Commit Graph

13 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
e5ad26c090
qubespolicy: make pylint happy
This include refactoring out one-function-class GtkIconGetter.

QubesOS/qubes-issues#910
2017-04-07 17:07:30 +02:00
Marek Marczykowski-Górecki
a3da85bfda
qubespolicy: run GUI code inside user session and expose it as dbus object
This way it will work independently from where qrexec-policy tool will
be called (in most cases - from a system service, as root).
This is also very similar architecture to what we'll need when moving to
GUI domain - there GUI part will also be separated from policy
evaluation logic.

QubesOS/qubes-issues#910
2017-04-07 17:07:30 +02:00
Marek Marczykowski-Górecki
4d3f539f7f
qubespolicy: plug GUI code into qrexec-policy tool
Fixes QubesOS/qubes-issues#910
2017-04-07 17:07:30 +02:00
Marek Marczykowski-Górecki
6c3410377d
rpc-window: adjust for qubespolicy API
- drop qid usage - it isn't really needed, especially for to-be-created
  DispVMs
- use "domains_info" dict as input, instead of loading qubes.xml
  directly
- nicely format "Disposable VM" entries
- simplify whitelist/blacklist handling - since qrexecpolicy always
  provide a list of allowed choices, use just that

Important note: there are two names concepts:
1. Display name - name of VM, or in case of to-be-created DispVMs - a
string "Disposable VM (name-of-base-vm)"
2. API name - as in qrexec policy - $dispvm:name-of-base-vm for new
DispVMs

Externally at API level (allowed targets list, return value), API name
is used, but internally VMListModeler._entries is still indexed with
display names. This is done for more efficient (and readable) GUI
handling - because most of the time it's searched for what user have
entered.

QubesOS/qubes-issues#910
2017-04-07 17:07:29 +02:00
Marek Marczykowski-Górecki
b1dbc0647f
rpc-window: use pkg_resources for glade file
This is more canonical way for accessing data files.

QubesOS/qubes-issues#910
2017-04-07 17:07:29 +02:00
Marek Marczykowski-Górecki
067940f5aa
rpc-window: use 'edit-find' icon if no other is found
'gnome-foot' icon is not present in Adwaita theme.

QubesOS/qubes-issues#910
2017-04-07 17:07:29 +02:00
Marek Marczykowski-Górecki
20a1853f3f
rpc-window: adjust for python3
dict.keys() is not indexable.

QubesOS/qubes-issues#910
2017-04-07 17:07:28 +02:00
Marek Marczykowski-Górecki
ab1bd77b45
rpc-window: code style adjustments
QubesOS/qubes-issues#910
2017-04-07 17:07:28 +02:00
Marek Marczykowski-Górecki
b3ceb2d7fa
Import new rpc confirmation window code
Import unmodified implementation done by @boring-stuff.
Full history for reference is available in rpc-confirmation-window
branch.

QubesOS/qubes-issues#910
2017-04-07 17:07:28 +02:00
Marek Marczykowski-Górecki
83526a28d3
qubesd: add second socket for in-dom0 internal calls
This socket (and commands) are not exposed to untrusted input, so no
need to extensive sanitization. Also, there is no need to provide a
stable API here, as those methods are used internally only.

QubesOS/qubes-issues#853
2017-04-07 17:07:28 +02:00
Marek Marczykowski-Górecki
c9b5d0ab15
policy: qrexec-policy cli tool
This is the tool called by qrexec-daemon.
2017-04-06 15:43:17 +02:00
Marek Marczykowski-Górecki
564408eb3f
tests: qubespolicy tests
Fixes QubesOS/qubes-issues#2460
2017-04-06 15:43:17 +02:00
Marek Marczykowski-Górecki
e705a04cc5
qubespolicy: initial version for core3
This is rewritten version of core-admin-linux/qrexec/qrexec-policy.

It's placed outside of `qubes` module on purpose - to avoid imporing it,
which require a lot of time.

QubesOS/qubes-issues#865
QubesOS/qubes-issues#910
2017-04-06 15:43:17 +02:00