Commit Graph

2192 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
8f38753bdb
Re-enable SMAP for VMs
Buggy Linux version is no longer present in any supported template (the
last one was Debian jessie).

QubesOS/qubes-issues#2881
2020-11-05 05:28:39 +01:00
Marek Marczykowski-Górecki
73e55eb99a
tests: adjust for applications list stored in features dict 2020-11-02 01:44:32 +01:00
Marek Marczykowski-Górecki
2b49979c2a
tests: remove test_030_clone
Since qubesd-side clone_vm function is gone, it doesn't make sense to
test it. For some time already this tested only if manual step-by-step
clone implemented _in the test itself_ was done correctly.

Actual cloning is part of qubes-core-admin-client and is tested there.
2020-11-02 01:44:17 +01:00
Marek Marczykowski-Górecki
8b4a4a72b4
drop old workaround kernelopts
- nopat - added when PAT in Linux+Xen was buggy, no longer the case for a
long time.
- iommu=soft swiotlb=8192 - necessary to limit required memory on PV with
PCI devices; since we use HVM now (with proper IOMMU translation), this
is no longer needed. Furthermore, it will free some memory in sys-* vms.
2020-11-01 18:10:52 +01:00
Marek Marczykowski-Górecki
14c636469f
tests: make sure dnsmasq is stopped before starting it again
Avoid conflict on listening port ("Address already in use" error).
Send SIGTERM until all instances of dnsmasq exit.
2020-10-30 21:09:47 +01:00
Marek Marczykowski-Górecki
79d4b7162a
tests: fail the test early if VM fails to start
Make an exception in vm.start() actually interrupt the test. The
asyncio.wait() returns list of completed tasks, where exception may be
stored - but is not raised directly. Change to asyncio.gather() that will
propagate the exception by default.
As a side effect, avoid deprecated direct coroutine passing to
asyncio.wait(). This functionality in asyncio.gather() is not
deprecated.
2020-10-30 15:39:57 +01:00
Marek Marczykowski-Górecki
7ffa7564cf
Merge remote-tracking branch 'origin/pr/369'
* origin/pr/369:
  ext: support for non-service feature advertisement
2020-10-10 03:33:09 +02:00
Marek Marczykowski-Górecki
bdd1184a3a
Merge remote-tracking branch 'origin/pr/367'
* origin/pr/367:
  gui: add --all and --dom0 to qubes-input-trigger script
  gui: adapt trigger for dom0 input devices
  gui: trigger services start for ps2 devices
2020-09-30 02:10:39 +02:00
Frédéric Pierret (fepitre)
7ee877caa0 gui: add --all and --dom0 to qubes-input-trigger script 2020-09-26 14:36:21 +02:00
Marek Marczykowski-Górecki
bc26e74339
ext: support for non-service feature advertisement
Add an API for VMs to announce support for non-service features. This is
very similar to supported-service.* features, but applies to non-service
features. This may be also used for announcing support for features that
do not use qvm-features framework itself - for example some VM kernel
features, installed drivers, packages etc.

QubesOS/qubes-issues#6030
2020-09-23 01:16:38 +02:00
Frédéric Pierret (fepitre)
f744d89803
gui: adapt trigger for dom0 input devices 2020-09-21 14:10:14 +02:00
herypt
80ecee51db
Set apparmor feature when template advertises support for it 2020-09-02 15:07:30 +02:00
Frédéric Pierret (fepitre)
480aeee9de
gui: trigger services start for ps2 devices 2020-08-30 23:27:17 +02:00
Marek Marczykowski-Górecki
1500ed8fcb
Make pylint happy
- ignore raise-missing-from
- fix super-with-arguments
2020-08-23 02:55:40 +02:00
Marta Marczykowska-Górecka
6b9528316f
Replaced error on nonexisting label name with a more descriptive one
Instead of unintuitive Value Error now we have dedicated QubesLabelNotFoundError.
Goal: to make qvm-prefs be less strange when one mixes up gray and grey again.
2020-08-23 01:58:43 +02:00
Marta Marczykowska-Górecka
b506586089
Fixed grey label color value causing accidental green icons
fixes QubesOS/qubes-issues#3471
2020-08-23 01:58:43 +02:00
Marek Marczykowski-Górecki
ed5b908371
tests: fix duplicated entries in TestVMsCollection
Deduplicate entries when iterating over TestVMsCollection values. Some
tests add given VM multiple times, to have it available under different
kind of keys (name, uuid etc) - similar to the real VMsCollection.
2020-08-12 02:01:31 +02:00
Marek Marczykowski-Górecki
24e0ddd7ab
Merge remote-tracking branch 'origin/pr/365'
* origin/pr/365:
  Added icon property to AdminVM
2020-08-12 01:26:29 +02:00
Marek Marczykowski-Górecki
f2b047c47e
Merge remote-tracking branch 'origin/pr/254'
* origin/pr/254:
  vm: allow StandaloneVM to be a DVM template
  vm: do not allow setting template_for_dispvms=False if there are any DispVMs
  vm: move DVM template specific code into separate mixin
2020-08-12 01:25:57 +02:00
Marek Marczykowski-Górecki
74725b584a
Merge branch 'test-fixes20200806'
* test-fixes20200806:
  tests/extra: add vm.run(..., gui=) argument
  tests: collect detailed diagnostics on failure
  tests: workaround a race in qrexec test
  tests: fix audio recording test
  tests: make qvm-sync-clock test more reliable
2020-08-12 01:25:27 +02:00
Marek Marczykowski-Górecki
c425df6c57
tests/extra: add vm.run(..., gui=) argument
A convenient (and compatible) option to wait for user session before
starting the command.
2020-08-11 02:04:32 +02:00
Marek Marczykowski-Górecki
46cc4ca910
tests: collect detailed diagnostics on failure
Help debugging test failures by collecting detailed information on
failure. It will be logger to the standard logger, which will end up
either on stderr or in journalctl.
2020-08-08 20:36:42 +02:00
Marek Marczykowski-Górecki
8b076dfe5f
tests: workaround a race in qrexec test
qrexec-client-vm may return earlier than it's child process (it exits
right away, without waiting for its child). Add a small wait before
reading exit code from a file.
2020-08-08 19:22:26 +02:00
Marek Marczykowski-Górecki
6d50546bd0
Merge branch 'paranoid-restore'
* paranoid-restore:
  tests: paranoid backup restore
  Add policy for paranoid mode backup restore
  Add an extension preventing starting a VM while it's being restored
  Add support for 'tag-created-vm-with' feature
2020-08-07 02:02:32 +02:00
Marek Marczykowski-Górecki
1abf949faf
tests: fix audio recording test
To calculate frequency it needs to use samples per second (44100), not
samples pre recording lenght. This caused shorter recordings to not fit
into the margin.
2020-08-07 01:55:10 +02:00
Marta Marczykowska-Górecka
ebb1cf6e78
Added icon property to AdminVM
To provide greater visual distinctiveness to AdminVMs, now they will
have their own icons.

requires https://github.com/QubesOS/qubes-artwork/pull/20
fixes QubesOS/qubes-issues#3853
2020-08-06 21:40:07 +02:00
Marek Marczykowski-Górecki
2a1e5a2af9
Merge remote-tracking branch 'origin/pr/363'
* origin/pr/363:
  vm/adminvm: adjust exception raised by AdminVM.start()
2020-08-06 05:42:07 +02:00
Marek Marczykowski-Górecki
512ff8e8b8
Merge remote-tracking branch 'origin/pr/362'
* origin/pr/362:
  Fixed property-reset event not firing for default_dispvm global property
2020-08-06 05:41:30 +02:00
Marek Marczykowski-Górecki
117724a772
tests: paranoid backup restore
QubesOS/qubes-issues#5310
2020-08-06 04:23:04 +02:00
Marek Marczykowski-Górecki
3815e0b5cf
tests: make qvm-sync-clock test more reliable
Compare the time with the "current" time retrieved from ClockVM just
before comparing, not with the test start time. This should work even if
the test machine is quite slow (test taking more than 30s).
2020-08-06 03:27:40 +02:00
3hhh
9e26bfd432
tests/lvm & callback: remove explicit class references 2020-08-05 16:56:02 +02:00
Marek Marczykowski-Górecki
0eb458109c
vm/adminvm: adjust exception raised by AdminVM.start()
Behave like any other running domain - raise
qubes.exc.QubesVMNotHaltedError instead of generic
qubes.exc.QubesVMError.
2020-08-05 04:38:59 +02:00
Marta Marczykowska-Górecka
f35a7a78b3
Fixed property-reset event not firing for default_dispvm global property
fixes QubesOS/qubes-issues#5977
2020-08-03 22:12:02 +02:00
Marek Marczykowski-Górecki
2cdba05c99
Add an extension preventing starting a VM while it's being restored
Do not allow starting a VM while the restoring management VM has still
control over it. Specifically, that restoring VM will not be able to
start just restored VM.

QubesOS/qubes-issues#5310
2020-08-03 04:38:11 +02:00
Marek Marczykowski-Górecki
6f87f310db
Add support for 'tag-created-vm-with' feature
When a VM with 'tag-created-vm-with' feature set creates a VM (using
Admin API), that VM will get all the tags listed in the feature.
Multiple tags can be separated with spaces.

This will be useful to tag VMs created during paranoid mode backup
restore.

QubesOS/qubes-issues#5310
2020-08-03 04:38:11 +02:00
3hhh
b95339ea27
storage/callback: remove the "word of caution"
As discussed in the PR, sync code will not be interrupted when run from
async code as long as Qubes OS doesn't run dedicated threads for async
& sync code. So there's simply no issue to be expected and thus no special
caution required.
2020-08-01 10:04:27 +02:00
3hhh
b9b86976f3
storage/callback: comment fixes 2020-07-29 19:45:35 +02:00
3hhh
2487d86c72
storage/callback: add the config ID as callback argument 2020-07-29 17:30:47 +02:00
3hhh
536e12d80c
storage/callback: some callbacks added & removed
Added:
post_volume_create & post_volume_import as requested by Marek

Removed:
post_ctor as this wasn't really useful anyway, but required a lot of
sync code. Without it, some refactoring & potential async improvements
became possible.
2020-07-29 17:06:23 +02:00
3hhh
fd3a56e0cb
tests/lvm & callback: Refactoring
Mostly to avoid re-writing storage_lvm globals in storage_callback
tests.
2020-07-28 18:44:16 +02:00
3hhh
3db5e9f8bf
Revert "storage/callback: do not run sync code async"
This reverts commit 287a4a0429.

As Marek correctly pointed out, sync functions cannot be run async against one another even if run inside an async function
(the python interpreter will remain active until the next yield and that's at the end of the sync func / inside the async function).
--> So there's no need for a lock.

I still cannot protect against assumptions made by sync code authors about blocking the Qubes OS main loop. Those will be broken.

Moreover the code of this commit was botched anyway.
2020-07-28 18:42:02 +02:00
Paweł Marczewski
4acf69e8ec
Add power state to get_system_info
For qrexec policy, to implement 'autostart'
(see QubesOS/qubes-issues#5952).
2020-07-23 13:32:16 +02:00
3hhh
fdceb064fe
tests/callback: ensure missing conf causes errors 2020-07-19 09:06:23 +02:00
3hhh
287a4a0429
storage/callback: do not run sync code async 2020-07-18 12:47:22 +02:00
3hhh
a53781b114
tests/callback: added callback-specific tests
This involved some further generalisation of the lvm tests.
2020-07-17 14:38:06 +02:00
3hhh
56c8d9d039
storage/callback: async Volume.export() & added Volume.export_end()
Fixes QubesOS/qubes-issues#5935
2020-07-16 17:02:19 +02:00
3hhh
42d62bb47e
storage/lvm: make the "hack" work with CallbackPool instances
CallbackPool instances are no ThinPool instances, but behave
identically, if their backend driver is a ThinPool instance.
2020-07-16 14:31:04 +02:00
3hhh
409ea88a66
storage/callback: add the backend_class property
This should be useful for devs to inspect the Callback* classes.
2020-07-16 14:31:04 +02:00
3hhh
e5838dbd97
storage/callback: various fixes
- Removed all own class attributes to avoid name clashes with delegated
class attributes.
- Implemented the previously missing Pool.usage_details property.
- Shadowed all class attributes as instance properties. This is required
as the parent classes enforce the class attributes upon the
CallbackPool & CallbackVolume classes, but they need to be delegated to
the class of the _cb_impl object. We also cannot implement them as class
attributes in CallbackVolume & CallbackPool as they need to work for
arbitrary backend drivers and two backend drivers must not interfere with
each other. Possible alternative: One could dynamically create classes.
2020-07-16 14:31:03 +02:00
3hhh
d9f1bced22
tests/callback: add rudimentary tests for the callback driver 2020-07-16 14:31:03 +02:00
3hhh
fe27b2a1eb
tests/lvm: make the tests re-usable for other drivers
in particular for the callback driver tests
2020-07-16 14:31:03 +02:00
3hhh
43fca80a5b
storage/callback: fix issues detected by pylint 2020-07-16 14:31:03 +02:00
3hhh
529e4bfbbf
storage/callback: volume callbacks now also rceive the source volume
as argument (if there's any)

This is useful for disposable VMs to identify from which template they
originate.
2020-07-16 14:31:03 +02:00
3hhh
57e7a02912
storage/callback: add a post_volume_start callback 2020-07-16 14:31:03 +02:00
3hhh
bf8ece8a0c
storage/callback: more succinct callback names
[pre|post]_[operation] should be more clear than
on_[operation]
2020-07-16 14:31:03 +02:00
3hhh
9de54ab242
storage/callback: make CallbackVolume a Volume
Unfortunately this appears to be necessary due to
various Qubes OS `assert` checks and to get `__str__()` et al
from the super class. It also means that we have to implement
all methods of the super class (in the future as well).
2020-07-16 14:31:03 +02:00
3hhh
178d4dd997
storage/callback: enforce CallbackPool as the pool attribute of delegated volumes
This fixes a bug preventing the use of the callback pool driver
with disposable VMs.
2020-07-16 14:31:03 +02:00
3hhh
caddc1c499
storage/callback: pylint: disable line-too-long 2020-07-16 14:31:03 +02:00
3hhh
889c9238fe
storage/callback: asyncio implementation 2020-07-16 14:31:03 +02:00
3hhh
170e5f5d7a
storage/callback: fix the rpm build 2020-07-16 14:31:03 +02:00
3hhh
eee800366d
storage/tests: expect the callback pool driver 2020-07-16 14:31:03 +02:00
3hhh
dab41ddcf7
storage/callback: comments 2020-07-16 14:31:03 +02:00
3hhh
a00b2d563a
storage/callback: use Qubes exceptions 2020-07-16 14:31:03 +02:00
3hhh
49dd8250c5
storage/callback: added sphinx attribute comments 2020-07-16 14:31:03 +02:00
3hhh
bbb596e3ee
storage/callback: initialize logger in __init__ 2020-07-16 14:31:02 +02:00
3hhh
5530265b27
storage/callback: make pylint happy 2020-07-16 14:31:02 +02:00
3hhh
efa0d7c257
storage/callback: more readable bash invocation 2020-07-16 14:31:02 +02:00
3hhh
746697ad2c
storage: added the callback pool driver 2020-07-16 14:31:02 +02:00
Marek Marczykowski-Górecki
784878f1f7
Merge remote-tracking branch 'origin/pr/359'
* origin/pr/359:
  Add tests for vm.volume.Clear.
  Use self.dest.storage.import* wrappers instead.
  Add admin.vm.volume.Clear call (QubesOS/qubes-issues#5946)
2020-07-16 03:44:46 +02:00
WillyPillow
be69d8ddb7
Add tests for vm.volume.Clear. 2020-07-16 00:39:16 +08:00
WillyPillow
56fbf108f8
Use self.dest.storage.import* wrappers instead. 2020-07-16 00:38:02 +08:00
Marek Marczykowski-Górecki
f30eebc40e
Merge branch 'devel20200705'
* devel20200705:
  tests: skip gnome-terminal on xfce template flavor
  tests: fix FD leak in qrexec test
  tests: switch default LVM pool to qubes_dom0/vm-pool
  backup: fix error handler for scrypt errors
  Adjust code for possibly coroutine Volume.export() and Volume.export_end()
  storage: add Volume.export_end() function
  backup: add support for calling a function after backing up a file/volume
  backup: call volume.export() just before actually extracting it
  vm/dispvm: place all volumes in the same pool as DispVM's template
  tests: extend TestPool storage driver to make create_on_disk working
  storage: pass a copy of volume_config to pool.init_volume
  tests: cleanup properly in wait_on_fail decorator
2020-07-15 16:22:08 +02:00
Marek Marczykowski-Górecki
01b33e58d7
Merge remote-tracking branch 'origin/pr/350'
* origin/pr/350:
  Changed feature keyboard_layout to a property
2020-07-15 16:21:38 +02:00
Marek Marczykowski-Górecki
6adf56f4ba
Merge remote-tracking branch 'origin/pr/355'
* origin/pr/355:
  Removed unused vm.icon_path property
2020-07-15 16:19:53 +02:00
Marek Marczykowski-Górecki
4c0f8bc24c
tests: skip gnome-terminal on xfce template flavor
It isn't installed there.
2020-07-14 20:17:41 +02:00
Marta Marczykowska-Górecka
bed8e578d7
Removed unused vm.icon_path property
The property was not used for anything, but caused numerous
problems due to symlinks.

fixes QubesOS/qubes-issues#5934
2020-07-14 17:52:09 +02:00
Marta Marczykowska-Górecka
06e2d14a97
Changed feature keyboard_layout to a property
Purpose: make it easier to implement more robust keyboard layout tools and
propagation.

references QubesOS/qubes-issues#1396
references QubesOS/qubes-issues#4294
2020-07-14 01:32:55 +02:00
Marek Marczykowski-Górecki
80c0a0caa8
tests: fix FD leak in qrexec test
Terminate dangling process to avoid FD leak (detected by test cleanup
code).
2020-07-14 01:15:45 +02:00
WillyPillow
5c7b57e690
Add admin.vm.volume.Clear call (QubesOS/qubes-issues#5946) 2020-07-14 01:52:50 +08:00
Marek Marczykowski-Górecki
e13fde07fd
Merge remote-tracking branch 'origin/pr/358'
* origin/pr/358:
  vm: emit property-reset:stubdom_xid event on domain start/stop too
2020-07-10 11:06:00 +02:00
Marek Marczykowski-Górecki
7dfaef35cd
Merge remote-tracking branch 'origin/pr/352'
* origin/pr/352:
  audio: set sink volume to workaround alsa save/restore issue
  audio: increase timeout to match hvm loading
  audio: auxiliary pauses should be harmless now, place them back just in case
  audio: add silence threshold
  audio: unload guest' module-vchan-sink in hvm tests
  audio: fix prepare_audio_vm
  audio: do not use pacat on copying audio_in.raw
  Audio: rework audio tests
2020-07-10 11:05:46 +02:00
Marek Marczykowski-Górecki
4a2e0bc734
tests: switch default LVM pool to qubes_dom0/vm-pool
This is now the installer default. Anyway, it is still possible to
override it with an environment variable.
2020-07-09 02:52:59 +02:00
Marek Marczykowski-Górecki
bd6d71a555
vm: emit property-reset:stubdom_xid event on domain start/stop too
Similart to property-reset:xid, emit property-reset:stubdom_xid when
domain is started/stopped. This allows client side of the Admin API
(qubes-core-admin-client) to invalidate the cache when necessary.

Found by audio tests: #352
2020-07-08 12:54:35 +02:00
Marek Marczykowski-Górecki
8a04abe4b1
backup: fix error handler for scrypt errors
process started via asyncio needs also stderr access via asyncio.
2020-07-08 12:50:10 +02:00
Marek Marczykowski-Górecki
0bccddf1f5
Adjust code for possibly coroutine Volume.export() and Volume.export_end()
Now Volume.export() may be a coroutine and also may be accompanied by
Volume.export_end() cleaning up after it.

See previous commits for building blocks for this.

This commit adjusts usage of Volume.export() and adds matching
Volume.export_end() throughout the code base.

Fixes QubesOS/qubes-issues#5935
2020-07-08 12:50:10 +02:00
Dmitry Fedorov
0cf5fe55c2
audio: set sink volume to workaround alsa save/restore issue 2020-07-08 13:18:38 +03:00
Dmitry Fedorov
2fe57b6281
audio: increase timeout to match hvm loading 2020-07-08 13:02:51 +03:00
Marek Marczykowski-Górecki
d96480719f
storage: add Volume.export_end() function
This is a counterpart to Volume.export(). Up until now, no driver needed
any cleanup after exporting data, but it doesn't mean there won't be
any. This is especially relevant because Volume.export() is supposed to
return a path of a snapshot from before VM start - which may be a
different one than currently active one.

QubesOS/qubes-issues#5935
2020-07-08 06:05:02 +02:00
Marek Marczykowski-Górecki
f48327f636
backup: add support for calling a function after backing up a file/volume
When Volume.export is called late and can be also a coroutine, it may
make sense to also have a cleanup function for changes made by it.
This commit only adjust backup code internals, but doesn't call
appropriate Volume function yet.

QubesOS/qubes-issues#5935
2020-07-08 06:05:02 +02:00
Marek Marczykowski-Górecki
ebd0ca7e79
backup: call volume.export() just before actually extracting it
There are two reasons for this:
 - call it from a coroutine, allowing export() itself be a coroutine
 - avoid calling export() when only collecting preliminary backup
   summary

Both needs some more changes in other parts of the codebase to be useful
(see next commits).
This will be especially useful when export() will need to make some
changes (like, create a snapshot, mount something etc).

QubesOS/qubes-issues#5935
2020-07-08 06:05:02 +02:00
Marek Marczykowski-Górecki
8b760451a6
vm/dispvm: place all volumes in the same pool as DispVM's template
Make all volume's pool controlled by DisposableVM Template. This
specifically makes DispVM's volatile volume to be placed directly in the
same pool as its template.

Fixes QubesOS/qubes-issues#5933
2020-07-08 06:05:01 +02:00
Marek Marczykowski-Górecki
410a0728cc
tests: extend TestPool storage driver to make create_on_disk working
Add dummy TestVolume with empty create() method. Other core code
requires also TestPool.get_volume implemented, so add that too (naive
version remembering instances returned from TestPool.init_volume).
2020-07-08 06:05:01 +02:00
Marek Marczykowski-Górecki
d9d55b0586
storage: pass a copy of volume_config to pool.init_volume
Avoid local modification in a pool's init_volume influence
vm.volume_config. Currently every pool driver replaces
volume_config['pool'] with a pool object (instead of name) and it leads
to confusing cases where depending on start stage, it is sometimes an
object and sometimes a string.
Additionally, some pool drivers may modify volume_config in unexpected
way - for example test pool driver removes 'pool' entry entirely. Avoid
this fragile interface by giving pool driver a copy of volume_config,
instead of vm.volume_config directly.

Note one side effect is that 'vid' (and other pool-specific parameters)
is not set into vm.volume_config directly after creating a VM, but
possibly only after loading from XML. This should not be an issue in
theory (no core code should expect it), but if some place use
volume_config instead of Volume instance for getting pool-specific
options, it should be fixed.
2020-07-08 06:05:01 +02:00
Marek Marczykowski-Górecki
e38265501c
tests: cleanup properly in wait_on_fail decorator
Close transport used to wait for user input, otherwise all further tests
would fail on cleanup (FD leak detected). This in practice is only
useful when using wait_on_fail decorator without --failfast option.
2020-07-08 06:05:01 +02:00
Rusty Bird
1b09528740
storage/reflink: clarify comment 2020-07-07 16:25:48 +00:00
Rusty Bird
e188b93c95
storage: move @locked from lvm to Volume base class
And use it in reflink, instead of a synchronous lock.
2020-07-07 15:39:08 +00:00
Rusty Bird
a1b5262426
storeage/reflink: unlock size getter
Don't update _size in the getter, so it can be unlocked (which is
helpful for QubesOS/qubes-issues#5935).

!!! If cherry-picking for release4.0, also adjust import_data() to !!!
!!! use self.size (no underscore) instead of self._get_size()      !!!
2020-07-07 15:39:06 +00:00
Rusty Bird
b98c1814ee
storage/reflink: update _size during volatile volume stop 2020-07-07 15:39:05 +00:00
Marek Marczykowski-Górecki
d0f619d3c6
Merge branch 'tests-extra-fix' 2020-06-24 18:02:35 +02:00
Dmitry Fedorov
a27a8edf88
audio: auxiliary pauses should be harmless now, place them back just in case 2020-06-24 15:22:34 +03:00