-21 00:17:42 +02:00
Marek Marczykowski-Górecki
51a17ba749
tests: do not reload qubes.xml 
In core3 this isn't needed anymore (and unit tests already check if
that's really true).
 2017-06-21 00:17:42 +02:00
Marek Marczykowski-Górecki
ea5ca79133
tests: fix removing test VMs 
Do it before shutting down qubesd socket - some things may require it
for VM removal/shutdown.
 2017-06-21 00:17:41 +02:00
Marek Marczykowski-Górecki
eee6ab0c01
tests: use copy of qubes.xml, instead of empty one 2017-06-21 00:17:41 +02:00
Marek Marczykowski-Górecki
984a070f3e
tests: move create_*_file to SystemTestsMixin 2017-06-21 00:17:40 +02:00
Wojtek Porczyk
f56f7d13fb
tests/integ/vm_qrexec_gui: skip test_051_qrexec_simple_eof_reverse 
QubesOS/qubes-issues#2851
 2017-06-21 00:17:39 +02:00
Wojtek Porczyk
139f18fa1d
qubes/tests/integ/vm_qrexec_gui: some fixes 2017-06-21 00:17:39 +02:00
Wojtek Porczyk
0c0b0ea6ef
qubes/tests/integ/vm_qrexec_gui: change time.sleep to asyncio.sleep 2017-06-21 00:17:38 +02:00
Wojtek Porczyk
96a66ac6bd
qubes/api: refactor creating multiple qubesd sockets 
Now there is a single function to do this, shared with tests.
 2017-06-21 00:17:37 +02:00
Wojtek Porczyk
bec58fc861
qubes/tests: start qrexec policy responder for system tests 2017-06-20 13:00:20 +02:00
Wojtek Porczyk
71a4390fdb
qubes/tools/qubesd: properly unlink UNIX sockets at shutdown 2017-06-20 13:00:20 +02:00
Wojtek Porczyk
4b8e5c3704
qubes/tests/run: refuse to run tests if qubesd is running 
Test suite creates some VMs and needs to pass the knowledge about them
to qrexec policy checker. This is done using Admin API, so we need to
substitute qubesd with our own API server.
 2017-06-20 13:00:20 +02:00
Wojtek Porczyk
858e547525
qubes: reorganise API protocols 
Now instantiating API servers is handled by common function. This is,
among other reasons, for creating ad-hoc sockets for tests.
 2017-06-20 13:00:20 +02:00
Marek Marczykowski-Górecki
8196b2d5bf
admin.vm.Create: add commend about 'created-by-' tag 2017-06-20 12:47:01 +02:00
Marek Marczykowski-Górecki
c13cf44e5e
admin.vm.Create: add 'created-by-' tag 2017-06-20 12:47:00 +02:00
Marek Marczykowski-Górecki
083108e995
app: fix registering libvirt event handler 
register_event_handlers is called early, when libvirt connection may not
be yet established - especially on empty qubes.xml. Do not skip
automatic connection logic.
 2017-06-20 12:47:00 +02:00
Marek Marczykowski-Górecki
e4d285d479
vm/adminvm: make AdminVM sortable 
One more thing gone during changing AdminVM base class.
 2017-06-20 12:47:00 +02:00
Marek Marczykowski-Górecki
9242202db2
admin: implement admin.vm.tag.* 
QubesOS/qubes-issues#2622
 2017-06-20 00:54:16 +02:00
Marek Marczykowski-Górecki
4a1a5fc24b
exc: fix QubesNoTemplateError 2017-06-20 00:54:16 +02:00
Marek Marczykowski-Górecki
aadbe223c3
admin: add admin.vm.volume.Clone 
QubesOS/qubes-issues#2622
 2017-06-20 00:54:15 +02:00
Marek Marczykowski-Górecki
f48b1be669
storage: extract single volume clone into clone_volume 
This will be useful for admin.vm.volume.Clone implementation.

QubesOS/qubes-issues#2256
 2017-06-20 00:54:15 +02:00
Marek Marczykowski-Górecki
86a935e779
qubes.NotifyTools: ignore '/qubes-tools/version' completely 
It isn't used for anything, so simply ignore it for good.

https://github.com/QubesOS/qubes-core-admin/pull/109#discussion_r121421409
 2017-06-14 10:44:24 +02:00
Marek Marczykowski-Górecki
55669c350c
api/misc: fix retrieving requested features from QubesDB 
qdb.list return list of bytes().
 2017-06-14 10:44:24 +02:00
Marek Marczykowski-Górecki
5209bc370d
vm: init vm.storage and vm.volumes in BaseVM 
This way also AdminVM will have (empty) properties there. It is much
cleaner than adding `if hasattr` or catching AttributeError everywhere.
 2017-06-14 10:44:24 +02:00
Marek Marczykowski-Górecki
160ab964bc
vm: improve sending events for tags and features 
1. Send the event after setting tag/feature
2. Provide old value for feature
3. Rename 'key' kwarg to 'feature'
 2017-06-14 10:44:23 +02:00
Marek Marczykowski-Górecki
8ba60cd7e9
app: fix listing VMs based on given template 2017-06-13 13:15:21 +02:00
Marek Marczykowski-Górecki
93ccb8bbda
Merge remote-tracking branch 'qubesos/pr/111' 
* qubesos/pr/111:
  vm: drop 'internal' property
  qmemman: make sure to release lock
  qmemman: fix meminfo parsing for python 3
  devices: drop 'data' and 'frontend_domain' fields, rename 'devclass' to 'bus'
 2017-06-12 23:22:55 +02:00
Marek Marczykowski-Górecki
ba4da5cbe0
Merge remote-tracking branch 'qubesos/pr/110' 
* qubesos/pr/110:
  storage: use direct object references, not only identifiers
  vm: fix volume_config
  storage/lvm: prefix VM LVM volumes with 'vm-'
  storage: fix VM rename
 2017-06-12 23:22:41 +02:00
Marek Marczykowski-Górecki
37245acdcf
vm: change vm.updates_available to a 'updates-available' feature 2017-06-12 12:34:23 +02:00
Marek Marczykowski-Górecki
caa03a9279
vm/qubesvm: simplify 'None' kernel handling 2017-06-12 12:26:57 +02:00
Marek Marczykowski-Górecki
ee442c754f
api/misc: integrate qubes.NotifyTools logic with qubes.FeaturesRequest 
Make qubes.NotifyTools reuse logic of qubes.FeaturesRequest, then move
actual request processing to 'features-request' event handler. At the
same time implement handling 'qrexec' and 'gui' features request -
allowing to set template features when wasn't already there.
Behavior change: template is no longer allowed to change feature value
(regardless of being True or False). This means the user will always be
able to override what template have set.
 2017-06-12 12:22:39 +02:00
Marek Marczykowski-Górecki
e8c303977b
vm/adminvm: fix str(AdminVM) after changing its base 
BaseVM have no (useful) __str__ method.
 2017-06-12 10:15:13 +02:00