| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920 |
- #!/usr/bin/python2
- # -*- coding: utf-8 -*-
- #
- # The Qubes OS Project, http://www.qubes-os.org
- #
- # Copyright (C) 2010 Joanna Rutkowska <joanna@invisiblethingslab.com>
- # Copyright (C) 2013 Marek Marczykowski <marmarek@invisiblethingslab.com>
- #
- # This program is free software; you can redistribute it and/or
- # modify it under the terms of the GNU General Public License
- # as published by the Free Software Foundation; either version 2
- # of the License, or (at your option) any later version.
- #
- # This program is distributed in the hope that it will be useful,
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- # GNU General Public License for more details.
- #
- # You should have received a copy of the GNU General Public License
- # along with this program; if not, write to the Free Software
- # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- #
- #
- import datetime
- import logging
- import lxml.etree
- import os
- import os.path
- import re
- import shutil
- import subprocess
- import sys
- import time
- import uuid
- import xml.parsers.expat
- from qubes import qmemman
- from qubes import qmemman_algo
- import libvirt
- import warnings
- from qubes.qubes import dry_run,vmm
- from qubes.qubes import register_qubes_vm_class
- from qubes.qubes import QubesVmCollection,QubesException,QubesHost,QubesVmLabels
- from qubes.qubes import defaults,system_path,vm_files,qubes_max_qid
- qmemman_present = False
- try:
- from qubes.qmemman_client import QMemmanClient
- qmemman_present = True
- except ImportError:
- pass
- import qubes.qubesutils
- xid_to_name_cache = {}
- class QubesVm(object):
- """
- A representation of one Qubes VM
- Only persistent information are stored here, while all the runtime
- information, e.g. Xen dom id, etc, are to be retrieved via Xen API
- Note that qid is not the same as Xen's domid!
- """
- # In which order load this VM type from qubes.xml
- load_order = 100
- # hooks for plugins (modules) which want to influence existing classes,
- # without introducing new ones
- hooks_clone_disk_files = []
- hooks_create_on_disk = []
- hooks_create_qubesdb_entries = []
- hooks_get_attrs_config = []
- hooks_get_clone_attrs = []
- hooks_get_config_params = []
- hooks_init = []
- hooks_label_setter = []
- hooks_netvm_setter = []
- hooks_post_rename = []
- hooks_pre_rename = []
- hooks_remove_from_disk = []
- hooks_start = []
- hooks_verify_files = []
- hooks_set_attr = []
- def get_attrs_config(self):
- """ Object attributes for serialization/deserialization
- inner dict keys:
- - order: initialization order (to keep dependency intact)
- attrs without order will be evaluated at the end
- - default: default value used when attr not given to object constructor
- - attr: set value to this attribute instead of parameter name
- - eval: (DEPRECATED) assign result of this expression instead of
- value directly; local variable 'value' contains
- attribute value (or default if it was not given)
- - func: callable used to parse the value retrieved from XML
- - save: use evaluation result as value for XML serialization; only attrs with 'save' key will be saved in XML
- - save_skip: if present and evaluates to true, attr will be omitted in XML
- - save_attr: save to this XML attribute instead of parameter name
- """
- attrs = {
- # __qid cannot be accessed by setattr, so must be set manually in __init__
- "qid": { "attr": "_qid", "order": 0 },
- "name": { "order": 1 },
- "uuid": { "order": 0, "eval": 'uuid.UUID(value) if value else None' },
- "dir_path": { "default": None, "order": 2 },
- "conf_file": {
- "func": lambda value: self.absolute_path(value, self.name +
- ".conf"),
- "order": 3 },
- ### order >= 10: have base attrs set
- "firewall_conf": {
- "func": self._absolute_path_gen(vm_files["firewall_conf"]),
- "order": 10 },
- "installed_by_rpm": { "default": False, 'order': 10 },
- "template": { "default": None, "attr": '_template', 'order': 10 },
- ### order >= 20: have template set
- "uses_default_netvm": { "default": True, 'order': 20 },
- "netvm": { "default": None, "attr": "_netvm", 'order': 20 },
- "label": { "attr": "_label", "default": defaults["appvm_label"], 'order': 20,
- 'xml_deserialize': lambda _x: QubesVmLabels[_x] },
- "memory": { "default": defaults["memory"], 'order': 20 },
- "maxmem": { "default": None, 'order': 25 },
- "pcidevs": {
- "default": '[]',
- "order": 25,
- "func": lambda value: [] if value in ["none", None] else
- eval(value) if value.find("[") >= 0 else
- eval("[" + value + "]") },
- "pci_strictreset": {"default": True},
- # Internal VM (not shown in qubes-manager, doesn't create appmenus entries
- "internal": { "default": False, 'attr': '_internal' },
- "vcpus": { "default": None },
- "uses_default_kernel": { "default": True, 'order': 30 },
- "uses_default_kernelopts": { "default": True, 'order': 30 },
- "kernel": {
- "attr": "_kernel",
- "default": None,
- "order": 31,
- "func": lambda value: self._collection.get_default_kernel() if
- self.uses_default_kernel else value },
- "kernelopts": {
- "default": "",
- "order": 31,
- "func": lambda value: value if not self.uses_default_kernelopts\
- else defaults["kernelopts_pcidevs"] if len(self.pcidevs)>0 \
- else defaults["kernelopts"] },
- "mac": { "attr": "_mac", "default": None },
- "include_in_backups": {
- "func": lambda x: x if x is not None
- else not self.installed_by_rpm },
- "services": {
- "default": {},
- "func": lambda value: eval(str(value)) },
- "debug": { "default": False },
- "default_user": { "default": "user", "attr": "_default_user" },
- "qrexec_timeout": { "default": 60 },
- "autostart": { "default": False, "attr": "_autostart" },
- "uses_default_dispvm_netvm": {"default": True, "order": 30},
- "dispvm_netvm": {"attr": "_dispvm_netvm", "default": None},
- "backup_content" : { 'default': False },
- "backup_size" : {
- "default": 0,
- "func": int },
- "backup_path" : { 'default': "" },
- "backup_timestamp": {
- "func": lambda value:
- datetime.datetime.fromtimestamp(int(value)) if value
- else None },
- ##### Internal attributes - will be overridden in __init__ regardless of args
- "config_file_template": {
- "func": lambda x: system_path["config_template_pv"] },
- "icon_path": {
- "func": lambda x: os.path.join(self.dir_path, "icon.png") if
- self.dir_path is not None else None },
- # used to suppress side effects of clone_attrs
- "_do_not_reset_firewall": { "func": lambda x: False },
- "kernels_dir": {
- # for backward compatibility (or another rare case): kernel=None -> kernel in VM dir
- "func": lambda x: \
- os.path.join(system_path["qubes_kernels_base_dir"],
- self.kernel) if self.kernel is not None \
- else os.path.join(self.dir_path,
- vm_files["kernels_subdir"]) },
- }
- ### Mark attrs for XML inclusion
- # Simple string attrs
- for prop in ['qid', 'uuid', 'name', 'dir_path', 'memory', 'maxmem',
- 'pcidevs', 'pci_strictreset', 'vcpus', 'internal',\
- 'uses_default_kernel', 'kernel', 'uses_default_kernelopts',\
- 'kernelopts', 'services', 'installed_by_rpm',\
- 'uses_default_netvm', 'include_in_backups', 'debug',\
- 'qrexec_timeout', 'autostart', 'uses_default_dispvm_netvm',
- 'backup_content', 'backup_size', 'backup_path' ]:
- attrs[prop]['save'] = lambda prop=prop: str(getattr(self, prop))
- # Simple paths
- for prop in ['conf_file']:
- attrs[prop]['save'] = \
- lambda prop=prop: self.relative_path(getattr(self, prop))
- attrs[prop]['save_skip'] = \
- lambda prop=prop: getattr(self, prop) is None
- # Can happen only if VM created in offline mode
- attrs['maxmem']['save_skip'] = lambda: self.maxmem is None
- attrs['vcpus']['save_skip'] = lambda: self.vcpus is None
- attrs['uuid']['save_skip'] = lambda: self.uuid is None
- attrs['mac']['save'] = lambda: str(self._mac)
- attrs['mac']['save_skip'] = lambda: self._mac is None
- attrs['default_user']['save'] = lambda: str(self._default_user)
- attrs['backup_timestamp']['save'] = \
- lambda: self.backup_timestamp.strftime("%s")
- attrs['backup_timestamp']['save_skip'] = \
- lambda: self.backup_timestamp is None
- attrs['netvm']['save'] = \
- lambda: str(self.netvm.qid) if self.netvm is not None else "none"
- attrs['netvm']['save_attr'] = "netvm_qid"
- attrs['dispvm_netvm']['save'] = \
- lambda: str(self.dispvm_netvm.qid) \
- if self.dispvm_netvm is not None \
- else "none"
- attrs['template']['save'] = \
- lambda: str(self.template.qid) if self.template else "none"
- attrs['template']['save_attr'] = "template_qid"
- attrs['label']['save'] = lambda: self.label.name
- # fire hooks
- for hook in self.hooks_get_attrs_config:
- attrs = hook(self, attrs)
- return attrs
- def post_set_attr(self, attr, newvalue, oldvalue):
- for hook in self.hooks_set_attr:
- hook(self, attr, newvalue, oldvalue)
- def __basic_parse_xml_attr(self, value):
- if value is None:
- return None
- if value.lower() == "none":
- return None
- if value.lower() == "true":
- return True
- if value.lower() == "false":
- return False
- if value.isdigit():
- return int(value)
- return value
- def __init__(self, **kwargs):
- self._collection = None
- if 'collection' in kwargs:
- self._collection = kwargs['collection']
- else:
- raise ValueError("No collection given to QubesVM constructor")
- # Special case for template b/c it is given in "template_qid" property
- if "xml_element" in kwargs and kwargs["xml_element"].get("template_qid"):
- template_qid = kwargs["xml_element"].get("template_qid")
- if template_qid.lower() != "none":
- if int(template_qid) in self._collection:
- kwargs["template"] = self._collection[int(template_qid)]
- else:
- raise ValueError("Unknown template with QID %s" % template_qid)
- attrs = self.get_attrs_config()
- for attr_name in sorted(attrs, key=lambda _x: attrs[_x]['order'] if 'order' in attrs[_x] else 1000):
- attr_config = attrs[attr_name]
- attr = attr_name
- if 'attr' in attr_config:
- attr = attr_config['attr']
- value = None
- if attr_name in kwargs:
- value = kwargs[attr_name]
- elif 'xml_element' in kwargs and kwargs['xml_element'].get(attr_name) is not None:
- if 'xml_deserialize' in attr_config and callable(attr_config['xml_deserialize']):
- value = attr_config['xml_deserialize'](kwargs['xml_element'].get(attr_name))
- else:
- value = self.__basic_parse_xml_attr(kwargs['xml_element'].get(attr_name))
- else:
- if 'default' in attr_config:
- value = attr_config['default']
- if 'func' in attr_config:
- setattr(self, attr, attr_config['func'](value))
- elif 'eval' in attr_config:
- setattr(self, attr, eval(attr_config['eval']))
- else:
- #print "setting %s to %s" % (attr, value)
- setattr(self, attr, value)
- #Init private attrs
- self.__qid = self._qid
- self._libvirt_domain = None
- self._qdb_connection = None
- assert self.__qid < qubes_max_qid, "VM id out of bounds!"
- assert self.name is not None
- if not self.verify_name(self.name):
- msg = ("'%s' is invalid VM name (invalid characters, over 31 chars long, "
- "or one of 'none', 'true', 'false')") % self.name
- if 'xml_element' in kwargs:
- print >>sys.stderr, "WARNING: %s" % msg
- else:
- raise QubesException(msg)
- if self.netvm is not None:
- self.netvm.connected_vms[self.qid] = self
- # Not in generic way to not create QubesHost() to frequently
- if self.maxmem is None and not vmm.offline_mode:
- qubes_host = QubesHost()
- total_mem_mb = qubes_host.memory_total/1024
- self.maxmem = total_mem_mb/2
- # Linux specific cap: max memory can't scale beyond 10.79*init_mem
- if self.maxmem > self.memory * 10:
- self.maxmem = self.memory * 10
- # By default allow use all VCPUs
- if self.vcpus is None and not vmm.offline_mode:
- qubes_host = QubesHost()
- self.vcpus = qubes_host.no_cpus
- # Always set if meminfo-writer should be active or not
- if 'meminfo-writer' not in self.services:
- self.services['meminfo-writer'] = not (len(self.pcidevs) > 0)
- # Additionally force meminfo-writer disabled when VM have PCI devices
- if len(self.pcidevs) > 0:
- self.services['meminfo-writer'] = False
- # Initialize VM image storage class
- self.storage = defaults["storage_class"](self)
- if hasattr(self, 'kernels_dir'):
- self.storage.modules_img = os.path.join(self.kernels_dir,
- "modules.img")
- self.storage.modules_img_rw = self.kernel is None
- # Some additional checks for template based VM
- if self.template is not None:
- if not self.template.is_template():
- print >> sys.stderr, "ERROR: template_qid={0} doesn't point to a valid TemplateVM".\
- format(self.template.qid)
- return
- self.template.appvms[self.qid] = self
- else:
- assert self.root_img is not None, "Missing root_img for standalone VM!"
- self.log = logging.getLogger('qubes.vm.{}'.format(self.qid))
- self.log.debug('instantiated name={!r} class={}'.format(
- self.name, self.__class__.__name__))
- # fire hooks
- for hook in self.hooks_init:
- hook(self)
- def __repr__(self):
- return '<{} at {:#0x} qid={!r} name={!r}>'.format(
- self.__class__.__name__,
- id(self),
- self.qid,
- self.name)
- def absolute_path(self, arg, default):
- if arg is not None and os.path.isabs(arg):
- return arg
- else:
- return os.path.join(self.dir_path, (arg if arg is not None else default))
- def _absolute_path_gen(self, default):
- return lambda value: self.absolute_path(value, default)
- def relative_path(self, arg):
- return arg.replace(self.dir_path + '/', '')
- @property
- def qid(self):
- return self.__qid
- @property
- def label(self):
- return self._label
- @label.setter
- def label(self, new_label):
- self._label = new_label
- if self.icon_path:
- try:
- os.remove(self.icon_path)
- except:
- pass
- if hasattr(os, "symlink"):
- os.symlink (new_label.icon_path, self.icon_path)
- # FIXME: some os-independent wrapper?
- subprocess.call(['sudo', 'xdg-icon-resource', 'forceupdate'])
- else:
- shutil.copy(new_label.icon_path, self.icon_path)
- # fire hooks
- for hook in self.hooks_label_setter:
- hook(self, new_label)
- @property
- def netvm(self):
- return self._netvm
- # Don't know how properly call setter from base class, so workaround it...
- @netvm.setter
- def netvm(self, new_netvm):
- self._set_netvm(new_netvm)
- # fire hooks
- for hook in self.hooks_netvm_setter:
- hook(self, new_netvm)
- def _set_netvm(self, new_netvm):
- self.log.debug('netvm = {!r}'.format(new_netvm))
- if new_netvm and not new_netvm.is_netvm():
- raise ValueError("Vm {!r} does not provide network".format(
- new_netvm))
- if self.is_running() and new_netvm is not None and not new_netvm.is_running():
- raise QubesException("Cannot dynamically attach to stopped NetVM")
- if self.netvm is not None:
- self.netvm.connected_vms.pop(self.qid)
- if self.is_running():
- self.detach_network()
- if hasattr(self.netvm, 'post_vm_net_detach'):
- self.netvm.post_vm_net_detach(self)
- if new_netvm is not None:
- new_netvm.connected_vms[self.qid]=self
- self._netvm = new_netvm
- if new_netvm is None:
- return
- if self.is_running():
- # refresh IP, DNS etc
- self.create_qubesdb_entries()
- self.attach_network()
- if hasattr(self.netvm, 'post_vm_net_attach'):
- self.netvm.post_vm_net_attach(self)
- @property
- def ip(self):
- if self.netvm is not None:
- return self.netvm.get_ip_for_vm(self.qid)
- else:
- return None
- @property
- def netmask(self):
- if self.netvm is not None:
- return self.netvm.netmask
- else:
- return None
- @property
- def gateway(self):
- # This is gateway IP for _other_ VMs, so make sense only in NetVMs
- return None
- @property
- def secondary_dns(self):
- if self.netvm is not None:
- return self.netvm.secondary_dns
- else:
- return None
- @property
- def vif(self):
- if self.xid < 0:
- return None
- if self.netvm is None:
- return None
- return "vif{0}.+".format(self.xid)
- @property
- def mac(self):
- if self._mac is not None:
- return self._mac
- else:
- return "00:16:3E:5E:6C:{qid:02X}".format(qid=self.qid)
- @mac.setter
- def mac(self, new_mac):
- self._mac = new_mac
- @property
- def kernel(self):
- return self._kernel
- @kernel.setter
- def kernel(self, new_value):
- if new_value is not None:
- if not os.path.exists(os.path.join(system_path[
- 'qubes_kernels_base_dir'], new_value)):
- raise QubesException("Kernel '%s' not installed" % new_value)
- for f in ('vmlinuz', 'modules.img'):
- if not os.path.exists(os.path.join(
- system_path['qubes_kernels_base_dir'], new_value, f)):
- raise QubesException(
- "Kernel '%s' not properly installed: missing %s "
- "file" % (new_value, f))
- self._kernel = new_value
- @property
- def updateable(self):
- return self.template is None
- # Leaved for compatibility
- def is_updateable(self):
- return self.updateable
- @property
- def default_user(self):
- if self.template is not None:
- return self.template.default_user
- else:
- return self._default_user
- @default_user.setter
- def default_user(self, value):
- self._default_user = value
- def is_networked(self):
- if self.is_netvm():
- return True
- if self.netvm is not None:
- return True
- else:
- return False
- def verify_name(self, name):
- if not isinstance(self.__basic_parse_xml_attr(name), str):
- return False
- if len(name) > 31:
- return False
- return re.match(r"^[a-zA-Z][a-zA-Z0-9_.-]*$", name) is not None
- def pre_rename(self, new_name):
- # fire hooks
- for hook in self.hooks_pre_rename:
- hook(self, new_name)
- def set_name(self, name):
- self.log.debug('name = {!r}'.format(name))
- if self.is_running():
- raise QubesException("Cannot change name of running VM!")
- if not self.verify_name(name):
- raise QubesException("Invalid characters in VM name")
- if self.installed_by_rpm:
- raise QubesException("Cannot rename VM installed by RPM -- first clone VM and then use yum to remove package.")
- self.pre_rename(name)
- if self.libvirt_domain:
- self.libvirt_domain.undefine()
- if self._qdb_connection:
- self._qdb_connection.close()
- self._qdb_connection = None
- new_conf = os.path.join(self.dir_path, name + '.conf')
- if os.path.exists(self.conf_file):
- os.rename(self.conf_file, new_conf)
- old_dirpath = self.dir_path
- self.storage.rename(self.name, name)
- new_dirpath = self.storage.vmdir
- self.dir_path = new_dirpath
- old_name = self.name
- self.name = name
- if self.conf_file is not None:
- self.conf_file = new_conf.replace(old_dirpath, new_dirpath)
- if self.icon_path is not None:
- self.icon_path = self.icon_path.replace(old_dirpath, new_dirpath)
- if hasattr(self, 'kernels_dir') and self.kernels_dir is not None:
- self.kernels_dir = self.kernels_dir.replace(old_dirpath, new_dirpath)
- self._update_libvirt_domain()
- self.post_rename(old_name)
- def post_rename(self, old_name):
- # fire hooks
- for hook in self.hooks_post_rename:
- hook(self, old_name)
- @property
- def internal(self):
- return self._internal
- @internal.setter
- def internal(self, value):
- oldvalue = self._internal
- self._internal = value
- self.post_set_attr('internal', value, oldvalue)
- @property
- def dispvm_netvm(self):
- if self.uses_default_dispvm_netvm:
- return self.netvm
- else:
- if isinstance(self._dispvm_netvm, int):
- return self._collection[self._dispvm_netvm]
- else:
- return self._dispvm_netvm
- @dispvm_netvm.setter
- def dispvm_netvm(self, value):
- if value and not value.is_netvm():
- raise ValueError("Vm {!r} does not provide network".format(
- value))
- self._dispvm_netvm = value
- @property
- def autostart(self):
- return self._autostart
- @autostart.setter
- def autostart(self, value):
- if value:
- retcode = subprocess.call(["sudo", "ln", "-sf",
- "/usr/lib/systemd/system/qubes-vm@.service",
- "/etc/systemd/system/multi-user.target.wants/qubes-vm@%s.service" % self.name])
- else:
- retcode = subprocess.call(["sudo", "systemctl", "disable", "qubes-vm@%s.service" % self.name])
- if retcode != 0:
- raise QubesException("Failed to set autostart for VM via systemctl")
- self._autostart = bool(value)
- @classmethod
- def is_template_compatible(cls, template):
- """Check if given VM can be a template for this VM"""
- # FIXME: check if the value is instance of QubesTemplateVM, not the VM
- # type. The problem is while this file is loaded, QubesTemplateVM is
- # not defined yet.
- if template and (not template.is_template() or template.type != "TemplateVM"):
- return False
- return True
- @property
- def template(self):
- return self._template
- @template.setter
- def template(self, value):
- if self._template is None and value is not None:
- raise QubesException("Cannot set template for standalone VM")
- if value and not self.is_template_compatible(value):
- raise QubesException("Incompatible template type %s with VM of type %s" % (value.type, self.type))
- self._template = value
- def is_template(self):
- return False
- def is_appvm(self):
- return False
- def is_netvm(self):
- return False
- def is_proxyvm(self):
- return False
- def is_disposablevm(self):
- return False
- @property
- def qdb(self):
- if self._qdb_connection is None:
- from qubes.qdb import QubesDB
- self._qdb_connection = QubesDB(self.name)
- return self._qdb_connection
- @property
- def xid(self):
- try:
- return self.libvirt_domain.ID()
- except libvirt.libvirtError as e:
- if e.err[0] == libvirt.VIR_ERR_NO_DOMAIN:
- return -1
- else:
- raise
- def get_xid(self):
- # obsoleted
- return self.xid
- def _update_libvirt_domain(self):
- domain_config = self.create_config_file()
- self._libvirt_domain = vmm.libvirt_conn.defineXML(domain_config)
- self.uuid = uuid.UUID(bytes=self._libvirt_domain.UUID())
- @property
- def libvirt_domain(self):
- if self._libvirt_domain is None:
- if self.uuid is not None:
- self._libvirt_domain = vmm.libvirt_conn.lookupByUUID(self.uuid.bytes)
- else:
- self._libvirt_domain = vmm.libvirt_conn.lookupByName(self.name)
- self.uuid = uuid.UUID(bytes=self._libvirt_domain.UUID())
- return self._libvirt_domain
- def get_uuid(self):
- # obsoleted
- return self.uuid
- def refresh(self):
- self._libvirt_domain = None
- self._qdb_connection = None
- def get_mem(self):
- if dry_run:
- return 666
- try:
- if not self.libvirt_domain.isActive():
- return 0
- return self.libvirt_domain.info()[1]
- except libvirt.libvirtError as e:
- if e.err[0] == libvirt.VIR_ERR_NO_DOMAIN:
- return 0
- else:
- raise
- def get_cputime(self):
- if dry_run:
- return 666
- try:
- if not self.libvirt_domain.isActive():
- return 0
- return self.libvirt_domain.info()[4]
- except libvirt.libvirtError as e:
- if e.err[0] == libvirt.VIR_ERR_NO_DOMAIN:
- return 0
- else:
- raise
- def get_mem_static_max(self):
- if dry_run:
- return 666
- try:
- return self.libvirt_domain.maxMemory()
- except libvirt.libvirtError as e:
- if e.err[0] == libvirt.VIR_ERR_NO_DOMAIN:
- return 0
- else:
- raise
- def get_prefmem(self):
- # TODO: qmemman is still xen specific
- untrusted_meminfo_key = vmm.xs.read('',
- '/local/domain/%s/memory/meminfo'
- % self.xid)
- if untrusted_meminfo_key is None or untrusted_meminfo_key == '':
- return 0
- domain = qmemman.DomainState(self.xid)
- qmemman_algo.refresh_meminfo_for_domain(domain, untrusted_meminfo_key)
- domain.memory_maximum = self.get_mem_static_max()*1024
- return qmemman_algo.prefmem(domain)/1024
- def get_per_cpu_time(self):
- if dry_run:
- import random
- return random.random() * 100
- try:
- if self.libvirt_domain.isActive():
- return self.libvirt_domain.getCPUStats(
- libvirt.VIR_NODE_CPU_STATS_ALL_CPUS, 0)[0]['cpu_time']/10**9
- else:
- return 0
- except libvirt.libvirtError as e:
- if e.err[0] == libvirt.VIR_ERR_NO_DOMAIN:
- return 0
- else:
- raise
- def get_disk_utilization_root_img(self):
- return qubes.qubesutils.get_disk_usage(self.root_img)
- def get_root_img_sz(self):
- if not os.path.exists(self.root_img):
- return 0
- return os.path.getsize(self.root_img)
- def get_power_state(self):
- if dry_run:
- return "NA"
- try:
- libvirt_domain = self.libvirt_domain
- if libvirt_domain.isActive():
- if libvirt_domain.state()[0] == libvirt.VIR_DOMAIN_PAUSED:
- return "Paused"
- elif libvirt_domain.state()[0] == libvirt.VIR_DOMAIN_CRASHED:
- return "Crashed"
- elif libvirt_domain.state()[0] == libvirt.VIR_DOMAIN_SHUTDOWN:
- return "Halting"
- elif libvirt_domain.state()[0] == libvirt.VIR_DOMAIN_SHUTOFF:
- return "Dying"
- elif libvirt_domain.state()[0] == libvirt.VIR_DOMAIN_PMSUSPENDED:
- return "Suspended"
- else:
- if not self.is_fully_usable():
- return "Transient"
- else:
- return "Running"
- else:
- return 'Halted'
- except libvirt.libvirtError as e:
- if e.err[0] == libvirt.VIR_ERR_NO_DOMAIN:
- return "Halted"
- else:
- raise
- def is_guid_running(self):
- xid = self.xid
- if xid < 0:
- return False
- if not os.path.exists('/var/run/qubes/guid-running.%d' % xid):
- return False
- return True
- def is_qrexec_running(self):
- if self.xid < 0:
- return False
- return os.path.exists('/var/run/qubes/qrexec.%s' % self.name)
- def is_fully_usable(self):
- # Running gui-daemon implies also VM running
- if not self.is_guid_running():
- return False
- if not self.is_qrexec_running():
- return False
- return True
- def is_running(self):
- try:
- if self.libvirt_domain.isActive():
- return True
- else:
- return False
- except libvirt.libvirtError as e:
- if e.err[0] == libvirt.VIR_ERR_NO_DOMAIN:
- return False
- else:
- raise
- def is_paused(self):
- try:
- if self.libvirt_domain.state()[0] == libvirt.VIR_DOMAIN_PAUSED:
- return True
- else:
- return False
- except libvirt.libvirtError as e:
- if e.err[0] == libvirt.VIR_ERR_NO_DOMAIN:
- return False
- else:
- raise
- def get_start_time(self):
- if not self.is_running():
- return None
- # TODO
- uuid = self.uuid
- start_time = vmm.xs.read('', "/vm/%s/start_time" % str(uuid))
- if start_time != '':
- return datetime.datetime.fromtimestamp(float(start_time))
- else:
- return None
- def is_outdated(self):
- # Makes sense only on VM based on template
- if self.template is None:
- return False
- if not self.is_running():
- return False
- if not hasattr(self.template, 'rootcow_img'):
- return False
- rootimg_inode = os.stat(self.template.root_img)
- try:
- rootcow_inode = os.stat(self.template.rootcow_img)
- except OSError:
- # The only case when rootcow_img doesn't exists is in the middle of
- # commit_changes, so VM is outdated right now
- return True
- current_dmdev = "/dev/mapper/snapshot-{0:x}:{1}-{2:x}:{3}".format(
- rootimg_inode[2], rootimg_inode[1],
- rootcow_inode[2], rootcow_inode[1])
- # FIXME
- # 51712 (0xCA00) is xvda
- # backend node name not available through xenapi :(
- used_dmdev = vmm.xs.read('', "/local/domain/0/backend/vbd/{0}/51712/node".format(self.xid))
- return used_dmdev != current_dmdev
- @property
- def private_img(self):
- return self.storage.private_img
- @property
- def root_img(self):
- return self.storage.root_img
- @property
- def volatile_img(self):
- return self.storage.volatile_img
- def get_disk_utilization(self):
- return qubes.qubesutils.get_disk_usage(self.dir_path)
- def get_disk_utilization_private_img(self):
- return qubes.qubesutils.get_disk_usage(self.private_img)
- def get_private_img_sz(self):
- return self.storage.get_private_img_sz()
- def resize_private_img(self, size):
- assert size >= self.get_private_img_sz(), "Cannot shrink private.img"
- # resize the image
- self.storage.resize_private_img(size)
- # and then the filesystem
- retcode = 0
- if self.is_running():
- retcode = self.run("while [ \"`blockdev --getsize64 /dev/xvdb`\" -lt {0} ]; do ".format(size) +
- "head /dev/xvdb > /dev/null; sleep 0.2; done; resize2fs /dev/xvdb", user="root", wait=True)
- if retcode != 0:
- raise QubesException("resize2fs failed")
- # FIXME: should be outside of QubesVM?
- def get_timezone(self):
- # fc18
- if os.path.islink('/etc/localtime'):
- return '/'.join(os.readlink('/etc/localtime').split('/')[-2:])
- # <=fc17
- elif os.path.exists('/etc/sysconfig/clock'):
- clock_config = open('/etc/sysconfig/clock', "r")
- clock_config_lines = clock_config.readlines()
- clock_config.close()
- zone_re = re.compile(r'^ZONE="(.*)"')
- for line in clock_config_lines:
- line_match = zone_re.match(line)
- if line_match:
- return line_match.group(1)
- else:
- # last resort way, some applications makes /etc/localtime
- # hardlink instead of symlink...
- tz_info = os.stat('/etc/localtime')
- if not tz_info:
- return None
- if tz_info.st_nlink > 1:
- p = subprocess.Popen(['find', '/usr/share/zoneinfo',
- '-inum', str(tz_info.st_ino)],
- stdout=subprocess.PIPE)
- tz_path = p.communicate()[0].strip()
- return tz_path.replace('/usr/share/zoneinfo/', '')
- return None
- def cleanup_vifs(self):
- """
- Xend does not remove vif when backend domain is down, so we must do it
- manually
- """
- # FIXME: remove this?
- if not self.is_running():
- return
- dev_basepath = '/local/domain/%d/device/vif' % self.xid
- for dev in (vmm.xs.ls('', dev_basepath) or []):
- # check if backend domain is alive
- backend_xid = int(vmm.xs.read('', '%s/%s/backend-id' % (dev_basepath, dev)))
- if backend_xid in vmm.libvirt_conn.listDomainsID():
- # check if device is still active
- if vmm.xs.read('', '%s/%s/state' % (dev_basepath, dev)) == '4':
- continue
- # remove dead device
- vmm.xs.rm('', '%s/%s' % (dev_basepath, dev))
- def create_qubesdb_entries(self):
- if dry_run:
- return
- self.qdb.write("/name", self.name)
- self.qdb.write("/qubes-vm-type", self.type)
- self.qdb.write("/qubes-vm-updateable", str(self.updateable))
- if self.is_netvm():
- self.qdb.write("/qubes-netvm-gateway", self.gateway)
- self.qdb.write("/qubes-netvm-secondary-dns", self.secondary_dns)
- self.qdb.write("/qubes-netvm-netmask", self.netmask)
- self.qdb.write("/qubes-netvm-network", self.network)
- if self.netvm is not None:
- self.qdb.write("/qubes-ip", self.ip)
- self.qdb.write("/qubes-netmask", self.netvm.netmask)
- self.qdb.write("/qubes-gateway", self.netvm.gateway)
- self.qdb.write("/qubes-secondary-dns", self.netvm.secondary_dns)
- tzname = self.get_timezone()
- if tzname:
- self.qdb.write("/qubes-timezone", tzname)
- for srv in self.services.keys():
- # convert True/False to "1"/"0"
- self.qdb.write("/qubes-service/{0}".format(srv),
- str(int(self.services[srv])))
- self.qdb.write("/qubes-block-devices", '')
- self.qdb.write("/qubes-usb-devices", '')
- self.qdb.write("/qubes-debug-mode", str(int(self.debug)))
- # TODO: Currently the whole qmemman is quite Xen-specific, so stay with
- # xenstore for it until decided otherwise
- if qmemman_present:
- vmm.xs.set_permissions('', '/local/domain/{0}/memory'.format(self.xid),
- [{ 'dom': self.xid }])
- # fire hooks
- for hook in self.hooks_create_qubesdb_entries:
- hook(self)
- def _format_net_dev(self, ip, mac, backend):
- template = " <interface type='ethernet'>\n" \
- " <mac address='{mac}'/>\n" \
- " <ip address='{ip}'/>\n" \
- " <script path='vif-route-qubes'/>\n" \
- " <backenddomain name='{backend}'/>\n" \
- " </interface>\n"
- return template.format(ip=ip, mac=mac, backend=backend)
- def _format_pci_dev(self, address):
- template = " <hostdev type='pci' managed='yes'{strictreset}>\n" \
- " <source>\n" \
- " <address bus='0x{bus}' slot='0x{slot}' function='0x{fun}'/>\n" \
- " </source>\n" \
- " </hostdev>\n"
- dev_match = re.match('([0-9a-f]+):([0-9a-f]+)\.([0-9a-f]+)', address)
- if not dev_match:
- raise QubesException("Invalid PCI device address: %s" % address)
- return template.format(
- bus=dev_match.group(1),
- slot=dev_match.group(2),
- fun=dev_match.group(3),
- strictreset=("" if self.pci_strictreset else
- " nostrictreset='yes'"),
- )
- def get_config_params(self):
- args = {}
- args['name'] = self.name
- if hasattr(self, 'kernels_dir'):
- args['kerneldir'] = self.kernels_dir
- args['uuidnode'] = "<uuid>%s</uuid>" % str(self.uuid) if self.uuid else ""
- args['vmdir'] = self.dir_path
- args['pcidevs'] = ''.join(map(self._format_pci_dev, self.pcidevs))
- args['mem'] = str(self.memory)
- if self.maxmem < self.memory:
- args['mem'] = str(self.maxmem)
- args['maxmem'] = str(self.maxmem)
- if 'meminfo-writer' in self.services and not self.services['meminfo-writer']:
- # If dynamic memory management disabled, set maxmem=mem
- args['maxmem'] = args['mem']
- args['vcpus'] = str(self.vcpus)
- if self.netvm is not None:
- args['ip'] = self.ip
- args['mac'] = self.mac
- args['gateway'] = self.netvm.gateway
- args['dns1'] = self.netvm.gateway
- args['dns2'] = self.secondary_dns
- args['netmask'] = self.netmask
- args['netdev'] = self._format_net_dev(self.ip, self.mac, self.netvm.name)
- args['disable_network1'] = '';
- args['disable_network2'] = '';
- else:
- args['ip'] = ''
- args['mac'] = ''
- args['gateway'] = ''
- args['dns1'] = ''
- args['dns2'] = ''
- args['netmask'] = ''
- args['netdev'] = ''
- args['disable_network1'] = '<!--';
- args['disable_network2'] = '-->';
- args.update(self.storage.get_config_params())
- if hasattr(self, 'kernelopts'):
- args['kernelopts'] = self.kernelopts
- if self.debug:
- print >> sys.stderr, "--> Debug mode: adding 'earlyprintk=xen' to kernel opts"
- args['kernelopts'] += ' earlyprintk=xen'
- # fire hooks
- for hook in self.hooks_get_config_params:
- args = hook(self, args)
- return args
- @property
- def uses_custom_config(self):
- return self.conf_file != self.absolute_path(self.name + ".conf", None)
- def create_config_file(self, file_path = None, prepare_dvm = False):
- if file_path is None:
- file_path = self.conf_file
- if self.uses_custom_config:
- conf_appvm = open(file_path, "r")
- domain_config = conf_appvm.read()
- conf_appvm.close()
- return domain_config
- f_conf_template = open(self.config_file_template, 'r')
- conf_template = f_conf_template.read()
- f_conf_template.close()
- template_params = self.get_config_params()
- if prepare_dvm:
- template_params['name'] = '%NAME%'
- template_params['privatedev'] = ''
- template_params['netdev'] = re.sub(r"address='[0-9.]*'", "address='%IP%'", template_params['netdev'])
- domain_config = conf_template.format(**template_params)
- # FIXME: This is only for debugging purposes
- old_umask = os.umask(002)
- try:
- if os.path.exists(file_path):
- os.unlink(file_path)
- conf_appvm = open(file_path, "w")
- conf_appvm.write(domain_config)
- conf_appvm.close()
- except:
- # Ignore errors
- pass
- finally:
- os.umask(old_umask)
- return domain_config
- def create_on_disk(self, verbose=False, source_template = None):
- self.log.debug('create_on_disk(source_template={!r})'.format(
- source_template))
- if source_template is None:
- source_template = self.template
- assert source_template is not None
- if dry_run:
- return
- self.storage.create_on_disk(verbose, source_template)
- if self.updateable:
- kernels_dir = source_template.kernels_dir
- if verbose:
- print >> sys.stderr, "--> Copying the kernel (set kernel \"none\" to use it): {0}".\
- format(kernels_dir)
- os.mkdir (self.dir_path + '/kernels')
- for f in ("vmlinuz", "initramfs", "modules.img"):
- shutil.copy(os.path.join(kernels_dir, f),
- os.path.join(self.dir_path, vm_files["kernels_subdir"], f))
- if verbose:
- print >> sys.stderr, "--> Creating icon symlink: {0} -> {1}".format(self.icon_path, self.label.icon_path)
- if hasattr(os, "symlink"):
- os.symlink (self.label.icon_path, self.icon_path)
- else:
- shutil.copy(self.label.icon_path, self.icon_path)
- # Make sure that we have UUID allocated
- self._update_libvirt_domain()
- # fire hooks
- for hook in self.hooks_create_on_disk:
- hook(self, verbose, source_template=source_template)
- def get_clone_attrs(self):
- attrs = ['kernel', 'uses_default_kernel', 'netvm', 'uses_default_netvm', \
- 'memory', 'maxmem', 'kernelopts', 'uses_default_kernelopts', 'services', 'vcpus', \
- '_mac', 'pcidevs', 'include_in_backups', '_label', 'default_user']
- # fire hooks
- for hook in self.hooks_get_clone_attrs:
- attrs = hook(self, attrs)
- return attrs
- def clone_attrs(self, src_vm, fail_on_error=True):
- self._do_not_reset_firewall = True
- for prop in self.get_clone_attrs():
- try:
- val = getattr(src_vm, prop)
- if isinstance(val, dict):
- val = val.copy()
- setattr(self, prop, val)
- except Exception as e:
- if fail_on_error:
- self._do_not_reset_firewall = False
- raise
- else:
- print >>sys.stderr, "WARNING: %s" % str(e)
- self._do_not_reset_firewall = False
- def clone_disk_files(self, src_vm, verbose):
- if dry_run:
- return
- if src_vm.is_running():
- raise QubesException("Attempt to clone a running VM!")
- self.storage.clone_disk_files(src_vm, verbose)
- if src_vm.icon_path is not None and self.icon_path is not None:
- if os.path.exists (src_vm.dir_path):
- if os.path.islink(src_vm.icon_path):
- icon_path = os.readlink(src_vm.icon_path)
- if verbose:
- print >> sys.stderr, "--> Creating icon symlink: {0} -> {1}".format(self.icon_path, icon_path)
- os.symlink (icon_path, self.icon_path)
- else:
- if verbose:
- print >> sys.stderr, "--> Copying icon: {0} -> {1}".format(src_vm.icon_path, self.icon_path)
- shutil.copy(src_vm.icon_path, self.icon_path)
- # Make sure that we have UUID allocated
- self._update_libvirt_domain()
- # fire hooks
- for hook in self.hooks_clone_disk_files:
- hook(self, src_vm, verbose)
- def verify_files(self):
- if dry_run:
- return
- self.storage.verify_files()
- if not os.path.exists (os.path.join(self.kernels_dir, 'vmlinuz')):
- raise QubesException (
- "VM kernel does not exist: {0}".\
- format(os.path.join(self.kernels_dir, 'vmlinuz')))
- if not os.path.exists (os.path.join(self.kernels_dir, 'initramfs')):
- raise QubesException (
- "VM initramfs does not exist: {0}".\
- format(os.path.join(self.kernels_dir, 'initramfs')))
- # fire hooks
- for hook in self.hooks_verify_files:
- hook(self)
- return True
- def remove_from_disk(self):
- self.log.debug('remove_from_disk()')
- if dry_run:
- return
- # fire hooks
- for hook in self.hooks_remove_from_disk:
- hook(self)
- try:
- self.libvirt_domain.undefine()
- except libvirt.libvirtError as e:
- if e.err[0] == libvirt.VIR_ERR_NO_DOMAIN:
- # already undefined
- pass
- else:
- raise
- self.storage.remove_from_disk()
- def write_firewall_conf(self, conf):
- defaults = self.get_firewall_conf()
- expiring_rules_present = False
- for item in defaults.keys():
- if item not in conf:
- conf[item] = defaults[item]
- root = lxml.etree.Element(
- "QubesFirewallRules",
- policy = "allow" if conf["allow"] else "deny",
- dns = "allow" if conf["allowDns"] else "deny",
- icmp = "allow" if conf["allowIcmp"] else "deny",
- yumProxy = "allow" if conf["allowYumProxy"] else "deny"
- )
- for rule in conf["rules"]:
- # For backward compatibility
- if "proto" not in rule:
- if rule["portBegin"] is not None and rule["portBegin"] > 0:
- rule["proto"] = "tcp"
- else:
- rule["proto"] = "any"
- element = lxml.etree.Element(
- "rule",
- address=rule["address"],
- proto=str(rule["proto"]),
- )
- if rule["netmask"] is not None and rule["netmask"] != 32:
- element.set("netmask", str(rule["netmask"]))
- if rule.get("portBegin", None) is not None and \
- rule["portBegin"] > 0:
- element.set("port", str(rule["portBegin"]))
- if rule.get("portEnd", None) is not None and rule["portEnd"] > 0:
- element.set("toport", str(rule["portEnd"]))
- if "expire" in rule:
- element.set("expire", str(rule["expire"]))
- expiring_rules_present = True
- root.append(element)
- tree = lxml.etree.ElementTree(root)
- try:
- old_umask = os.umask(002)
- with open(self.firewall_conf, 'w') as f:
- tree.write(f, encoding="UTF-8", pretty_print=True)
- f.close()
- os.umask(old_umask)
- except EnvironmentError as err:
- print >> sys.stderr, "{0}: save error: {1}".format(
- os.path.basename(sys.argv[0]), err)
- return False
- # Automatically enable/disable 'yum-proxy-setup' service based on allowYumProxy
- if conf['allowYumProxy']:
- self.services['yum-proxy-setup'] = True
- else:
- if self.services.has_key('yum-proxy-setup'):
- self.services.pop('yum-proxy-setup')
- if expiring_rules_present:
- subprocess.call(["sudo", "systemctl", "start",
- "qubes-reload-firewall@%s.timer" % self.name])
- return True
- def has_firewall(self):
- return os.path.exists (self.firewall_conf)
- def get_firewall_defaults(self):
- return { "rules": list(), "allow": True, "allowDns": True, "allowIcmp": True, "allowYumProxy": False }
- def get_firewall_conf(self):
- conf = self.get_firewall_defaults()
- try:
- tree = lxml.etree.parse(self.firewall_conf)
- root = tree.getroot()
- conf["allow"] = (root.get("policy") == "allow")
- conf["allowDns"] = (root.get("dns") == "allow")
- conf["allowIcmp"] = (root.get("icmp") == "allow")
- conf["allowYumProxy"] = (root.get("yumProxy") == "allow")
- for element in root:
- rule = {}
- attr_list = ("address", "netmask", "proto", "port", "toport",
- "expire")
- for attribute in attr_list:
- rule[attribute] = element.get(attribute)
- if rule["netmask"] is not None:
- rule["netmask"] = int(rule["netmask"])
- else:
- rule["netmask"] = 32
- if rule["port"] is not None:
- rule["portBegin"] = int(rule["port"])
- else:
- # backward compatibility
- rule["portBegin"] = 0
- # For backward compatibility
- if rule["proto"] is None:
- if rule["portBegin"] > 0:
- rule["proto"] = "tcp"
- else:
- rule["proto"] = "any"
- if rule["toport"] is not None:
- rule["portEnd"] = int(rule["toport"])
- else:
- rule["portEnd"] = None
- if rule["expire"] is not None:
- rule["expire"] = int(rule["expire"])
- if rule["expire"] <= int(datetime.datetime.now().strftime(
- "%s")):
- continue
- else:
- del(rule["expire"])
- del(rule["port"])
- del(rule["toport"])
- conf["rules"].append(rule)
- except EnvironmentError as err:
- return conf
- except (xml.parsers.expat.ExpatError,
- ValueError, LookupError) as err:
- print("{0}: load error: {1}".format(
- os.path.basename(sys.argv[0]), err))
- return None
- return conf
- def pci_add(self, pci):
- self.log.debug('pci_add(pci={!r})'.format(pci))
- if not os.path.exists('/sys/bus/pci/devices/0000:%s' % pci):
- raise QubesException("Invalid PCI device: %s" % pci)
- if self.pcidevs.count(pci):
- # already added
- return
- self.pcidevs.append(pci)
- if self.is_running():
- try:
- subprocess.check_call(['sudo', system_path["qubes_pciback_cmd"], pci])
- subprocess.check_call(['sudo', 'xl', 'pci-attach', str(self.xid), pci])
- except Exception as e:
- print >>sys.stderr, "Failed to attach PCI device on the fly " \
- "(%s), changes will be seen after VM restart" % str(e)
- def pci_remove(self, pci):
- self.log.debug('pci_remove(pci={!r})'.format(pci))
- if not self.pcidevs.count(pci):
- # not attached
- return
- self.pcidevs.remove(pci)
- if self.is_running():
- p = subprocess.Popen(['xl', 'pci-list', str(self.xid)],
- stdout=subprocess.PIPE)
- result = p.communicate()
- m = re.search(r"^(\d+.\d+)\s+0000:%s$" % pci, result[0], flags=re.MULTILINE)
- if not m:
- print >>sys.stderr, "Device %s already detached" % pci
- return
- vmdev = m.group(1)
- try:
- self.run_service("qubes.DetachPciDevice",
- user="root", input="00:%s" % vmdev)
- subprocess.check_call(['sudo', 'xl', 'pci-detach', str(self.xid), pci])
- except Exception as e:
- print >>sys.stderr, "Failed to detach PCI device on the fly " \
- "(%s), changes will be seen after VM restart" % str(e)
- def run(self, command, user = None, verbose = True, autostart = False,
- notify_function = None,
- passio = False, passio_popen = False, passio_stderr=False,
- ignore_stderr=False, localcmd = None, wait = False, gui = True,
- filter_esc = False):
- """command should be in form 'cmdline'
- When passio_popen=True, popen object with stdout connected to pipe.
- When additionally passio_stderr=True, stderr also is connected to pipe.
- When ignore_stderr=True, stderr is connected to /dev/null.
- """
- self.log.debug(
- 'run(command={!r}, user={!r}, passio={!r}, wait={!r})'.format(
- command, user, passio, wait))
- if user is None:
- user = self.default_user
- null = None
- if not self.is_running() and not self.is_paused():
- if not autostart:
- raise QubesException("VM not running")
- try:
- if notify_function is not None:
- notify_function ("info", "Starting the '{0}' VM...".format(self.name))
- elif verbose:
- print >> sys.stderr, "Starting the VM '{0}'...".format(self.name)
- self.start(verbose=verbose, start_guid = gui, notify_function=notify_function)
- except (IOError, OSError, QubesException) as err:
- raise QubesException("Error while starting the '{0}' VM: {1}".format(self.name, err))
- except (MemoryError) as err:
- raise QubesException("Not enough memory to start '{0}' VM! "
- "Close one or more running VMs and try "
- "again.".format(self.name))
- if self.is_paused():
- raise QubesException("VM is paused")
- if not self.is_qrexec_running():
- raise QubesException(
- "Domain '{}': qrexec not connected.".format(self.name))
- if gui and os.getenv("DISPLAY") is not None and not self.is_guid_running():
- self.start_guid(verbose = verbose, notify_function = notify_function)
- args = [system_path["qrexec_client_path"], "-d", str(self.name), "%s:%s" % (user, command)]
- if localcmd is not None:
- args += [ "-l", localcmd]
- if filter_esc:
- args += ["-t"]
- if os.isatty(sys.stderr.fileno()):
- args += ["-T"]
- call_kwargs = {}
- if ignore_stderr or not passio:
- null = open("/dev/null", "rw")
- call_kwargs['stderr'] = null
- if not passio:
- call_kwargs['stdin'] = null
- call_kwargs['stdout'] = null
- if passio_popen:
- popen_kwargs={'stdout': subprocess.PIPE}
- popen_kwargs['stdin'] = subprocess.PIPE
- if passio_stderr:
- popen_kwargs['stderr'] = subprocess.PIPE
- else:
- popen_kwargs['stderr'] = call_kwargs.get('stderr', None)
- p = subprocess.Popen (args, **popen_kwargs)
- if null:
- null.close()
- return p
- if not wait and not passio:
- args += ["-e"]
- retcode = subprocess.call(args, **call_kwargs)
- if null:
- null.close()
- return retcode
- def run_service(self, service, source="dom0", user=None,
- passio_popen = False, input=None):
- if input and passio_popen:
- raise ValueError("'input' and 'passio_popen' cannot be used "
- "together")
- if input:
- return self.run("QUBESRPC %s %s" % (service, source),
- localcmd="echo %s" % input, user=user, wait=True)
- else:
- return self.run("QUBESRPC %s %s" % (service, source),
- passio_popen=passio_popen, user=user, wait=True)
- def attach_network(self, verbose = False, wait = True, netvm = None):
- self.log.debug('attach_network(netvm={!r})'.format(netvm))
- if dry_run:
- return
- if not self.is_running():
- raise QubesException ("VM not running!")
- if netvm is None:
- netvm = self.netvm
- if netvm is None:
- raise QubesException ("NetVM not set!")
- if netvm.qid != 0:
- if not netvm.is_running():
- if verbose:
- print >> sys.stderr, "--> Starting NetVM {0}...".format(netvm.name)
- netvm.start()
- self.libvirt_domain.attachDevice(
- self._format_net_dev(self.ip, self.mac, self.netvm.name))
- def detach_network(self, verbose = False, netvm = None):
- self.log.debug('detach_network(netvm={!r})'.format(netvm))
- if dry_run:
- return
- if not self.is_running():
- raise QubesException ("VM not running!")
- if netvm is None:
- netvm = self.netvm
- if netvm is None:
- raise QubesException ("NetVM not set!")
- self.libvirt_domain.detachDevice( self._format_net_dev(self.ip,
- self.mac, self.netvm.name))
- def wait_for_session(self, notify_function = None):
- self.log.debug('wait_for_session()')
- #self.run('echo $$ >> /tmp/qubes-session-waiter; [ ! -f /tmp/qubes-session-env ] && exec sleep 365d', ignore_stderr=True, gui=False, wait=True)
- # Note : User root is redefined to SYSTEM in the Windows agent code
- p = self.run('QUBESRPC qubes.WaitForSession none', user="root", passio_popen=True, gui=False, wait=True)
- p.communicate(input=self.default_user)
- def start_guid(self, verbose = True, notify_function = None,
- extra_guid_args=None, before_qrexec=False):
- self.log.debug(
- 'start_guid(extra_guid_args={!r}, before_qrexec={!r})'.format(
- extra_guid_args, before_qrexec))
- if before_qrexec:
- # On PV start GUId only after qrexec-daemon
- return
- if verbose:
- print >> sys.stderr, "--> Starting Qubes GUId..."
- guid_cmd = [system_path["qubes_guid_path"],
- "-d", str(self.xid), "-N", self.name,
- "-c", self.label.color,
- "-i", self.label.icon_path,
- "-l", str(self.label.index)]
- if extra_guid_args is not None:
- guid_cmd += extra_guid_args
- if self.debug:
- guid_cmd += ['-v', '-v']
- elif not verbose:
- guid_cmd += ['-q']
- retcode = subprocess.call (guid_cmd)
- if (retcode != 0) :
- raise QubesException("Cannot start qubes-guid!")
- if not self.is_qrexec_running():
- return
- try:
- import qubes.monitorlayoutnotify
- if verbose:
- print >> sys.stderr, "--> Sending monitor layout..."
- monitor_layout = qubes.monitorlayoutnotify.get_monitor_layout()
- qubes.monitorlayoutnotify.notify_vm(self, monitor_layout)
- except ImportError as e:
- print >>sys.stderr, "ERROR: %s" % e
- if verbose:
- print >> sys.stderr, "--> Waiting for qubes-session..."
- self.wait_for_session(notify_function)
- def start_qrexec_daemon(self, verbose = False, notify_function = None):
- self.log.debug('start_qrexec_daemon()')
- if verbose:
- print >> sys.stderr, "--> Starting the qrexec daemon..."
- qrexec_args = [str(self.xid), self.name, self.default_user]
- if not verbose:
- qrexec_args.insert(0, "-q")
- qrexec_env = os.environ
- qrexec_env['QREXEC_STARTUP_TIMEOUT'] = str(self.qrexec_timeout)
- retcode = subprocess.call ([system_path["qrexec_daemon_path"]] +
- qrexec_args, env=qrexec_env)
- if (retcode != 0) :
- raise OSError ("Cannot execute qrexec-daemon!")
- def start_qubesdb(self):
- self.log.debug('start_qubesdb()')
- retcode = subprocess.call ([
- system_path["qubesdb_daemon_path"],
- str(self.xid),
- self.name])
- if retcode != 0:
- self.force_shutdown()
- raise OSError("ERROR: Cannot execute qubesdb-daemon!")
- def start(self, verbose = False, preparing_dvm = False, start_guid = True,
- notify_function = None, mem_required = None):
- self.log.debug('start('
- 'preparing_dvm={!r}, start_guid={!r}, mem_required={!r})'.format(
- preparing_dvm, start_guid, mem_required))
- if dry_run:
- return
- # Intentionally not used is_running(): eliminate also "Paused", "Crashed", "Halting"
- if self.get_power_state() != "Halted":
- raise QubesException ("VM is already running!")
- self.verify_files()
- if self.netvm is not None:
- if self.netvm.qid != 0:
- if not self.netvm.is_running():
- if verbose:
- print >> sys.stderr, "--> Starting NetVM {0}...".format(self.netvm.name)
- self.netvm.start(verbose = verbose, start_guid = start_guid, notify_function = notify_function)
- self.storage.prepare_for_vm_startup(verbose=verbose)
- if verbose:
- print >> sys.stderr, "--> Loading the VM (type = {0})...".format(self.type)
- self._update_libvirt_domain()
- if mem_required is None:
- mem_required = int(self.memory) * 1024 * 1024
- if qmemman_present:
- qmemman_client = QMemmanClient()
- try:
- got_memory = qmemman_client.request_memory(mem_required)
- except IOError as e:
- raise IOError("ERROR: Failed to connect to qmemman: %s" % str(e))
- if not got_memory:
- qmemman_client.close()
- raise MemoryError ("ERROR: insufficient memory to start VM '%s'" % self.name)
- # Bind pci devices to pciback driver
- for pci in self.pcidevs:
- try:
- nd = vmm.libvirt_conn.nodeDeviceLookupByName('pci_0000_' + pci.replace(':','_').replace('.','_'))
- except libvirt.libvirtError as e:
- if e.err[0] == libvirt.VIR_ERR_NO_NODE_DEVICE:
- raise QubesException(
- "PCI device {} does not exist (domain {})".
- format(pci, self.name))
- else:
- raise
- try:
- nd.dettach()
- except libvirt.libvirtError as e:
- if e.err[0] == libvirt.VIR_ERR_INTERNAL_ERROR:
- # allready detached
- pass
- else:
- raise
- self.libvirt_domain.createWithFlags(libvirt.VIR_DOMAIN_START_PAUSED)
- if verbose:
- print >> sys.stderr, "--> Starting Qubes DB..."
- self.start_qubesdb()
- xid = self.xid
- self.log.debug('xid={}'.format(xid))
- if preparing_dvm:
- self.services['qubes-dvm'] = True
- if verbose:
- print >> sys.stderr, "--> Setting Qubes DB info for the VM..."
- self.create_qubesdb_entries()
- if verbose:
- print >> sys.stderr, "--> Updating firewall rules..."
- netvm = self.netvm
- while netvm is not None:
- if netvm.is_proxyvm() and netvm.is_running():
- netvm.write_iptables_qubesdb_entry()
- netvm = netvm.netvm
- # fire hooks
- for hook in self.hooks_start:
- hook(self, verbose = verbose, preparing_dvm = preparing_dvm,
- start_guid = start_guid, notify_function = notify_function)
- if verbose:
- print >> sys.stderr, "--> Starting the VM..."
- self.libvirt_domain.resume()
- # close() is not really needed, because the descriptor is close-on-exec
- # anyway, the reason to postpone close() is that possibly xl is not done
- # constructing the domain after its main process exits
- # so we close() when we know the domain is up
- # the successful unpause is some indicator of it
- if qmemman_present:
- qmemman_client.close()
- extra_guid_args = []
- if preparing_dvm:
- # Run GUI daemon in "invisible" mode, so applications started by
- # prerun script will not disturb the user
- extra_guid_args = ['-I']
- elif not os.path.exists('/var/run/shm.id'):
- # Start GUI daemon only when shmoverride is loaded; unless
- # preparing DispVM, where it isn't needed because of "invisible"
- # mode
- start_guid = False
- if start_guid:
- self.start_guid(verbose=verbose, notify_function=notify_function,
- before_qrexec=True, extra_guid_args=extra_guid_args)
- if not preparing_dvm:
- self.start_qrexec_daemon(verbose=verbose,notify_function=notify_function)
- if start_guid:
- self.start_guid(verbose=verbose, notify_function=notify_function,
- extra_guid_args=extra_guid_args)
- return xid
- def _cleanup_zombie_domains(self):
- """
- This function is workaround broken libxl (which leaves not fully
- created domain on failure) and vchan on domain crash behaviour
- @return: None
- """
- xc = self.get_xc_dominfo()
- if xc and xc['dying'] == 1:
- # GUID still running?
- guid_pidfile = '/var/run/qubes/guid-running.%d' % xc['domid']
- if os.path.exists(guid_pidfile):
- guid_pid = open(guid_pidfile).read().strip()
- os.kill(int(guid_pid), 15)
- # qrexec still running?
- if self.is_qrexec_running():
- #TODO: kill qrexec daemon
- pass
- def shutdown(self, force=False, xid = None):
- self.log.debug('shutdown()')
- if dry_run:
- return
- if not self.is_running():
- raise QubesException ("VM already stopped!")
- self.libvirt_domain.shutdown()
- def force_shutdown(self, xid = None):
- self.log.debug('force_shutdown()')
- if dry_run:
- return
- if not self.is_running() and not self.is_paused():
- raise QubesException ("VM already stopped!")
- self.libvirt_domain.destroy()
- self.refresh()
- def suspend(self):
- self.log.debug('suspend()')
- if dry_run:
- return
- if not self.is_running() and not self.is_paused() or \
- self.get_power_state() == "Suspended":
- raise QubesException ("VM not running!")
- if len (self.pcidevs) > 0:
- self.libvirt_domain.pMSuspendForDuration(
- libvirt.VIR_NODE_SUSPEND_TARGET_MEM, 0, 0)
- else:
- self.pause()
- def resume(self):
- self.log.debug('resume()')
- if dry_run:
- return
- if self.get_power_state() == "Suspended":
- self.libvirt_domain.pMWakeup()
- else:
- self.unpause()
- def pause(self):
- self.log.debug('pause()')
- if dry_run:
- return
- if not self.is_running():
- raise QubesException ("VM not running!")
- self.libvirt_domain.suspend()
- def unpause(self):
- self.log.debug('unpause()')
- if dry_run:
- return
- if not self.is_paused():
- raise QubesException ("VM not paused!")
- self.libvirt_domain.resume()
- def get_xml_attrs(self):
- attrs = {}
- attrs_config = self.get_attrs_config()
- for attr in attrs_config:
- attr_config = attrs_config[attr]
- if 'save' in attr_config:
- if 'save_skip' in attr_config:
- if callable(attr_config['save_skip']):
- if attr_config['save_skip']():
- continue
- elif eval(attr_config['save_skip']):
- continue
- if callable(attr_config['save']):
- value = attr_config['save']()
- else:
- value = eval(attr_config['save'])
- if 'save_attr' in attr_config:
- attrs[attr_config['save_attr']] = value
- else:
- attrs[attr] = value
- return attrs
- def create_xml_element(self):
- attrs = self.get_xml_attrs()
- element = lxml.etree.Element(
- # Compatibility hack (Qubes*VM in type vs Qubes*Vm in XML)...
- "Qubes" + self.type.replace("VM", "Vm"),
- **attrs)
- return element
- register_qubes_vm_class(QubesVm)
|
