Commit Graph

777 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
3f96c72ee3
api/admin: (ext/admin) limit listing VMs based on qrexec policy
Various Admin API calls, when directed at dom0, retrieve global system
view instead of a specific VM. This applies to admin.vm.List (called at
dom0 retrieve full VM list) and admin.Events (called at dom0 listen for
events of all the VMs). This makes it tricky to configure a management
VM with access to limited set of VMs only, because many tools require
ability to list VMs, and that would return full list.

Fix this issue by adding a filter to admin.vm.List and admin.Events
calls (using event handlers in AdminExtension) that filters the output
using qrexec policy. This version evaluates policy for each VM or event
(but loads only once). If the performance will be an issue, it can be
optimized later.

Fixes QubesOS/qubes-issues#5509
2020-03-28 03:23:28 +01:00
M. Vefa Bicakci
5d755eb065
tests: Add a test case for QubesVM.is_fully_usable
This commit adds a test case for the QubesVM class's is_fully_usable
method. The verified scenarios are as follows:

* The VM has qrexec enabled, and the qrexec service has been
  successfully started.
  (The VM becomes "fully usable" in this case.)

* The VM has qrexec enabled, and the qrexec service has failed to start
  (Error handling case; the VM is *not* fully usable.)

* The VM does *not* have qrexec enabled.
  (The VM becomes "fully usable" in this case.)
2020-03-09 00:22:51 -04:00
Marek Marczykowski-Górecki
16bdeea2c0
Merge remote-tracking branch 'origin/pr/295'
* origin/pr/295:
  tests: fix tag name in audiovm test
  tests: ensure notin while setting Audio/Gui VM
  gui: add checks for changing/removing guivm
  audio: add checks for changing/removing audiovm
  audio/gui: use simply vm.tags instead of list()
  tests: fix tests for gui/audio vm
  Make pylint happy
  gui/audio: fixes from Marek's comments
  Allow AudioVM to be ran after any attached qubes
  Allow GuiVM to be ran after any attached qubes
  xid: ensure vm is not running
  tests: fix missing default audiovm and guivm tags
  gui, audio: better handling of start/stop guivm/audiovm
  gui, audio: ensure guivm and audiovm tag are set
  Support for AudioVM
2020-03-09 01:48:01 +01:00
Marek Marczykowski-Górecki
36e9afe1ff
Merge branch 'tests20200301'
* tests20200301:
  tests/salt: don't depend on initial tags set
  tests: make audio tests less racy
2020-03-09 01:45:58 +01:00
Marek Marczykowski-Górecki
4cfc423d5e
tests: fix tag name in audiovm test 2020-03-09 01:11:58 +01:00
Marek Marczykowski-Górecki
84ec49e98d
Merge remote-tracking branch 'origin/pr/322'
* origin/pr/322:
  Ensure empty service value delete /var/run/qubes-service/ file
  services: fixes from Marek's comments
  config: fix mistake in path for services
  tests: add/remove services in dom0
  config: specify dom0 services path
  services: handle dom0 write permission errors
  services: handle /var/run/qubes/'SERVICE NAME' for dom0
  services: make PEP8 happier
2020-03-09 00:37:44 +01:00
Frédéric Pierret (fepitre)
a61bb9a0cb
Ensure empty service value delete /var/run/qubes-service/ file
- Add tests and stop patch path from Marek's comment
2020-03-08 23:08:48 +01:00
Frédéric Pierret (fepitre)
532d9a3a98
tests: ensure notin while setting Audio/Gui VM 2020-03-08 22:59:46 +01:00
Frédéric Pierret (fepitre)
90584c487a
gui: add checks for changing/removing guivm 2020-03-08 17:07:29 +01:00
Frédéric Pierret (fepitre)
c36ad38eb3
audio: add checks for changing/removing audiovm 2020-03-08 17:07:29 +01:00
Frédéric Pierret (fepitre)
4b5ae0833b
tests: fix tests for gui/audio vm 2020-03-08 17:07:24 +01:00
Frédéric Pierret (fepitre)
820500a367
tests: fix missing default audiovm and guivm tags 2020-03-08 17:05:33 +01:00
Frédéric Pierret (fepitre)
795ff1233a
Support for AudioVM 2020-03-08 17:05:33 +01:00
Marek Marczykowski-Górecki
b569f5a2b0
tests/firewall: update future time to be really in the future
Mar 4 2020 is no longer future, move it much more into the future.
2020-03-08 16:35:39 +01:00
Marek Marczykowski-Górecki
283d251387
Merge remote-tracking branch 'origin/pr/319'
* origin/pr/319:
  gui: set xkb_layout manually
  tests: handle legacy layout
  gui: no check in subprocess.run
  gui: handle legacy keymap setting /qubes-keyboard
2020-03-08 01:29:21 +01:00
Marek Marczykowski-Górecki
6874c7fece
tests/salt: don't depend on initial tags set
Some extensions may add tags at VM creation (guivm-*, audiovm-*). Take
this into account when calculating expected tags.
2020-03-01 22:36:54 +01:00
Marek Marczykowski-Górecki
ec88796129
tests: make audio tests less racy
Wait specifically for pulseaudio to start in the VM, instead of just
waiting few seconds.
Also, improve failure message to distinguish total lack of audio from
just missing few samples.
2020-03-01 22:36:54 +01:00
Marek Marczykowski-Górecki
34e6c2ff34
Merge remote-tracking branch 'origin/pr/323'
* origin/pr/323:
  Add guivm to internal.GetSystemInfo
2020-03-01 03:51:24 +01:00
Paweł Marczewski
941b7f16a0
Add guivm to internal.GetSystemInfo
Needed to move qrexec-policy-agent out to a separate GuiVM.
2020-02-27 18:20:48 +01:00
Frédéric Pierret (fepitre)
a67b8f35ba
gui: set xkb_layout manually 2020-02-25 11:34:02 +01:00
Frédéric Pierret (fepitre)
9a6ff177ce
tests: add/remove services in dom0 2020-02-20 23:07:49 +01:00
Marek Marczykowski-Górecki
2f4b42e5cd
Merge remote-tracking branch 'origin/pr/318'
* origin/pr/318:
  Pass network parameters to linux-stubdom

Fixes QubesOS/qubes-issues#5022
2020-02-17 03:56:45 +01:00
Rusty Bird
d527e01136
Remove more core2 code 2020-02-15 17:48:32 +00:00
Frédéric Pierret (fepitre)
65238c187f
tests: handle legacy layout 2020-02-13 22:46:52 +01:00
Marek Marczykowski-Górecki
c332de9653
Merge remote-tracking branch 'origin/pr/312'
* origin/pr/312:
  Added handling for 'force' option in vm shutdown
2020-02-06 23:31:43 +01:00
Marta Marczykowska-Górecka
284fbe1d44
Added handling for 'force' option in vm shutdown
To be more precise: just allowed using it, as the option was
actually implemented previously.

references QubesOS/qubes-issues#5591
2020-01-29 22:12:49 +01:00
Pawel Marczewski
1d1cc10211
Pass network parameters to linux-stubdom
See QubesOS/qubes-issues#5022.
2020-01-29 09:45:05 +01:00
Pawel Marczewski
08d83fb241
Support qubes.VMExec call
The feature is advertised by core-agent so that it can be used
instead of VMShell.

See QubesOS/qubes-issues#4850.
2020-01-24 16:57:13 +01:00
Marek Marczykowski-Górecki
0a66a0c7dd
Merge remote-tracking branch 'origin/pr/313'
* origin/pr/313:
  Fix overlapping block device names
2020-01-24 01:43:33 +01:00
Marek Marczykowski-Górecki
869f963335
Merge remote-tracking branch 'origin/pr/311'
* origin/pr/311:
  Add a test for loading volume config from XML
  Fix ThinVolume.size initialization from string
2020-01-24 01:38:16 +01:00
Marek Marczykowski-Górecki
edf5977b23
Merge remote-tracking branch 'origin/pr/309'
* origin/pr/309:
  import: check exact size of copied data
  Implement new admin.vm.ImportWithSize API call

Fixes QubesOS/qubes-issues#5239
2020-01-24 01:35:00 +01:00
Pawel Marczewski
fe72fe1681
Fix overlapping block device names
This was caused by a change in Jinja template engine that breaks
assignments like {% set i = i + 1 %} in a loop.

Jinja 2.10 introduces a "namespace" object for this use case, but
unfortunately dom0-fc25 uses 2.8.1.

See:

https://github.com/pallets/jinja/issues/641
https://github.com/pallets/jinja/pull/684

Fixes QubesOS/qubes-issues#5551.
2020-01-23 11:27:05 +01:00
Pawel Marczewski
66abc69a33
Add a test for loading volume config from XML 2020-01-23 10:42:26 +01:00
Pawel Marczewski
e9b97e42b1
import: check exact size of copied data
The import will error out if there is not enough data, or too
much data provided.
2020-01-23 09:48:58 +01:00
Pawel Marczewski
63ac952803
Implement new admin.vm.ImportWithSize API call
This should allow importing a volume and changing the size at the
same time, without performing the resize operation on original
volume first.

The internal API has been renamed to internal.vm.volume.ImportBegin
to avoid confusion, and for symmetry with ImportEnd.

See QubesOS/qubes-issues#5239.
2020-01-23 09:47:22 +01:00
Marek Marczykowski-Górecki
29f84d5105
Merge remote-tracking branch 'origin/pr/308'
* origin/pr/308:
  Move devices check to on_domain_pre_deleted
  Prevent removing VM if it provides devices in persistent mode
2020-01-23 04:32:39 +01:00
Pawel Marczewski
f1ff6c26d8
Move devices check to on_domain_pre_deleted 2020-01-21 15:35:30 +01:00
Marek Marczykowski-Górecki
8dda66d693
tests: fix key generation for dom0 updates tests
gpg2 requires explicit `%no-protection`, otherwise tries to
interactively (through gpg-agent) prompt for the passphrase.
2020-01-17 04:50:31 +01:00
Pawel Marczewski
b09a137b26
Prevent removing VM if it provides devices in persistent mode
Fixes QubesOS/qubes-issues#5136.
2020-01-16 11:13:07 +01:00
Marek Marczykowski-Górecki
309dd11b1d
Merge remote-tracking branch 'origin/pr/307'
* origin/pr/307:
  Implement missing get_cputime() in AdminVM
  Add admin.vm.CurrentState method
2020-01-16 04:12:42 +01:00
Marek Marczykowski-Górecki
161f139f98
Merge remote-tracking branch 'origin/pr/305'
* origin/pr/305:
  Test file copy hang when target machine qrexec is disabled
2020-01-16 04:05:09 +01:00
Marek Marczykowski-Górecki
0c08305f1a
Merge remote-tracking branch 'origin/pr/303'
* origin/pr/303:
  Update tests after adding /connected-ips
  Also reload /connected-ips on firewall change / domain spawn
  Also store /connected-ips6 for machines that have IPv6 addresses
  Don't try to write to qubesdb of an offline VM
  Maintain a list of connected machine IPs in qubesdb
2020-01-16 04:03:44 +01:00
Marek Marczykowski-Górecki
e6aa35fcdf
Merge branch 'tests-leaks'
* tests-leaks:
  ext/pci: handle 'qubes-close' event
  tests: allow extensions to cleanup objects references
2020-01-16 04:00:59 +01:00
Marek Marczykowski-Górecki
51adb434d1
tests: FileVolume.resize()
QubesOS/qubes-issues#5518
2020-01-16 01:38:14 +01:00
Pawel Marczewski
62735d9696
Add admin.vm.CurrentState method
For all the transient values that should not be treated as
real properties. To be used in core-admin-client.
2020-01-15 16:06:08 +01:00
Pawel Marczewski
e69bdc5efa
Test file copy hang when target machine qrexec is disabled
See QubesOS/qubes-issues#5347.

Fix in QubesOS/qubes-core-qrexec#15.
2020-01-14 15:07:42 +01:00
Marek Marczykowski-Górecki
74e956e1f1
ext/pci: handle 'qubes-close' event
Move cache cleanup to 'qubes-close' event handler, instead of doing it
specifically in tests.
2020-01-11 03:54:30 +01:00
Marek Marczykowski-Górecki
a89d3f0cae
tests: allow extensions to cleanup objects references
Extension objects are singletons and normally do not require any special
cleanup. But in case of tests, we try to remove all the qubes objects
between tests and the cache in usb extension makes it hard.
Add a 'qubes-close' event that extensions can handle to remove extra
references stored in extension objects themselves.
2020-01-11 01:22:30 +01:00
Pawel Marczewski
70c862fe73
Update tests after adding /connected-ips 2020-01-09 16:41:14 +01:00
Marek Marczykowski-Górecki
8965e9a8e4
tests/network: let xl devd bring the interfaces up
xl devd doesn't use startup notify, so when the service is started
(according to systemd) it may still be initializing interfaces. Add a
little sleep for that.
2019-12-05 23:31:15 +01:00