Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
5209bc370d
core-admin/qubes/ext/core_features.py
Marek Marczykowski-Górecki ee442c754f
api/misc: integrate qubes.NotifyTools logic with qubes.FeaturesRequest 
Make qubes.NotifyTools reuse logic of qubes.FeaturesRequest, then move
actual request processing to 'features-request' event handler. At the
same time implement handling 'qrexec' and 'gui' features request -
allowing to set template features when wasn't already there.
Behavior change: template is no longer allowed to change feature value
(regardless of being True or False). This means the user will always be
able to override what template have set.
2017-06-12 12:22:39 +02:00

63 lines
2.6 KiB
Python
Raw Blame History

# -*- encoding: utf8 -*-
#
# The Qubes OS Project, http://www.qubes-os.org
#
# Copyright (C) 2017 Marek Marczykowski-Górecki
# <marmarek@invisiblethingslab.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, see <http://www.gnu.org/licenses/>.
import qubes.ext
class CoreFeatures(qubes.ext.Extension):
# pylint: disable=too-few-public-methods
@qubes.ext.handler('features-request')
def qubes_features_request(self, vm, event, untrusted_features):
'''Handle features provided by qubes-core-agent and qubes-gui-agent'''
# pylint: disable=no-self-use,unused-argument
if getattr(vm, 'template', None):
vm.log.warning(
'Ignoring qubes.NotifyTools for template-based VM')
return
# for now used only to check for the tools presence
if 'version' in untrusted_features:
# any suspicious string will raise exception here,
# but otherwise ignored
int(untrusted_features['version'])
requested_features = {}
for feature in ('qrexec', 'gui'):
untrusted_value = untrusted_features.get(feature, None)
if untrusted_value in ('1', '0'):
requested_features[feature] = bool(int(untrusted_value))
del untrusted_features
# default user for qvm-run etc
# starting with Qubes 4.x ignored
# qrexec agent presence (0 or 1)
# gui agent presence (0 or 1)
qrexec_before = vm.features.get('qrexec', False)
for feature in ('qrexec', 'gui'):
# do not allow (Template)VM to override setting if already set
# some other way
if feature in requested_features and feature not in vm.features:
vm.features[feature] = requested_features[feature]
if not qrexec_before and vm.features.get('qrexec', False):
# if this is the first time qrexec was advertised, now can finish
# template setup
vm.fire_event('template-postinstall')
Reference in New Issue View Git Blame Copy Permalink