This avoids XML-injection by a malformed property value. If a property
value is controlled by a less privileged entity (like Management VM), it
could lead to a privilege escalation.
Reported by @DemiMarie
umask() modifies the whole process, which could lead to odd permission
problems in concurrent code. Use explicit fchmod() calls instead.
Preserve the legacy storage/file behavior of creating files 0o664 in
FileVolume.create() and 0o644 (from the normal qubesd umask) otherwise.
Get rid of an otherwise unused module-level variable (HOST_MACHINE), and
show the relevant file (reflink.py) in the error message:
Traceback (most recent call last):
File "/usr/bin/qubesd", line 2, in <module>
from qubes.tools.qubesd import main
File "/usr/lib/python3.8/site-packages/qubes/__init__.py", line 801, in <module>
from qubes.app import Qubes
File "/usr/lib/python3.8/site-packages/qubes/app.py", line 64, in <module>
import qubes.storage.reflink
File "/usr/lib/python3.8/site-packages/qubes/storage/reflink.py", line 46, in <module>
FICLONE = {
KeyError: 'armv7l'
qubesd.service: Main process exited, code=exited, status=1/FAILURE
* origin/pr/389:
app: save qubes.xml with utils.replace_file()
app: use suppress() in simple cases
firewall: save firewall.xml with utils.replace_file()
utils: take tweaked helper functions from storage/reflink
storage/reflink: quote logged filenames
'with (yield from alock):' is incompatible with Python 3.9+.
Change it to 'async with alock:', and then change the affected functions
to 'async def'.
This makes the test suite pass again in a Fedora 33 VM.
QubesOS/qubes-issues#2738
is_dirty() returned a false positive if the volume was merely the source
of a currently running volume. For example, if fedora-33:root was the
source volume for myappvm:root and myappvm was running - then is_dirty()
returned True for fedora-33:root, because fedora-33/root-cow.img
contains some allocated blocks (one 256 KiB chunk containing only the
header) in this scenario, even though fedora-33 is shut down.
FixesQubesOS/qubes-issues#6371
replace_file(), rename_file(), and remove_file() now have optional
'logger' and 'log_level' (defaulting to DEBUG) arguments.
replace_file() now has a required 'permissions' and an optional
'close_on_success' (defaulting to True) argument. Also, it doesn't
create any directories; and in case of an exception, the tempfile is
removed even when closing it raises another exception.
remove_file() now returns a value: True if the file was removed, or
False if it already didn't exist.
(fsync_path() is unchanged.)
!!! After cherry-picking for release4.0, consider a fixup !!!
!!! adding 'import qubes.utils' to storage/reflink there !!!
Add support for blocking shutdown call. This adds a symmetry to
admin.vm.Start call which is blocking.
Since the admin.vm.Shutdown has established semantic already, add a
'wait' parameter. It can be combined with 'force' as 'force+wait' (or
the other way around).
Fedora compresses the kernel with zstd now, which isn't suppported in
grub (as of 2.04). Since we don't care about PV that much anymore,
simply skip the test there.
* origin/pr/354: (35 commits)
tests/lvm: re-introduce POOL_CONF
tests/lvm & callback: remove explicit class references
storage/callback: remove the "word of caution"
storage/callback: comment fixes
storage/callback: add the config ID as callback argument
storage/callback: some callbacks added & removed
tests/lvm & callback: Refactoring
Revert "storage/callback: do not run sync code async"
tests/callback: ensure missing conf causes errors
storage/callback: do not run sync code async
tests/callback: added callback-specific tests
storage/callback: async Volume.export() & added Volume.export_end()
storage/lvm: make the "hack" work with CallbackPool instances
storage/callback: add the backend_class property
tests/callback: add them to the rpm build
storage/callback: various fixes
tests/callback: add rudimentary tests for the callback driver
tests/lvm: make the tests re-usable for other drivers
storage/callback: fix issues detected by pylint
storage/callback: volume callbacks now also rceive the source volume as argument (if there's any)
...
* origin/pr/375:
Fix line lengths
Return better error messages from file pool
Fix bugs found by Rusty Bird
Fix export locking
Re-add dirty check in case qubesd is restarted
File volumes are started NAND exported
file pool: snapshotting dirty volume not supported
Always snapshot in the FILE pool
* tests20201030:
tests: fix test_550_ipv6_spoof_ip
tests: wait for full VM startup before testing network and few other
tests: fix logging network info on failed test
tests: use dup-ed stdin in wait_on_fail
tests: add PVH grub2 tests
tests: adjust for applications list stored in features dict
tests: remove test_030_clone
tests: make sure dnsmasq is stopped before starting it again
tests: fail the test early if VM fails to start