Startsida Utforska Hjälp
Logga in
Qubes
/
core-admin
2
0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Träd: 698bcc27ab
Grenar Taggar
core-admin
/
qubes-rpc
/
admin.vm.volume.Import

admin.vm.volume.Import 2.2 KB
Historik

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758 
  1. #!/bin/sh
    2. 

  2. #
    3. 

  3. # This Admin API call is implemented as a custom script, instead of dumb
    4. 

  4. # passthrough to qubesd because it may get huge amount of data (whole root.img
    5. 

  5. # for example). qubesd cannot handle it because:
    6. 

  6. #  1. It loads the whole payload into memory, before even start looking at it
    7. 

  7. #     (and later, do not allow to modify/append it).
    8. 

  8. #  2. There is 64kB limit on payload size that qubesd can handle (because of
    9. 

  9. #     point 1).
    10. 

  10. #  3. Performance reasons (qubesd is not optimized for performance, passing
    11. 

  11. #     such large data stream through it would take ages).
    12. 

  12. #
    13. 

  13. # The whole admin.vm.volume.Import consists of:
    14. 

  14. #    1. Permissions checks, getting a path from appropriate storage pool (done
    15. 

  15. #       by qubesd)
    16. 

  16. #    2. Actual data import (done by this script, using dd)
    17. 

  17. #    3. Report final result, produce final response to the caller (done by
    18. 

  18. #       qubesd)
    19. 

  19. #    
    20. 

  20. #    This way we do not pass all the data through qubesd, but still can
    21. 

  21. #    control the process from there in a meaningful way. Note that the last
    22. 

  22. #    part (second call to qubesd) may perform all kind of verification (like
    23. 

  23. #    a signature check on the data, or so) and can also prevent VM from
    24. 

  24. #    starting (hooking also domain-pre-start event) from not verified image.
    25. 

  25. 

  26. set -e
    27. 

  27. 

  28. # use temporary file, because env variables deal poorly with \0 inside
    29. 

  29. tmpfile=$(mktemp)
    30. 

  30. trap "rm -f $tmpfile" EXIT
    31. 

  31. qubesd-query -e \
    32. 

  32.         "$QREXEC_REMOTE_DOMAIN" \
    33. 

  33.         "admin.vm.volume.Import" \
    34. 

  34.         "$QREXEC_REQUESTED_TARGET" \
    35. 

  35.         "$1" >$tmpfile
    36. 

  36. 

  37. # exit if qubesd returned an error (not '0\0')
    38. 

  38. if [ "$(head -c 2 $tmpfile | xxd -p)" != "3000" ]; then
    39. 

  39.     cat "$tmpfile"
    40. 

  40.     exit 1
    41. 

  41. fi
    42. 

  42. size=$(tail -c +3 "$tmpfile"|cut -d ' ' -f 1)
    43. 

  43. path=$(tail -c +3 "$tmpfile"|cut -d ' ' -f 2)
    44. 

  44. 

  45. # now process stdin into this path
    46. 

  46. if sudo dd bs=128K of="$path" count="$size" iflag=count_bytes,fullblock \
    47. 

  47.         conv=sparse,notrunc,nocreat,fdatasync status=none; then
    48. 

  48.     status="ok"
    49. 

  49. else
    50. 

  50.     status="fail"
    51. 

  51. fi
    52. 

  52. 

  53. # send status notification to qubesd, and pass its response to the caller
    54. 

  54. echo -n "$status" | qubesd-query -c /var/run/qubesd.internal.sock \
    55. 

  55.     "$QREXEC_REMOTE_DOMAIN" \
    56. 

  56.     "internal.vm.volume.ImportEnd" \
    57. 

  57.     "$QREXEC_REQUESTED_TARGET" \
    58. 

  58.     "$1"
    59.