Home Explore Help
Sign In
Qubes
/
core-admin
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: d5be1b32fa
Branches Tags
core-admin
/
core-modules
/
000QubesVm.py

000QubesVm.py 69 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872 
  1. #!/usr/bin/python2
    2. 

  2. # -*- coding: utf-8 -*-
    3. 

  3. #
    4. 

  4. # The Qubes OS Project, http://www.qubes-os.org
    5. 

  5. #
    6. 

  6. # Copyright (C) 2010  Joanna Rutkowska <joanna@invisiblethingslab.com>
    7. 

  7. # Copyright (C) 2013  Marek Marczykowski <marmarek@invisiblethingslab.com>
    8. 

  8. #
    9. 

  9. # This program is free software; you can redistribute it and/or
    10. 

  10. # modify it under the terms of the GNU General Public License
    11. 

  11. # as published by the Free Software Foundation; either version 2
    12. 

  12. # of the License, or (at your option) any later version.
    13. 

  13. #
    14. 

  14. # This program is distributed in the hope that it will be useful,
    15. 

  15. # but WITHOUT ANY WARRANTY; without even the implied warranty of
    16. 

  16. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    17. 

  17. # GNU General Public License for more details.
    18. 

  18. #
    19. 

  19. # You should have received a copy of the GNU General Public License
    20. 

  20. # along with this program; if not, write to the Free Software
    21. 

  21. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
    22. 

  22. #
    23. 

  23. #
    24. 

  24. 

  25. import datetime
    26. 

  26. import fcntl
    27. 

  27. import lxml.etree
    28. 

  28. import os
    29. 

  29. import os.path
    30. 

  30. import re
    31. 

  31. import shutil
    32. 

  32. import subprocess
    33. 

  33. import sys
    34. 

  34. import time
    35. 

  35. import uuid
    36. 

  36. import xml.parsers.expat
    37. 

  37. import xen.lowlevel.xc
    38. 

  38. from qubes import qmemman
    39. 

  39. from qubes import qmemman_algo
    40. 

  40. 

  41. from qubes.qubes import xs,dry_run,xc,xl_ctx
    42. 

  42. from qubes.qubes import register_qubes_vm_class
    43. 

  43. from qubes.qubes import QubesVmCollection,QubesException,QubesHost,QubesVmLabels
    44. 

  44. from qubes.qubes import defaults,system_path,vm_files,qubes_max_qid
    45. 

  45. from qubes.qmemman_client import QMemmanClient
    46. 

  46. 

  47. import qubes.qubesutils
    48. 

  48. 

  49. xid_to_name_cache = {}
    50. 

  50. 

  51. class QubesVm(object):
    52. 

  52.     """
    53. 

  53.     A representation of one Qubes VM
    54. 

  54.     Only persistent information are stored here, while all the runtime
    55. 

  55.     information, e.g. Xen dom id, etc, are to be retrieved via Xen API
    56. 

  56.     Note that qid is not the same as Xen's domid!
    57. 

  57.     """
    58. 

  58. 

  59.     # In which order load this VM type from qubes.xml
    60. 

  60.     load_order = 100
    61. 

  61. 

  62.     # hooks for plugins (modules) which want to influence existing classes,
    63. 

  63.     # without introducing new ones
    64. 

  64.     hooks_clone_disk_files = []
    65. 

  65.     hooks_create_on_disk = []
    66. 

  66.     hooks_create_xenstore_entries = []
    67. 

  67.     hooks_get_attrs_config = []
    68. 

  68.     hooks_get_clone_attrs = []
    69. 

  69.     hooks_get_config_params = []
    70. 

  70.     hooks_init = []
    71. 

  71.     hooks_label_setter = []
    72. 

  72.     hooks_netvm_setter = []
    73. 

  73.     hooks_post_rename = []
    74. 

  74.     hooks_pre_rename = []
    75. 

  75.     hooks_remove_from_disk = []
    76. 

  76.     hooks_start = []
    77. 

  77.     hooks_verify_files = []
    78. 

  78.     hooks_set_attr = []
    79. 

  79. 

  80.     def get_attrs_config(self):
    81. 

  81.         """ Object attributes for serialization/deserialization
    82. 

  82.             inner dict keys:
    83. 

  83.              - order: initialization order (to keep dependency intact)
    84. 

  84.                       attrs without order will be evaluated at the end
    85. 

  85.              - default: default value used when attr not given to object constructor
    86. 

  86.              - attr: set value to this attribute instead of parameter name
    87. 

  87.              - eval: (DEPRECATED) assign result of this expression instead of
    88. 

  88.                       value directly; local variable 'value' contains
    89. 

  89.                       attribute value (or default if it was not given)
    90. 

  90.              - func: callable used to parse the value retrieved from XML
    91. 

  91.              - save: use evaluation result as value for XML serialization; only attrs with 'save' key will be saved in XML
    92. 

  92.              - save_skip: if present and evaluates to true, attr will be omitted in XML
    93. 

  93.              - save_attr: save to this XML attribute instead of parameter name
    94. 

  94.              """
    95. 

  95. 

  96.         attrs = {
    97. 

  97.             # __qid cannot be accessed by setattr, so must be set manually in __init__
    98. 

  98.             "qid": { "attr": "_qid", "order": 0 },
    99. 

  99.             "name": { "order": 1 },
    100. 

  100.             "dir_path": { "default": None, "order": 2 },
    101. 

  101.             "conf_file": {
    102. 

  102.                 "func": lambda value: self.absolute_path(value, self.name +
    103. 

  103.                                                                  ".conf"),
    104. 

  104.                 "order": 3 },
    105. 

  105.             ### order >= 10: have base attrs set
    106. 

  106.             "root_img": {
    107. 

  107.                 "func": self._absolute_path_gen(vm_files["root_img"]),
    108. 

  108.                 "order": 10 },
    109. 

  109.             "private_img": {
    110. 

  110.                 "func": self._absolute_path_gen(vm_files["private_img"]),
    111. 

  111.                 "order": 10 },
    112. 

  112.             "volatile_img": {
    113. 

  113.                 "func": self._absolute_path_gen(vm_files["volatile_img"]),
    114. 

  114.                 "order": 10 },
    115. 

  115.             "firewall_conf": {
    116. 

  116.                 "func": self._absolute_path_gen(vm_files["firewall_conf"]),
    117. 

  117.                 "order": 10 },
    118. 

  118.             "installed_by_rpm": { "default": False, 'order': 10 },
    119. 

  119.             "template": { "default": None, "attr": '_template', 'order': 10 },
    120. 

  120.             ### order >= 20: have template set
    121. 

  121.             "uses_default_netvm": { "default": True, 'order': 20 },
    122. 

  122.             "netvm": { "default": None, "attr": "_netvm", 'order': 20 },
    123. 

  123.             "label": { "attr": "_label", "default": defaults["appvm_label"], 'order': 20,
    124. 

  124.                 'xml_deserialize': lambda _x: QubesVmLabels[_x] },
    125. 

  125.             "memory": { "default": defaults["memory"], 'order': 20 },
    126. 

  126.             "maxmem": { "default": None, 'order': 25 },
    127. 

  127.             "pcidevs": {
    128. 

  128.                 "default": '[]',
    129. 

  129.                 "order": 25,
    130. 

  130.                 "func": lambda value: [] if value in ["none", None]  else
    131. 

  131.                     eval(value) if value.find("[") >= 0 else
    132. 

  132.                     eval("[" + value + "]") },
    133. 

  133.             # Internal VM (not shown in qubes-manager, doesn't create appmenus entries
    134. 

  134.             "internal": { "default": False, 'attr': '_internal' },
    135. 

  135.             "vcpus": { "default": None },
    136. 

  136.             "uses_default_kernel": { "default": True, 'order': 30 },
    137. 

  137.             "uses_default_kernelopts": { "default": True, 'order': 30 },
    138. 

  138.             "kernel": {
    139. 

  139.                 "attr": "_kernel",
    140. 

  140.                 "default": None,
    141. 

  141.                 "order": 31,
    142. 

  142.                 "func": lambda value: self._collection.get_default_kernel() if
    143. 

  143.                   self.uses_default_kernel else value },
    144. 

  144.             "kernelopts": {
    145. 

  145.                 "default": "",
    146. 

  146.                 "order": 31,
    147. 

  147.                 "func": lambda value: value if not self.uses_default_kernelopts\
    148. 

  148.                     else defaults["kernelopts_pcidevs"] if len(self.pcidevs)>0 \
    149. 

  149.                     else defaults["kernelopts"] },
    150. 

  150.             "mac": { "attr": "_mac", "default": None },
    151. 

  151.             "include_in_backups": { "default": True },
    152. 

  152.             "services": {
    153. 

  153.                 "default": {},
    154. 

  154.                 "func": lambda value: eval(str(value)) },
    155. 

  155.             "debug": { "default": False },
    156. 

  156.             "default_user": { "default": "user" },
    157. 

  157.             "qrexec_timeout": { "default": 60 },
    158. 

  158.             "autostart": { "default": False, "attr": "_autostart" },
    159. 

  159.             "backup_content" : { 'default': False },
    160. 

  160.             "backup_size" : {
    161. 

  161.                 "default": 0,
    162. 

  162.                 "func": int },
    163. 

  163.             "backup_path" : { 'default': "" },
    164. 

  164.             "backup_timestamp": {
    165. 

  165.                 "func": lambda value:
    166. 

  166.                     datetime.datetime.fromtimestamp(int(value)) if value
    167. 

  167.                     else None },
    168. 

  168.             ##### Internal attributes - will be overriden in __init__ regardless of args
    169. 

  169.             "config_file_template": {
    170. 

  170.                 "func": lambda x: system_path["config_template_pv"] },
    171. 

  171.             "icon_path": {
    172. 

  172.                 "func": lambda x: os.path.join(self.dir_path, "icon.png") if
    173. 

  173.                                self.dir_path is not None else None },
    174. 

  174.             # used to suppress side effects of clone_attrs
    175. 

  175.             "_do_not_reset_firewall": { "func": lambda x: False },
    176. 

  176.             "kernels_dir": {
    177. 

  177.                 # for backward compatibility (or another rare case): kernel=None -> kernel in VM dir
    178. 

  178.                 "func": lambda x: \
    179. 

  179.                     os.path.join(system_path["qubes_kernels_base_dir"],
    180. 

  180.                                  self.kernel) if self.kernel is not None \
    181. 

  181.                         else os.path.join(self.dir_path,
    182. 

  182.                                           vm_files["kernels_subdir"]) },
    183. 

  183.             "_start_guid_first": { "func": lambda x: False },
    184. 

  184.             }
    185. 

  185. 

  186.         ### Mark attrs for XML inclusion
    187. 

  187.         # Simple string attrs
    188. 

  188.         for prop in ['qid', 'name', 'dir_path', 'memory', 'maxmem', 'pcidevs', 'vcpus', 'internal',\
    189. 

  189.             'uses_default_kernel', 'kernel', 'uses_default_kernelopts',\
    190. 

  190.             'kernelopts', 'services', 'installed_by_rpm',\
    191. 

  191.             'uses_default_netvm', 'include_in_backups', 'debug',\
    192. 

  192.             'default_user', 'qrexec_timeout', 'autostart',
    193. 

  193.             'default_user', 'qrexec_timeout',
    194. 

  194.             'backup_content', 'backup_size', 'backup_path' ]:
    195. 

  195.             attrs[prop]['save'] = lambda prop=prop: str(getattr(self, prop))
    196. 

  196.         # Simple paths
    197. 

  197.         for prop in ['conf_file', 'root_img', 'volatile_img', 'private_img']:
    198. 

  198.             attrs[prop]['save'] = \
    199. 

  199.                 lambda prop=prop: self.relative_path(getattr(self, prop))
    200. 

  200.             attrs[prop]['save_skip'] = \
    201. 

  201.                 lambda prop=prop: getattr(self, prop) is None
    202. 

  202. 

  203.         attrs['mac']['save'] = lambda: str(self._mac)
    204. 

  204.         attrs['mac']['save_skip'] = lambda: self._mac is None
    205. 

  205. 

  206.         attrs['backup_timestamp']['save'] = \
    207. 

  207.             lambda: self.backup_timestamp.strftime("%s")
    208. 

  208.         attrs['backup_timestamp']['save_skip'] = \
    209. 

  209.             lambda: self.backup_timestamp is None
    210. 

  210. 

  211.         attrs['netvm']['save'] = \
    212. 

  212.             lambda: str(self.netvm.qid) if self.netvm is not None else "none"
    213. 

  213.         attrs['netvm']['save_attr'] = "netvm_qid"
    214. 

  214.         attrs['template']['save'] = \
    215. 

  215.             lambda: str(self.template.qid) if self.template else "none"
    216. 

  216.         attrs['template']['save_attr'] = "template_qid"
    217. 

  217.         attrs['label']['save'] = lambda: self.label.name
    218. 

  218. 

  219.         # fire hooks
    220. 

  220.         for hook in self.hooks_get_attrs_config:
    221. 

  221.             attrs = hook(self, attrs)
    222. 

  222.         return attrs
    223. 

  223. 

  224.     def post_set_attr(self, attr, newvalue, oldvalue):
    225. 

  225.         for hook in self.hooks_set_attr:
    226. 

  226.             hook(self, attr, newvalue, oldvalue)
    227. 

  227. 

  228.     def __basic_parse_xml_attr(self, value):
    229. 

  229.         if value is None:
    230. 

  230.             return None
    231. 

  231.         if value.lower() == "none":
    232. 

  232.             return None
    233. 

  233.         if value.lower() == "true":
    234. 

  234.             return True
    235. 

  235.         if value.lower() == "false":
    236. 

  236.             return False
    237. 

  237.         if value.isdigit():
    238. 

  238.             return int(value)
    239. 

  239.         return value
    240. 

  240. 

  241.     def __init__(self, **kwargs):
    242. 

  242. 

  243.         self._collection = None
    244. 

  244.         if 'collection' in kwargs:
    245. 

  245.             self._collection = kwargs['collection']
    246. 

  246.         else:
    247. 

  247.             raise ValueError("No collection given to QubesVM constructor")
    248. 

  248. 

  249.         # Special case for template b/c it is given in "template_qid" property
    250. 

  250.         if "xml_element" in kwargs and kwargs["xml_element"].get("template_qid"):
    251. 

  251.             template_qid = kwargs["xml_element"].get("template_qid")
    252. 

  252.             if template_qid.lower() != "none":
    253. 

  253.                 if int(template_qid) in self._collection:
    254. 

  254.                     kwargs["template"] = self._collection[int(template_qid)]
    255. 

  255.                 else:
    256. 

  256.                     raise ValueError("Unknown template with QID %s" % template_qid)
    257. 

  257.         attrs = self.get_attrs_config()
    258. 

  258.         for attr_name in sorted(attrs, key=lambda _x: attrs[_x]['order'] if 'order' in attrs[_x] else 1000):
    259. 

  259.             attr_config = attrs[attr_name]
    260. 

  260.             attr = attr_name
    261. 

  261.             if 'attr' in attr_config:
    262. 

  262.                 attr = attr_config['attr']
    263. 

  263.             value = None
    264. 

  264.             if attr_name in kwargs:
    265. 

  265.                 value = kwargs[attr_name]
    266. 

  266.             elif 'xml_element' in kwargs and kwargs['xml_element'].get(attr_name) is not None:
    267. 

  267.                 if 'xml_deserialize' in attr_config and callable(attr_config['xml_deserialize']):
    268. 

  268.                     value = attr_config['xml_deserialize'](kwargs['xml_element'].get(attr_name))
    269. 

  269.                 else:
    270. 

  270.                     value = self.__basic_parse_xml_attr(kwargs['xml_element'].get(attr_name))
    271. 

  271.             else:
    272. 

  272.                 if 'default' in attr_config:
    273. 

  273.                     value = attr_config['default']
    274. 

  274.             if 'func' in attr_config:
    275. 

  275.                 setattr(self, attr, attr_config['func'](value))
    276. 

  276.             elif 'eval' in attr_config:
    277. 

  277.                 setattr(self, attr, eval(attr_config['eval']))
    278. 

  278.             else:
    279. 

  279.                 #print "setting %s to %s" % (attr, value)
    280. 

  280.                 setattr(self, attr, value)
    281. 

  281. 

  282.         #Init private attrs
    283. 

  283.         self.__qid = self._qid
    284. 

  284. 

  285.         assert self.__qid < qubes_max_qid, "VM id out of bounds!"
    286. 

  286.         assert self.name is not None
    287. 

  287. 

  288.         if not self.verify_name(self.name):
    289. 

  289.             raise QubesException("Invalid VM name (invalid characters, "
    290. 

  290.                                  "or one of 'none', 'true', 'false')")
    291. 

  291. 

  292.         if self.netvm is not None:
    293. 

  293.             self.netvm.connected_vms[self.qid] = self
    294. 

  294. 

  295.         # Not in generic way to not create QubesHost() to frequently
    296. 

  296.         if self.maxmem is None:
    297. 

  297.             qubes_host = QubesHost()
    298. 

  298.             total_mem_mb = qubes_host.memory_total/1024
    299. 

  299.             self.maxmem = total_mem_mb/2
    300. 

  300. 

  301.         # By default allow use all VCPUs
    302. 

  302.         if self.vcpus is None:
    303. 

  303.             qubes_host = QubesHost()
    304. 

  304.             self.vcpus = qubes_host.no_cpus
    305. 

  305. 

  306.         # Always set if meminfo-writer should be active or not
    307. 

  307.         if 'meminfo-writer' not in self.services:
    308. 

  308.             self.services['meminfo-writer'] = not (len(self.pcidevs) > 0)
    309. 

  309. 

  310.         # Additionally force meminfo-writer disabled when VM have PCI devices
    311. 

  311.         if len(self.pcidevs) > 0:
    312. 

  312.             self.services['meminfo-writer'] = False
    313. 

  313. 

  314.         # Some additional checks for template based VM
    315. 

  315.         if self.template is not None:
    316. 

  316.             if not self.template.is_template():
    317. 

  317.                 print >> sys.stderr, "ERROR: template_qid={0} doesn't point to a valid TemplateVM".\
    318. 

  318.                     format(self.template.qid)
    319. 

  319.                 return False
    320. 

  320.             self.template.appvms[self.qid] = self
    321. 

  321.         else:
    322. 

  322.             assert self.root_img is not None, "Missing root_img for standalone VM!"
    323. 

  323. 

  324.         self.xid = -1
    325. 

  325.         self.xid = self.get_xid()
    326. 

  326. 

  327.         # fire hooks
    328. 

  328.         for hook in self.hooks_init:
    329. 

  329.             hook(self)
    330. 

  330. 

  331.     def absolute_path(self, arg, default):
    332. 

  332.         if arg is not None and os.path.isabs(arg):
    333. 

  333.             return arg
    334. 

  334.         else:
    335. 

  335.             return os.path.join(self.dir_path, (arg if arg is not None else default))
    336. 

  336. 

  337.     def _absolute_path_gen(self, default):
    338. 

  338.         return lambda value: self.absolute_path(value, default)
    339. 

  339. 

  340.     def relative_path(self, arg):
    341. 

  341.         return arg.replace(self.dir_path + '/', '')
    342. 

  342. 

  343.     @property
    344. 

  344.     def qid(self):
    345. 

  345.         return self.__qid
    346. 

  346. 

  347.     @property
    348. 

  348.     def label(self):
    349. 

  349.         return self._label
    350. 

  350. 

  351.     @label.setter
    352. 

  352.     def label(self, new_label):
    353. 

  353.         self._label = new_label
    354. 

  354.         if self.icon_path:
    355. 

  355.             try:
    356. 

  356.                 os.remove(self.icon_path)
    357. 

  357.             except:
    358. 

  358.                 pass
    359. 

  359.             os.symlink (new_label.icon_path, self.icon_path)
    360. 

  360.             subprocess.call(['sudo', 'xdg-icon-resource', 'forceupdate'])
    361. 

  361. 

  362.         # fire hooks
    363. 

  363.         for hook in self.hooks_label_setter:
    364. 

  364.             hook(self, new_label)
    365. 

  365. 

  366.     @property
    367. 

  367.     def netvm(self):
    368. 

  368.         return self._netvm
    369. 

  369. 

  370.     # Don't know how properly call setter from base class, so workaround it...
    371. 

  371.     @netvm.setter
    372. 

  372.     def netvm(self, new_netvm):
    373. 

  373.         self._set_netvm(new_netvm)
    374. 

  374.         # fire hooks
    375. 

  375.         for hook in self.hooks_netvm_setter:
    376. 

  376.             hook(self, new_netvm)
    377. 

  377. 

  378.     def _set_netvm(self, new_netvm):
    379. 

  379.         if self.is_running() and new_netvm is not None and not new_netvm.is_running():
    380. 

  380.             raise QubesException("Cannot dynamically attach to stopped NetVM")
    381. 

  381.         if self.netvm is not None:
    382. 

  382.             self.netvm.connected_vms.pop(self.qid)
    383. 

  383.             if self.is_running():
    384. 

  384.                 subprocess.call(["xl", "network-detach", self.name, "0"], stderr=subprocess.PIPE)
    385. 

  385.                 if hasattr(self.netvm, 'post_vm_net_detach'):
    386. 

  386.                     self.netvm.post_vm_net_detach(self)
    387. 

  387. 

  388.         if new_netvm is None:
    389. 

  389.             if not self._do_not_reset_firewall:
    390. 

  390.                 # Set also firewall to block all traffic as discussed in #370
    391. 

  391.                 if os.path.exists(self.firewall_conf):
    392. 

  392.                     shutil.copy(self.firewall_conf, os.path.join(system_path["qubes_base_dir"],
    393. 

  393.                                 "backup", "%s-firewall-%s.xml" % (self.name,
    394. 

  394.                                 time.strftime('%Y-%m-%d-%H:%M:%S'))))
    395. 

  395.                 self.write_firewall_conf({'allow': False, 'allowDns': False,
    396. 

  396.                         'allowIcmp': False, 'allowYumProxy': False, 'rules': []})
    397. 

  397.         else:
    398. 

  398.             new_netvm.connected_vms[self.qid]=self
    399. 

  399. 

  400.         self._netvm = new_netvm
    401. 

  401. 

  402.         if new_netvm is None:
    403. 

  403.             return
    404. 

  404. 

  405.         if self.is_running():
    406. 

  406.             # refresh IP, DNS etc
    407. 

  407.             self.create_xenstore_entries()
    408. 

  408.             self.attach_network()
    409. 

  409.             if hasattr(self.netvm, 'post_vm_net_attach'):
    410. 

  410.                 self.netvm.post_vm_net_attach(self)
    411. 

  411. 

  412.     @property
    413. 

  413.     def ip(self):
    414. 

  414.         if self.netvm is not None:
    415. 

  415.             return self.netvm.get_ip_for_vm(self.qid)
    416. 

  416.         else:
    417. 

  417.             return None
    418. 

  418. 

  419.     @property
    420. 

  420.     def netmask(self):
    421. 

  421.         if self.netvm is not None:
    422. 

  422.             return self.netvm.netmask
    423. 

  423.         else:
    424. 

  424.             return None
    425. 

  425. 

  426.     @property
    427. 

  427.     def gateway(self):
    428. 

  428.         # This is gateway IP for _other_ VMs, so make sense only in NetVMs
    429. 

  429.         return None
    430. 

  430. 

  431.     @property
    432. 

  432.     def secondary_dns(self):
    433. 

  433.         if self.netvm is not None:
    434. 

  434.             return self.netvm.secondary_dns
    435. 

  435.         else:
    436. 

  436.             return None
    437. 

  437. 

  438.     @property
    439. 

  439.     def vif(self):
    440. 

  440.         if self.xid < 0:
    441. 

  441.             return None
    442. 

  442.         if self.netvm is None:
    443. 

  443.             return None
    444. 

  444.         return "vif{0}.+".format(self.xid)
    445. 

  445. 

  446.     @property
    447. 

  447.     def mac(self):
    448. 

  448.         if self._mac is not None:
    449. 

  449.             return self._mac
    450. 

  450.         else:
    451. 

  451.             return "00:16:3E:5E:6C:{qid:02X}".format(qid=self.qid)
    452. 

  452. 

  453.     @mac.setter
    454. 

  454.     def mac(self, new_mac):
    455. 

  455.         self._mac = new_mac
    456. 

  456. 

  457.     @property
    458. 

  458.     def kernel(self):
    459. 

  459.         return self._kernel
    460. 

  460. 

  461.     @kernel.setter
    462. 

  462.     def kernel(self, new_value):
    463. 

  463.         if new_value is not None:
    464. 

  464.             if not os.path.exists(os.path.join(system_path[
    465. 

  465.                 'qubes_kernels_base_dir'], new_value)):
    466. 

  466.                 raise QubesException("Kernel '%s' not installed" % new_value)
    467. 

  467.             for f in ('vmlinuz', 'modules.img'):
    468. 

  468.                 if not os.path.exists(os.path.join(
    469. 

  469.                         system_path['qubes_kernels_base_dir'], new_value, f)):
    470. 

  470.                     raise QubesException(
    471. 

  471.                         "Kernel '%s' not properly installed: missing %s "
    472. 

  472.                         "file" % (new_value, f))
    473. 

  473.         self._kernel = new_value
    474. 

  474. 

  475.     @property
    476. 

  476.     def updateable(self):
    477. 

  477.         return self.template is None
    478. 

  478. 

  479.     # Leaved for compatibility
    480. 

  480.     def is_updateable(self):
    481. 

  481.         return self.updateable
    482. 

  482. 

  483.     def is_networked(self):
    484. 

  484.         if self.is_netvm():
    485. 

  485.             return True
    486. 

  486. 

  487.         if self.netvm is not None:
    488. 

  488.             return True
    489. 

  489.         else:
    490. 

  490.             return False
    491. 

  491. 

  492.     def verify_name(self, name):
    493. 

  493.         if not isinstance(self.__basic_parse_xml_attr(name), str):
    494. 

  494.             return False
    495. 

  495.         return re.match(r"^[a-zA-Z][a-zA-Z0-9_-]*$", name) is not None
    496. 

  496. 

  497.     def pre_rename(self, new_name):
    498. 

  498.         # fire hooks
    499. 

  499.         for hook in self.hooks_pre_rename:
    500. 

  500.             hook(self, new_name)
    501. 

  501. 

  502.     def set_name(self, name):
    503. 

  503.         if self.is_running():
    504. 

  504.             raise QubesException("Cannot change name of running VM!")
    505. 

  505. 

  506.         if not self.verify_name(name):
    507. 

  507.             raise QubesException("Invalid characters in VM name")
    508. 

  508. 

  509.         self.pre_rename(name)
    510. 

  510. 

  511.         new_conf = os.path.join(self.dir_path, name + '.conf')
    512. 

  512.         if os.path.exists(self.conf_file):
    513. 

  513.             os.rename(self.conf_file, new_conf)
    514. 

  514.         old_dirpath = self.dir_path
    515. 

  515.         new_dirpath = os.path.join(os.path.dirname(self.dir_path), name)
    516. 

  516.         os.rename(old_dirpath, new_dirpath)
    517. 

  517.         self.dir_path = new_dirpath
    518. 

  518.         old_name = self.name
    519. 

  519.         self.name = name
    520. 

  520.         if self.private_img is not None:
    521. 

  521.             self.private_img = self.private_img.replace(old_dirpath, new_dirpath)
    522. 

  522.         if self.root_img is not None:
    523. 

  523.             self.root_img = self.root_img.replace(old_dirpath, new_dirpath)
    524. 

  524.         if self.volatile_img is not None:
    525. 

  525.             self.volatile_img = self.volatile_img.replace(old_dirpath, new_dirpath)
    526. 

  526.         if self.conf_file is not None:
    527. 

  527.             self.conf_file = new_conf.replace(old_dirpath, new_dirpath)
    528. 

  528.         if self.icon_path is not None:
    529. 

  529.             self.icon_path = self.icon_path.replace(old_dirpath, new_dirpath)
    530. 

  530.         if hasattr(self, 'kernels_dir') and self.kernels_dir is not None:
    531. 

  531.             self.kernels_dir = self.kernels_dir.replace(old_dirpath, new_dirpath)
    532. 

  532. 

  533.         self.post_rename(old_name)
    534. 

  534. 

  535.     def post_rename(self, old_name):
    536. 

  536.         # fire hooks
    537. 

  537.         for hook in self.hooks_post_rename:
    538. 

  538.             hook(self, old_name)
    539. 

  539. 

  540.     @property
    541. 

  541.     def internal(self):
    542. 

  542.         return self._internal
    543. 

  543. 

  544.     @internal.setter
    545. 

  545.     def internal(self, value):
    546. 

  546.         oldvalue = self._internal
    547. 

  547.         self._internal = value
    548. 

  548.         self.post_set_attr('internal', value, oldvalue)
    549. 

  549. 

  550.     @property
    551. 

  551.     def autostart(self):
    552. 

  552.         return self._autostart
    553. 

  553. 

  554.     @autostart.setter
    555. 

  555.     def autostart(self, value):
    556. 

  556.         if value:
    557. 

  557.             retcode = subprocess.call(["sudo", "systemctl", "enable", "qubes-vm@%s.service" % self.name])
    558. 

  558.         else:
    559. 

  559.             retcode = subprocess.call(["sudo", "systemctl", "disable", "qubes-vm@%s.service" % self.name])
    560. 

  560.         if retcode != 0:
    561. 

  561.             raise QubesException("Failed to set autostart for VM via systemctl")
    562. 

  562.         self._autostart = bool(value)
    563. 

  563. 

  564.     @classmethod
    565. 

  565.     def is_template_compatible(cls, template):
    566. 

  566.         """Check if given VM can be a template for this VM"""
    567. 

  567.         # FIXME: check if the value is instance of QubesTemplateVM, not the VM
    568. 

  568.         # type. The problem is while this file is loaded, QubesTemplateVM is
    569. 

  569.         # not defined yet.
    570. 

  570.         if template and (not template.is_template() or template.type != "TemplateVM"):
    571. 

  571.             return False
    572. 

  572.         return True
    573. 

  573. 

  574.     @property
    575. 

  575.     def template(self):
    576. 

  576.         return self._template
    577. 

  577. 

  578.     @template.setter
    579. 

  579.     def template(self, value):
    580. 

  580.         if self._template is None and value is not None:
    581. 

  581.             raise QubesException("Cannot set template for standalone VM")
    582. 

  582.         if value and not self.is_template_compatible(value):
    583. 

  583.             raise QubesException("Incompatible template type %s with VM of type %s" % (value.type, self.type))
    584. 

  584.         self._template = value
    585. 

  585. 

  586.     def is_template(self):
    587. 

  587.         return False
    588. 

  588. 

  589.     def is_appvm(self):
    590. 

  590.         return False
    591. 

  591. 

  592.     def is_netvm(self):
    593. 

  593.         return False
    594. 

  594. 

  595.     def is_proxyvm(self):
    596. 

  596.         return False
    597. 

  597. 

  598.     def is_disposablevm(self):
    599. 

  599.         return False
    600. 

  600. 

  601.     def _xid_to_name(self, xid):
    602. 

  602.         if xid in xid_to_name_cache:
    603. 

  603.             return xid_to_name_cache[xid]
    604. 

  604.         else:
    605. 

  605.             domname = xl_ctx.domid_to_name(xid)
    606. 

  606.             if domname:
    607. 

  607.                 xid_to_name_cache[xid] = domname
    608. 

  608.             return domname
    609. 

  609. 

  610.     def get_xl_dominfo(self):
    611. 

  611.         if dry_run:
    612. 

  612.             return
    613. 

  613. 

  614.         start_xid = self.xid
    615. 

  615. 

  616.         domains = xl_ctx.list_domains()
    617. 

  617.         for dominfo in domains:
    618. 

  618.             if dominfo.domid == start_xid:
    619. 

  619.                 return dominfo
    620. 

  620.             elif dominfo.domid < start_xid:
    621. 

  621.                 # the current XID can't lower than one noticed earlier, if VM
    622. 

  622.                 # was restarted in the meantime, the next XID will greater
    623. 

  623.                 continue
    624. 

  624.             domname = self._xid_to_name(dominfo.domid)
    625. 

  625.             if domname == self.name:
    626. 

  626.                 self.xid = dominfo.domid
    627. 

  627.                 return dominfo
    628. 

  628.         return None
    629. 

  629. 

  630.     def get_xc_dominfo(self, name = None):
    631. 

  631.         if dry_run:
    632. 

  632.             return
    633. 

  633. 

  634.         if name is None:
    635. 

  635.             name = self.name
    636. 

  636. 

  637.         start_xid = self.xid
    638. 

  638.         if start_xid < 0:
    639. 

  639.             start_xid = 0
    640. 

  640.         try:
    641. 

  641.             domains = xc.domain_getinfo(start_xid, qubes_max_qid)
    642. 

  642.         except xen.lowlevel.xc.Error:
    643. 

  643.             return None
    644. 

  644. 

  645.         # If previous XID is still valid, this is the right domain - XID can't
    646. 

  646.         # be reused for another domain until system reboot
    647. 

  647.         if start_xid > 0 and domains[0]['domid'] == start_xid:
    648. 

  648.             return domains[0]
    649. 

  649. 

  650.         for dominfo in domains:
    651. 

  651.             domname = self._xid_to_name(dominfo['domid'])
    652. 

  652.             if domname == name:
    653. 

  653.                 return dominfo
    654. 

  654.         return None
    655. 

  655. 

  656.     def get_xid(self):
    657. 

  657.         if dry_run:
    658. 

  658.             return 666
    659. 

  659. 

  660.         dominfo = self.get_xc_dominfo()
    661. 

  661.         if dominfo:
    662. 

  662.             self.xid = dominfo['domid']
    663. 

  663.             return self.xid
    664. 

  664.         else:
    665. 

  665.             return -1
    666. 

  666. 

  667.     def get_uuid(self):
    668. 

  668. 

  669.         dominfo = self.get_xl_dominfo()
    670. 

  670.         if dominfo:
    671. 

  671.             vmuuid = uuid.UUID(''.join('%02x' % b for b in dominfo.uuid))
    672. 

  672.             return vmuuid
    673. 

  673.         else:
    674. 

  674.             return None
    675. 

  675. 

  676.     def get_mem(self):
    677. 

  677.         if dry_run:
    678. 

  678.             return 666
    679. 

  679. 

  680.         dominfo = self.get_xc_dominfo()
    681. 

  681.         if dominfo:
    682. 

  682.             return dominfo['mem_kb']
    683. 

  683.         else:
    684. 

  684.             return 0
    685. 

  685. 

  686.     def get_mem_static_max(self):
    687. 

  687.         if dry_run:
    688. 

  688.             return 666
    689. 

  689. 

  690.         dominfo = self.get_xc_dominfo()
    691. 

  691.         if dominfo:
    692. 

  692.             return dominfo['maxmem_kb']
    693. 

  693.         else:
    694. 

  694.             return 0
    695. 

  695. 

  696.     def get_prefmem(self):
    697. 

  697.         untrusted_meminfo_key = xs.read('', '/local/domain/%s/memory/meminfo'
    698. 

  698.                                             % self.xid)
    699. 

  699.         if untrusted_meminfo_key is None or untrusted_meminfo_key == '':
    700. 

  700.             return 0
    701. 

  701.         domain = qmemman.DomainState(self.xid)
    702. 

  702.         qmemman_algo.refresh_meminfo_for_domain(domain, untrusted_meminfo_key)
    703. 

  703.         domain.memory_maximum = self.get_mem_static_max()*1024
    704. 

  704.         return qmemman_algo.prefmem(domain)/1024
    705. 

  705. 

  706.     def get_per_cpu_time(self):
    707. 

  707.         if dry_run:
    708. 

  708.             import random
    709. 

  709.             return random.random() * 100
    710. 

  710. 

  711.         dominfo = self.get_xc_dominfo()
    712. 

  712.         if dominfo:
    713. 

  713.             return dominfo['cpu_time']/dominfo['online_vcpus']
    714. 

  714.         else:
    715. 

  715.             return 0
    716. 

  716. 

  717.     def get_disk_utilization_root_img(self):
    718. 

  718.         return qubes.qubesutils.get_disk_usage(self.root_img)
    719. 

  719. 

  720.     def get_root_img_sz(self):
    721. 

  721.         if not os.path.exists(self.root_img):
    722. 

  722.             return 0
    723. 

  723. 

  724.         return os.path.getsize(self.root_img)
    725. 

  725. 

  726.     def get_power_state(self):
    727. 

  727.         if dry_run:
    728. 

  728.             return "NA"
    729. 

  729. 

  730.         dominfo = self.get_xc_dominfo()
    731. 

  731.         if dominfo:
    732. 

  732.             if dominfo['paused']:
    733. 

  733.                 return "Paused"
    734. 

  734.             elif dominfo['crashed']:
    735. 

  735.                 return "Crashed"
    736. 

  736.             elif dominfo['shutdown']:
    737. 

  737.                 if dominfo['shutdown_reason'] == 2:
    738. 

  738.                     return "Suspended"
    739. 

  739.                 else:
    740. 

  740.                     return "Halting"
    741. 

  741.             elif dominfo['dying']:
    742. 

  742.                 return "Dying"
    743. 

  743.             else:
    744. 

  744.                 if not self.is_fully_usable():
    745. 

  745.                     return "Transient"
    746. 

  746.                 else:
    747. 

  747.                     return "Running"
    748. 

  748.         else:
    749. 

  749.             return 'Halted'
    750. 

  750. 

  751.         return "NA"
    752. 

  752. 

  753.     def is_guid_running(self):
    754. 

  754.         xid = self.get_xid()
    755. 

  755.         if xid < 0:
    756. 

  756.             return False
    757. 

  757.         if not os.path.exists('/var/run/qubes/guid-running.%d' % xid):
    758. 

  758.             return False
    759. 

  759.         return True
    760. 

  760. 

  761.     def is_qrexec_running(self):
    762. 

  762.         if self.xid < 0:
    763. 

  763.             return False
    764. 

  764.         return os.path.exists('/var/run/qubes/qrexec.%s' % self.name)
    765. 

  765. 

  766.     def is_fully_usable(self):
    767. 

  767.         # Running gui-daemon implies also VM running
    768. 

  768.         if not self.is_guid_running():
    769. 

  769.             return False
    770. 

  770.         if not self.is_qrexec_running():
    771. 

  771.             return False
    772. 

  772.         return True
    773. 

  773. 

  774.     def is_running(self):
    775. 

  775.         # in terms of Xen and internal logic - starting VM is running
    776. 

  776.         if self.get_power_state() in ["Running", "Transient", "Halting"]:
    777. 

  777.             return True
    778. 

  778.         else:
    779. 

  779.             return False
    780. 

  780. 

  781.     def is_paused(self):
    782. 

  782.         if self.get_power_state() == "Paused":
    783. 

  783.             return True
    784. 

  784.         else:
    785. 

  785.             return False
    786. 

  786. 

  787.     def get_start_time(self):
    788. 

  788.         if not self.is_running():
    789. 

  789.             return None
    790. 

  790. 

  791.         dominfo = self.get_xl_dominfo()
    792. 

  792. 

  793.         uuid = self.get_uuid()
    794. 

  794. 

  795.         start_time = xs.read('', "/vm/%s/start_time" % str(uuid))
    796. 

  796.         if start_time != '':
    797. 

  797.             return datetime.datetime.fromtimestamp(float(start_time))
    798. 

  798.         else:
    799. 

  799.             return None
    800. 

  800. 

  801.     def is_outdated(self):
    802. 

  802.         # Makes sense only on VM based on template
    803. 

  803.         if self.template is None:
    804. 

  804.             return False
    805. 

  805. 

  806.         if not self.is_running():
    807. 

  807.             return False
    808. 

  808. 

  809.         if not hasattr(self.template, 'rootcow_img'):
    810. 

  810.             return False
    811. 

  811. 

  812.         rootimg_inode = os.stat(self.template.root_img)
    813. 

  813.         try:
    814. 

  814.             rootcow_inode = os.stat(self.template.rootcow_img)
    815. 

  815.         except OSError:
    816. 

  816.             # The only case when rootcow_img doesn't exists is in the middle of
    817. 

  817.             # commit_changes, so VM is outdated right now
    818. 

  818.             return True
    819. 

  819. 

  820.         current_dmdev = "/dev/mapper/snapshot-{0:x}:{1}-{2:x}:{3}".format(
    821. 

  821.                 rootimg_inode[2], rootimg_inode[1],
    822. 

  822.                 rootcow_inode[2], rootcow_inode[1])
    823. 

  823. 

  824.         # 51712 (0xCA00) is xvda
    825. 

  825.         #  backend node name not available through xenapi :(
    826. 

  826.         used_dmdev = xs.read('', "/local/domain/0/backend/vbd/{0}/51712/node".format(self.get_xid()))
    827. 

  827. 

  828.         return used_dmdev != current_dmdev
    829. 

  829. 

  830.     def get_disk_utilization(self):
    831. 

  831.         return qubes.qubesutils.get_disk_usage(self.dir_path)
    832. 

  832. 

  833.     def get_disk_utilization_private_img(self):
    834. 

  834.         return qubes.qubesutils.get_disk_usage(self.private_img)
    835. 

  835. 

  836.     def get_private_img_sz(self):
    837. 

  837.         if not os.path.exists(self.private_img):
    838. 

  838.             return 0
    839. 

  839. 

  840.         return os.path.getsize(self.private_img)
    841. 

  841. 

  842.     def resize_private_img(self, size):
    843. 

  843.         assert size >= self.get_private_img_sz(), "Cannot shrink private.img"
    844. 

  844. 

  845.         f_private = open (self.private_img, "a+b")
    846. 

  846.         f_private.truncate (size)
    847. 

  847.         f_private.close ()
    848. 

  848. 

  849.         retcode = 0
    850. 

  850.         if self.is_running():
    851. 

  851.             # find loop device
    852. 

  852.             p = subprocess.Popen (["sudo", "losetup", "--associated", self.private_img],
    853. 

  853.                     stdout=subprocess.PIPE)
    854. 

  854.             result = p.communicate()
    855. 

  855.             m = re.match(r"^(/dev/loop\d+):\s", result[0])
    856. 

  856.             if m is None:
    857. 

  857.                 raise QubesException("ERROR: Cannot find loop device!")
    858. 

  858. 

  859.             loop_dev = m.group(1)
    860. 

  860. 

  861.             # resize loop device
    862. 

  862.             subprocess.check_call(["sudo", "losetup", "--set-capacity", loop_dev])
    863. 

  863. 

  864.             retcode = self.run("while [ \"`blockdev --getsize64 /dev/xvdb`\" -lt {0} ]; do ".format(size) +
    865. 

  865.                 "head /dev/xvdb > /dev/null; sleep 0.2; done; resize2fs /dev/xvdb", user="root", wait=True)
    866. 

  866.         if retcode != 0:
    867. 

  867.             raise QubesException("resize2fs failed")
    868. 

  868. 

  869. 

  870. 

  871.     # FIXME: should be outside of QubesVM?
    872. 

  872.     def get_timezone(self):
    873. 

  873.         # fc18
    874. 

  874.         if os.path.islink('/etc/localtime'):
    875. 

  875.             return '/'.join(os.readlink('/etc/localtime').split('/')[-2:])
    876. 

  876.         # <=fc17
    877. 

  877.         elif os.path.exists('/etc/sysconfig/clock'):
    878. 

  878.             clock_config = open('/etc/sysconfig/clock', "r")
    879. 

  879.             clock_config_lines = clock_config.readlines()
    880. 

  880.             clock_config.close()
    881. 

  881.             zone_re = re.compile(r'^ZONE="(.*)"')
    882. 

  882.             for line in clock_config_lines:
    883. 

  883.                 line_match = zone_re.match(line)
    884. 

  884.                 if line_match:
    885. 

  885.                     return line_match.group(1)
    886. 

  886.         else:
    887. 

  887.             # last resort way, some applications makes /etc/localtime
    888. 

  888.             # hardlink instead of symlink...
    889. 

  889.             tz_info = os.stat('/etc/localtime')
    890. 

  890.             if not tz_info:
    891. 

  891.                 return None
    892. 

  892.             if tz_info.st_nlink > 1:
    893. 

  893.                 p = subprocess.Popen(['find', '/usr/share/zoneinfo',
    894. 

  894.                                        '-inum', str(tz_info.st_ino)],
    895. 

  895.                                       stdout=subprocess.PIPE)
    896. 

  896.                 tz_path = p.communicate()[0].strip()
    897. 

  897.                 return tz_path.replace('/usr/share/zoneinfo/', '')
    898. 

  898.         return None
    899. 

  899. 

  900.     def cleanup_vifs(self):
    901. 

  901.         """
    902. 

  902.         Xend does not remove vif when backend domain is down, so we must do it
    903. 

  903.         manually
    904. 

  904.         """
    905. 

  905. 

  906.         if not self.is_running():
    907. 

  907.             return
    908. 

  908. 

  909.         dev_basepath = '/local/domain/%d/device/vif' % self.xid
    910. 

  910.         for dev in xs.ls('', dev_basepath):
    911. 

  911.             # check if backend domain is alive
    912. 

  912.             backend_xid = int(xs.read('', '%s/%s/backend-id' % (dev_basepath, dev)))
    913. 

  913.             if xl_ctx.domid_to_name(backend_xid) is not None:
    914. 

  914.                 # check if device is still active
    915. 

  915.                 if xs.read('', '%s/%s/state' % (dev_basepath, dev)) == '4':
    916. 

  916.                     continue
    917. 

  917.             # remove dead device
    918. 

  918.             xs.rm('', '%s/%s' % (dev_basepath, dev))
    919. 

  919. 

  920.     def create_xenstore_entries(self, xid = None):
    921. 

  921.         if dry_run:
    922. 

  922.             return
    923. 

  923. 

  924.         if xid is None:
    925. 

  925.             xid = self.xid
    926. 

  926. 

  927.         domain_path = xs.get_domain_path(xid)
    928. 

  928. 

  929.         # Set Xen Store entires with VM networking info:
    930. 

  930. 

  931.         xs.write('', "{0}/qubes-vm-type".format(domain_path),
    932. 

  932.                 self.type)
    933. 

  933.         xs.write('', "{0}/qubes-vm-updateable".format(domain_path),
    934. 

  934.                 str(self.updateable))
    935. 

  935. 

  936.         if self.is_netvm():
    937. 

  937.             xs.write('',
    938. 

  938.                     "{0}/qubes-netvm-gateway".format(domain_path),
    939. 

  939.                     self.gateway)
    940. 

  940.             xs.write('',
    941. 

  941.                     "{0}/qubes-netvm-secondary-dns".format(domain_path),
    942. 

  942.                     self.secondary_dns)
    943. 

  943.             xs.write('',
    944. 

  944.                     "{0}/qubes-netvm-netmask".format(domain_path),
    945. 

  945.                     self.netmask)
    946. 

  946.             xs.write('',
    947. 

  947.                     "{0}/qubes-netvm-network".format(domain_path),
    948. 

  948.                     self.network)
    949. 

  949. 

  950.         if self.netvm is not None:
    951. 

  951.             xs.write('', "{0}/qubes-ip".format(domain_path), self.ip)
    952. 

  952.             xs.write('', "{0}/qubes-netmask".format(domain_path),
    953. 

  953.                     self.netvm.netmask)
    954. 

  954.             xs.write('', "{0}/qubes-gateway".format(domain_path),
    955. 

  955.                     self.netvm.gateway)
    956. 

  956.             xs.write('',
    957. 

  957.                     "{0}/qubes-secondary-dns".format(domain_path),
    958. 

  958.                     self.netvm.secondary_dns)
    959. 

  959. 

  960.         tzname = self.get_timezone()
    961. 

  961.         if tzname:
    962. 

  962.              xs.write('',
    963. 

  963.                      "{0}/qubes-timezone".format(domain_path),
    964. 

  964.                      tzname)
    965. 

  965. 

  966.         for srv in self.services.keys():
    967. 

  967.             # convert True/False to "1"/"0"
    968. 

  968.             xs.write('', "{0}/qubes-service/{1}".format(domain_path, srv),
    969. 

  969.                     str(int(self.services[srv])))
    970. 

  970. 

  971.         xs.write('',
    972. 

  972.                 "{0}/qubes-block-devices".format(domain_path),
    973. 

  973.                 '')
    974. 

  974. 

  975.         xs.write('',
    976. 

  976.                 "{0}/qubes-usb-devices".format(domain_path),
    977. 

  977.                 '')
    978. 

  978. 

  979.         xs.write('', "{0}/qubes-debug-mode".format(domain_path),
    980. 

  980.                 str(int(self.debug)))
    981. 

  981. 

  982.         # Fix permissions
    983. 

  983.         xs.set_permissions('', '{0}/device'.format(domain_path),
    984. 

  984.                 [{ 'dom': xid }])
    985. 

  985.         xs.set_permissions('', '{0}/memory'.format(domain_path),
    986. 

  986.                 [{ 'dom': xid }])
    987. 

  987.         xs.set_permissions('', '{0}/qubes-block-devices'.format(domain_path),
    988. 

  988.                 [{ 'dom': xid }])
    989. 

  989.         xs.set_permissions('', '{0}/qubes-usb-devices'.format(domain_path),
    990. 

  990.                 [{ 'dom': xid }])
    991. 

  991. 

  992.         # fire hooks
    993. 

  993.         for hook in self.hooks_create_xenstore_entries:
    994. 

  994.             hook(self, xid=xid)
    995. 

  995. 

  996.     def get_rootdev(self, source_template=None):
    997. 

  997.         if self.template:
    998. 

  998.             return "'script:snapshot:{dir}/root.img:{dir}/root-cow.img,xvda,r',".format(dir=self.template.dir_path)
    999. 

  999.         else:
    1000. 

  1000.             return "'script:file:{dir}/root.img,xvda,w',".format(dir=self.dir_path)
    1001. 

  1001. 

  1002.     def get_config_params(self, source_template=None):
    1003. 

  1003.         args = {}
    1004. 

  1004.         args['name'] = self.name
    1005. 

  1005.         if hasattr(self, 'kernels_dir'):
    1006. 

  1006.             args['kerneldir'] = self.kernels_dir
    1007. 

  1007.         args['vmdir'] = self.dir_path
    1008. 

  1008.         args['pcidev'] = str(self.pcidevs).strip('[]')
    1009. 

  1009.         args['mem'] = str(self.memory)
    1010. 

  1010.         if self.maxmem < self.memory:
    1011. 

  1011.             args['mem'] = str(self.maxmem)
    1012. 

  1012.         args['maxmem'] = str(self.maxmem)
    1013. 

  1013.         if 'meminfo-writer' in self.services and not self.services['meminfo-writer']:
    1014. 

  1014.             # If dynamic memory management disabled, set maxmem=mem
    1015. 

  1015.             args['maxmem'] = args['mem']
    1016. 

  1016.         args['vcpus'] = str(self.vcpus)
    1017. 

  1017.         if self.netvm is not None:
    1018. 

  1018.             args['ip'] = self.ip
    1019. 

  1019.             args['mac'] = self.mac
    1020. 

  1020.             args['gateway'] = self.netvm.gateway
    1021. 

  1021.             args['dns1'] = self.netvm.gateway
    1022. 

  1022.             args['dns2'] = self.secondary_dns
    1023. 

  1023.             args['netmask'] = self.netmask
    1024. 

  1024.             args['netdev'] = "'mac={mac},script=/etc/xen/scripts/vif-route-qubes,ip={ip}".format(ip=self.ip, mac=self.mac)
    1025. 

  1025.             if self.netvm.qid != 0:
    1026. 

  1026.                 args['netdev'] += ",backend={0}".format(self.netvm.name)
    1027. 

  1027.             args['netdev'] += "'"
    1028. 

  1028.             args['disable_network'] = '';
    1029. 

  1029.         else:
    1030. 

  1030.             args['ip'] = ''
    1031. 

  1031.             args['mac'] = ''
    1032. 

  1032.             args['gateway'] = ''
    1033. 

  1033.             args['dns1'] = ''
    1034. 

  1034.             args['dns2'] = ''
    1035. 

  1035.             args['netmask'] = ''
    1036. 

  1036.             args['netdev'] = ''
    1037. 

  1037.             args['disable_network'] = '#';
    1038. 

  1038.         args['rootdev'] = self.get_rootdev(source_template=source_template)
    1039. 

  1039.         args['privatedev'] = "'script:file:{dir}/private.img,xvdb,w',".format(dir=self.dir_path)
    1040. 

  1040.         args['volatiledev'] = "'script:file:{dir}/volatile.img,xvdc,w',".format(dir=self.dir_path)
    1041. 

  1041.         if hasattr(self, 'kernel'):
    1042. 

  1042.             modulesmode='r'
    1043. 

  1043.             if self.kernel is None:
    1044. 

  1044.                 modulesmode='w'
    1045. 

  1045.             args['otherdevs'] = "'script:file:{dir}/modules.img,xvdd,{mode}',".format(dir=self.kernels_dir, mode=modulesmode)
    1046. 

  1046.         if hasattr(self, 'kernelopts'):
    1047. 

  1047.             args['kernelopts'] = self.kernelopts
    1048. 

  1048.             if self.debug:
    1049. 

  1049.                 print >> sys.stderr, "--> Debug mode: adding 'earlyprintk=xen' to kernel opts"
    1050. 

  1050.                 args['kernelopts'] += ' earlyprintk=xen'
    1051. 

  1051. 

  1052.         # fire hooks
    1053. 

  1053.         for hook in self.hooks_get_config_params:
    1054. 

  1054.             args = hook(self, args)
    1055. 

  1055. 

  1056.         return args
    1057. 

  1057. 

  1058.     @property
    1059. 

  1059.     def uses_custom_config(self):
    1060. 

  1060.         return self.conf_file != self.absolute_path(self.name + ".conf", None)
    1061. 

  1061. 

  1062.     def create_config_file(self, file_path = None, source_template = None, prepare_dvm = False):
    1063. 

  1063.         if file_path is None:
    1064. 

  1064.             file_path = self.conf_file
    1065. 

  1065.             if self.uses_custom_config:
    1066. 

  1066.                 return
    1067. 

  1067.         if source_template is None:
    1068. 

  1068.             source_template = self.template
    1069. 

  1069. 

  1070.         f_conf_template = open(self.config_file_template, 'r')
    1071. 

  1071.         conf_template = f_conf_template.read()
    1072. 

  1072.         f_conf_template.close()
    1073. 

  1073. 

  1074.         template_params = self.get_config_params(source_template)
    1075. 

  1075.         if prepare_dvm:
    1076. 

  1076.             template_params['name'] = '%NAME%'
    1077. 

  1077.             template_params['privatedev'] = ''
    1078. 

  1078.             template_params['netdev'] = re.sub(r"ip=[0-9.]*", "ip=%IP%", template_params['netdev'])
    1079. 

  1079.         conf_appvm = open(file_path, "w")
    1080. 

  1080. 

  1081.         conf_appvm.write(conf_template.format(**template_params))
    1082. 

  1082.         conf_appvm.close()
    1083. 

  1083. 

  1084.     def create_on_disk(self, verbose, source_template = None):
    1085. 

  1085.         if source_template is None:
    1086. 

  1086.             source_template = self.template
    1087. 

  1087.         assert source_template is not None
    1088. 

  1088. 

  1089.         if dry_run:
    1090. 

  1090.             return
    1091. 

  1091. 

  1092.         if verbose:
    1093. 

  1093.             print >> sys.stderr, "--> Creating directory: {0}".format(self.dir_path)
    1094. 

  1094.         os.mkdir (self.dir_path)
    1095. 

  1095. 

  1096.         if verbose:
    1097. 

  1097.             print >> sys.stderr, "--> Creating the VM config file: {0}".format(self.conf_file)
    1098. 

  1098. 

  1099.         self.create_config_file(source_template = source_template)
    1100. 

  1100. 

  1101.         template_priv = source_template.private_img
    1102. 

  1102.         if verbose:
    1103. 

  1103.             print >> sys.stderr, "--> Copying the template's private image: {0}".\
    1104. 

  1104.                     format(template_priv)
    1105. 

  1105. 

  1106.         # We prefer to use Linux's cp, because it nicely handles sparse files
    1107. 

  1107.         retcode = subprocess.call (["cp", template_priv, self.private_img])
    1108. 

  1108.         if retcode != 0:
    1109. 

  1109.             raise IOError ("Error while copying {0} to {1}".\
    1110. 

  1110.                            format(template_priv, self.private_img))
    1111. 

  1111. 

  1112.         if self.updateable:
    1113. 

  1113.             template_root = source_template.root_img
    1114. 

  1114.             if verbose:
    1115. 

  1115.                 print >> sys.stderr, "--> Copying the template's root image: {0}".\
    1116. 

  1116.                         format(template_root)
    1117. 

  1117. 

  1118.             # We prefer to use Linux's cp, because it nicely handles sparse files
    1119. 

  1119.             retcode = subprocess.call (["cp", template_root, self.root_img])
    1120. 

  1120.             if retcode != 0:
    1121. 

  1121.                 raise IOError ("Error while copying {0} to {1}".\
    1122. 

  1122.                                format(template_root, self.root_img))
    1123. 

  1123. 

  1124.             kernels_dir = source_template.kernels_dir
    1125. 

  1125.             if verbose:
    1126. 

  1126.                 print >> sys.stderr, "--> Copying the kernel (set kernel \"none\" to use it): {0}".\
    1127. 

  1127.                         format(kernels_dir)
    1128. 

  1128. 

  1129.             os.mkdir (self.dir_path + '/kernels')
    1130. 

  1130.             for f in ("vmlinuz", "initramfs", "modules.img"):
    1131. 

  1131.                 shutil.copy(os.path.join(kernels_dir, f),
    1132. 

  1132.                         os.path.join(self.dir_path, vm_files["kernels_subdir"], f))
    1133. 

  1133. 

  1134.         # Create volatile.img
    1135. 

  1135.         self.reset_volatile_storage(source_template = source_template, verbose=verbose)
    1136. 

  1136. 

  1137.         if verbose:
    1138. 

  1138.             print >> sys.stderr, "--> Creating icon symlink: {0} -> {1}".format(self.icon_path, self.label.icon_path)
    1139. 

  1139.         os.symlink (self.label.icon_path, self.icon_path)
    1140. 

  1140. 

  1141.         # fire hooks
    1142. 

  1142.         for hook in self.hooks_create_on_disk:
    1143. 

  1143.             hook(self, verbose, source_template=source_template)
    1144. 

  1144. 

  1145.     def get_clone_attrs(self):
    1146. 

  1146.         attrs = ['kernel', 'uses_default_kernel', 'netvm', 'uses_default_netvm', \
    1147. 

  1147.             'memory', 'maxmem', 'kernelopts', 'uses_default_kernelopts', 'services', 'vcpus', \
    1148. 

  1148.             '_mac', 'pcidevs', 'include_in_backups', '_label', 'default_user']
    1149. 

  1149. 

  1150.         # fire hooks
    1151. 

  1151.         for hook in self.hooks_get_clone_attrs:
    1152. 

  1152.             attrs = hook(self, attrs)
    1153. 

  1153. 

  1154.         return attrs
    1155. 

  1155. 

  1156.     def clone_attrs(self, src_vm, fail_on_error=True):
    1157. 

  1157.         self._do_not_reset_firewall = True
    1158. 

  1158.         for prop in self.get_clone_attrs():
    1159. 

  1159.             try:
    1160. 

  1160.                 setattr(self, prop, getattr(src_vm, prop))
    1161. 

  1161.             except Exception as e:
    1162. 

  1162.                 if fail_on_error:
    1163. 

  1163.                     self._do_not_reset_firewall = False
    1164. 

  1164.                     raise
    1165. 

  1165.                 else:
    1166. 

  1166.                     print >>sys.stderr, "WARNING: %s" % str(e)
    1167. 

  1167.         self._do_not_reset_firewall = False
    1168. 

  1168. 

  1169.     def clone_disk_files(self, src_vm, verbose):
    1170. 

  1170.         if dry_run:
    1171. 

  1171.             return
    1172. 

  1172. 

  1173.         if src_vm.is_running():
    1174. 

  1174.             raise QubesException("Attempt to clone a running VM!")
    1175. 

  1175. 

  1176.         if verbose:
    1177. 

  1177.             print >> sys.stderr, "--> Creating directory: {0}".format(self.dir_path)
    1178. 

  1178.         os.mkdir (self.dir_path)
    1179. 

  1179. 

  1180.         if src_vm.private_img is not None and self.private_img is not None:
    1181. 

  1181.             if verbose:
    1182. 

  1182.                 print >> sys.stderr, "--> Copying the private image:\n{0} ==>\n{1}".\
    1183. 

  1183.                         format(src_vm.private_img, self.private_img)
    1184. 

  1184.             # We prefer to use Linux's cp, because it nicely handles sparse files
    1185. 

  1185.             retcode = subprocess.call (["cp", src_vm.private_img, self.private_img])
    1186. 

  1186.             if retcode != 0:
    1187. 

  1187.                 raise IOError ("Error while copying {0} to {1}".\
    1188. 

  1188.                                format(src_vm.private_img, self.private_img))
    1189. 

  1189. 

  1190.         if src_vm.updateable and src_vm.root_img is not None and self.root_img is not None:
    1191. 

  1191.             if verbose:
    1192. 

  1192.                 print >> sys.stderr, "--> Copying the root image:\n{0} ==>\n{1}".\
    1193. 

  1193.                         format(src_vm.root_img, self.root_img)
    1194. 

  1194.             # We prefer to use Linux's cp, because it nicely handles sparse files
    1195. 

  1195.             retcode = subprocess.call (["cp", src_vm.root_img, self.root_img])
    1196. 

  1196.             if retcode != 0:
    1197. 

  1197.                 raise IOError ("Error while copying {0} to {1}".\
    1198. 

  1198.                            format(src_vm.root_img, self.root_img))
    1199. 

  1199. 

  1200.         if src_vm.icon_path is not None and self.icon_path is not None:
    1201. 

  1201.             if os.path.exists (src_vm.dir_path):
    1202. 

  1202.                 if os.path.islink(src_vm.icon_path):
    1203. 

  1203.                     icon_path = os.readlink(src_vm.icon_path)
    1204. 

  1204.                     if verbose:
    1205. 

  1205.                         print >> sys.stderr, "--> Creating icon symlink: {0} -> {1}".format(self.icon_path, icon_path)
    1206. 

  1206.                     os.symlink (icon_path, self.icon_path)
    1207. 

  1207.                 else:
    1208. 

  1208.                     if verbose:
    1209. 

  1209.                         print >> sys.stderr, "--> Copying icon: {0} -> {1}".format(src_vm.icon_path, self.icon_path)
    1210. 

  1210.                     shutil.copy(src_vm.icon_path, self.icon_path)
    1211. 

  1211. 

  1212.         # fire hooks
    1213. 

  1213.         for hook in self.hooks_clone_disk_files:
    1214. 

  1214.             hook(self, src_vm, verbose)
    1215. 

  1215. 

  1216.     def verify_files(self):
    1217. 

  1217.         if dry_run:
    1218. 

  1218.             return
    1219. 

  1219. 

  1220.         if not os.path.exists (self.dir_path):
    1221. 

  1221.             raise QubesException (
    1222. 

  1222.                 "VM directory doesn't exist: {0}".\
    1223. 

  1223.                 format(self.dir_path))
    1224. 

  1224. 

  1225.         if self.updateable and not os.path.exists (self.root_img):
    1226. 

  1226.             raise QubesException (
    1227. 

  1227.                 "VM root image file doesn't exist: {0}".\
    1228. 

  1228.                 format(self.root_img))
    1229. 

  1229. 

  1230.         if not os.path.exists (self.private_img):
    1231. 

  1231.             raise QubesException (
    1232. 

  1232.                 "VM private image file doesn't exist: {0}".\
    1233. 

  1233.                 format(self.private_img))
    1234. 

  1234. 

  1235.         if not os.path.exists (os.path.join(self.kernels_dir, 'vmlinuz')):
    1236. 

  1236.             raise QubesException (
    1237. 

  1237.                 "VM kernel does not exists: {0}".\
    1238. 

  1238.                 format(os.path.join(self.kernels_dir, 'vmlinuz')))
    1239. 

  1239. 

  1240.         if not os.path.exists (os.path.join(self.kernels_dir, 'initramfs')):
    1241. 

  1241.             raise QubesException (
    1242. 

  1242.                 "VM initramfs does not exists: {0}".\
    1243. 

  1243.                 format(os.path.join(self.kernels_dir, 'initramfs')))
    1244. 

  1244. 

  1245.         if not os.path.exists (os.path.join(self.kernels_dir, 'modules.img')):
    1246. 

  1246.             raise QubesException (
    1247. 

  1247.                 "VM kernel modules image does not exists: {0}".\
    1248. 

  1248.                 format(os.path.join(self.kernels_dir, 'modules.img')))
    1249. 

  1249. 

  1250.         # fire hooks
    1251. 

  1251.         for hook in self.hooks_verify_files:
    1252. 

  1252.             hook(self)
    1253. 

  1253. 

  1254.         return True
    1255. 

  1255. 

  1256.     def reset_volatile_storage(self, source_template = None, verbose = False):
    1257. 

  1257.         assert not self.is_running(), "Attempt to clean volatile image of running VM!"
    1258. 

  1258. 

  1259.         if source_template is None:
    1260. 

  1260.             source_template = self.template
    1261. 

  1261. 

  1262.         # Only makes sense on template based VM
    1263. 

  1263.         if source_template is None:
    1264. 

  1264.             # For StandaloneVM create it only if not already exists (eg after backup-restore)
    1265. 

  1265.             if not os.path.exists(self.volatile_img):
    1266. 

  1266.                 if verbose:
    1267. 

  1267.                     print >> sys.stderr, "--> Creating volatile image: {0}...".format (self.volatile_img)
    1268. 

  1268.                 f_root = open (self.root_img, "r")
    1269. 

  1269.                 f_root.seek(0, os.SEEK_END)
    1270. 

  1270.                 root_size = f_root.tell()
    1271. 

  1271.                 f_root.close()
    1272. 

  1272.                 subprocess.check_call([system_path["prepare_volatile_img_cmd"], self.volatile_img, str(root_size / 1024 / 1024)])
    1273. 

  1273.             return
    1274. 

  1274. 

  1275.         if verbose:
    1276. 

  1276.             print >> sys.stderr, "--> Cleaning volatile image: {0}...".format (self.volatile_img)
    1277. 

  1277.         if dry_run:
    1278. 

  1278.             return
    1279. 

  1279.         if os.path.exists (self.volatile_img):
    1280. 

  1280.            os.remove (self.volatile_img)
    1281. 

  1281. 

  1282.         if hasattr(source_template, 'clean_volatile_img'):
    1283. 

  1283.             retcode = subprocess.call (["tar", "xf", source_template.clean_volatile_img, "-C", self.dir_path])
    1284. 

  1284.             if retcode != 0:
    1285. 

  1285.                 raise IOError ("Error while unpacking {0} to {1}".\
    1286. 

  1286.                                format(source_template.clean_volatile_img, self.volatile_img))
    1287. 

  1287. 

  1288.     def remove_from_disk(self):
    1289. 

  1289.         if dry_run:
    1290. 

  1290.             return
    1291. 

  1291. 

  1292.         # fire hooks
    1293. 

  1293.         for hook in self.hooks_remove_from_disk:
    1294. 

  1294.             hook(self)
    1295. 

  1295. 

  1296.         shutil.rmtree (self.dir_path)
    1297. 

  1297. 

  1298.     def write_firewall_conf(self, conf):
    1299. 

  1299.         defaults = self.get_firewall_conf()
    1300. 

  1300.         expiring_rules_present = False
    1301. 

  1301.         for item in defaults.keys():
    1302. 

  1302.             if item not in conf:
    1303. 

  1303.                 conf[item] = defaults[item]
    1304. 

  1304. 

  1305.         root = lxml.etree.Element(
    1306. 

  1306.                 "QubesFirewallRules",
    1307. 

  1307.                 policy = "allow" if conf["allow"] else "deny",
    1308. 

  1308.                 dns = "allow" if conf["allowDns"] else "deny",
    1309. 

  1309.                 icmp = "allow" if conf["allowIcmp"] else "deny",
    1310. 

  1310.                 yumProxy = "allow" if conf["allowYumProxy"] else "deny"
    1311. 

  1311.         )
    1312. 

  1312. 

  1313.         for rule in conf["rules"]:
    1314. 

  1314.             # For backward compatibility
    1315. 

  1315.             if "proto" not in rule:
    1316. 

  1316.                 if rule["portBegin"] is not None and rule["portBegin"] > 0:
    1317. 

  1317.                     rule["proto"] = "tcp"
    1318. 

  1318.                 else:
    1319. 

  1319.                     rule["proto"] = "any"
    1320. 

  1320.             element = lxml.etree.Element(
    1321. 

  1321.                     "rule",
    1322. 

  1322.                     address=rule["address"],
    1323. 

  1323.                     proto=str(rule["proto"]),
    1324. 

  1324.             )
    1325. 

  1325.             if rule["netmask"] is not None and rule["netmask"] != 32:
    1326. 

  1326.                 element.set("netmask", str(rule["netmask"]))
    1327. 

  1327.             if rule.get("portBegin", None) is not None and \
    1328. 

  1328.                             rule["portBegin"] > 0:
    1329. 

  1329.                 element.set("port", str(rule["portBegin"]))
    1330. 

  1330.             if rule.get("portEnd", None) is not None and rule["portEnd"] > 0:
    1331. 

  1331.                 element.set("toport", str(rule["portEnd"]))
    1332. 

  1332.             if "expire" in rule:
    1333. 

  1333.                 element.set("expire", str(rule["expire"]))
    1334. 

  1334.                 expiring_rules_present = True
    1335. 

  1335. 

  1336.             root.append(element)
    1337. 

  1337. 

  1338.         tree = lxml.etree.ElementTree(root)
    1339. 

  1339. 

  1340.         try:
    1341. 

  1341.             f = open(self.firewall_conf, 'a') # create the file if not exist
    1342. 

  1342.             f.close()
    1343. 

  1343. 

  1344.             with open(self.firewall_conf, 'w') as f:
    1345. 

  1345.                 fcntl.lockf(f, fcntl.LOCK_EX)
    1346. 

  1346.                 tree.write(f, encoding="UTF-8", pretty_print=True)
    1347. 

  1347.                 fcntl.lockf(f, fcntl.LOCK_UN)
    1348. 

  1348.             f.close()
    1349. 

  1349.         except EnvironmentError as err:
    1350. 

  1350.             print >> sys.stderr, "{0}: save error: {1}".format(
    1351. 

  1351.                     os.path.basename(sys.argv[0]), err)
    1352. 

  1352.             return False
    1353. 

  1353. 

  1354.         # Automatically enable/disable 'yum-proxy-setup' service based on allowYumProxy
    1355. 

  1355.         if conf['allowYumProxy']:
    1356. 

  1356.             self.services['yum-proxy-setup'] = True
    1357. 

  1357.         else:
    1358. 

  1358.             if self.services.has_key('yum-proxy-setup'):
    1359. 

  1359.                 self.services.pop('yum-proxy-setup')
    1360. 

  1360. 

  1361.         if expiring_rules_present:
    1362. 

  1362.             subprocess.call(["sudo", "systemctl", "start",
    1363. 

  1363.                              "qubes-reload-firewall@%s.timer" % self.name])
    1364. 

  1364. 

  1365.         return True
    1366. 

  1366. 

  1367.     def has_firewall(self):
    1368. 

  1368.         return os.path.exists (self.firewall_conf)
    1369. 

  1369. 

  1370.     def get_firewall_defaults(self):
    1371. 

  1371.         return { "rules": list(), "allow": True, "allowDns": True, "allowIcmp": True, "allowYumProxy": False }
    1372. 

  1372. 

  1373.     def get_firewall_conf(self):
    1374. 

  1374.         conf = self.get_firewall_defaults()
    1375. 

  1375. 

  1376.         try:
    1377. 

  1377.             tree = lxml.etree.parse(self.firewall_conf)
    1378. 

  1378.             root = tree.getroot()
    1379. 

  1379. 

  1380.             conf["allow"] = (root.get("policy") == "allow")
    1381. 

  1381.             conf["allowDns"] = (root.get("dns") == "allow")
    1382. 

  1382.             conf["allowIcmp"] = (root.get("icmp") == "allow")
    1383. 

  1383.             conf["allowYumProxy"] = (root.get("yumProxy") == "allow")
    1384. 

  1384. 

  1385.             for element in root:
    1386. 

  1386.                 rule = {}
    1387. 

  1387.                 attr_list = ("address", "netmask", "proto", "port", "toport",
    1388. 

  1388.                              "expire")
    1389. 

  1389. 

  1390.                 for attribute in attr_list:
    1391. 

  1391.                     rule[attribute] = element.get(attribute)
    1392. 

  1392. 

  1393.                 if rule["netmask"] is not None:
    1394. 

  1394.                     rule["netmask"] = int(rule["netmask"])
    1395. 

  1395.                 else:
    1396. 

  1396.                     rule["netmask"] = 32
    1397. 

  1397. 

  1398.                 if rule["port"] is not None:
    1399. 

  1399.                     rule["portBegin"] = int(rule["port"])
    1400. 

  1400.                 else:
    1401. 

  1401.                     # backward compatibility
    1402. 

  1402.                     rule["portBegin"] = 0
    1403. 

  1403. 

  1404.                 # For backward compatibility
    1405. 

  1405.                 if rule["proto"] is None:
    1406. 

  1406.                     if rule["portBegin"] > 0:
    1407. 

  1407.                         rule["proto"] = "tcp"
    1408. 

  1408.                     else:
    1409. 

  1409.                         rule["proto"] = "any"
    1410. 

  1410. 

  1411.                 if rule["toport"] is not None:
    1412. 

  1412.                     rule["portEnd"] = int(rule["toport"])
    1413. 

  1413.                 else:
    1414. 

  1414.                     rule["portEnd"] = None
    1415. 

  1415. 

  1416.                 if rule["expire"] is not None:
    1417. 

  1417.                     rule["expire"] = int(rule["expire"])
    1418. 

  1418.                     if rule["expire"] <= int(datetime.datetime.now().strftime(
    1419. 

  1419.                             "%s")):
    1420. 

  1420.                         continue
    1421. 

  1421.                 else:
    1422. 

  1422.                     del(rule["expire"])
    1423. 

  1423. 

  1424.                 del(rule["port"])
    1425. 

  1425.                 del(rule["toport"])
    1426. 

  1426. 

  1427.                 conf["rules"].append(rule)
    1428. 

  1428. 

  1429.         except EnvironmentError as err:
    1430. 

  1430.             return conf
    1431. 

  1431.         except (xml.parsers.expat.ExpatError,
    1432. 

  1432.                 ValueError, LookupError) as err:
    1433. 

  1433.             print("{0}: load error: {1}".format(
    1434. 

  1434.                 os.path.basename(sys.argv[0]), err))
    1435. 

  1435.             return None
    1436. 

  1436. 

  1437.         return conf
    1438. 

  1438. 

  1439.     def pci_add(self, pci):
    1440. 

  1440.         if not os.path.exists('/sys/bus/pci/devices/0000:%s' % pci):
    1441. 

  1441.             raise QubesException("Invalid PCI device: %s" % pci)
    1442. 

  1442.         if self.pcidevs.count(pci):
    1443. 

  1443.             # already added
    1444. 

  1444.             return
    1445. 

  1445.         self.pcidevs.append(pci)
    1446. 

  1446.         if self.is_running():
    1447. 

  1447.             try:
    1448. 

  1448.                 subprocess.check_call(['sudo', system_path["qubes_pciback_cmd"], pci])
    1449. 

  1449.                 subprocess.check_call(['sudo', 'xl', 'pci-attach', str(self.xid), pci])
    1450. 

  1450.             except Exception as e:
    1451. 

  1451.                 print >>sys.stderr, "Failed to attach PCI device on the fly " \
    1452. 

  1452.                     "(%s), changes will be seen after VM restart" % str(e)
    1453. 

  1453. 

  1454.     def pci_remove(self, pci):
    1455. 

  1455.         if not self.pcidevs.count(pci):
    1456. 

  1456.             # not attached
    1457. 

  1457.             return
    1458. 

  1458.         self.pcidevs.remove(pci)
    1459. 

  1459.         if self.is_running():
    1460. 

  1460.             p = subprocess.Popen(['xl', 'pci-list', str(self.xid)],
    1461. 

  1461.                     stdout=subprocess.PIPE)
    1462. 

  1462.             result = p.communicate()
    1463. 

  1463.             m = re.search(r"^(\d+.\d+)\s+0000:%s$" % pci, result[0], flags=re.MULTILINE)
    1464. 

  1464.             if not m:
    1465. 

  1465.                 print >>sys.stderr, "Device %s already detached" % pci
    1466. 

  1466.                 return
    1467. 

  1467.             vmdev = m.group(1)
    1468. 

  1468.             try:
    1469. 

  1469.                 self.run_service("qubes.DetachPciDevice",
    1470. 

  1470.                                  user="root", input="00:%s" % vmdev)
    1471. 

  1471.                 subprocess.check_call(['sudo', 'xl', 'pci-detach', str(self.xid), pci])
    1472. 

  1472.             except Exception as e:
    1473. 

  1473.                 print >>sys.stderr, "Failed to detach PCI device on the fly " \
    1474. 

  1474.                     "(%s), changes will be seen after VM restart" % str(e)
    1475. 

  1475. 

  1476.     def run(self, command, user = None, verbose = True, autostart = False,
    1477. 

  1477.             notify_function = None,
    1478. 

  1478.             passio = False, passio_popen = False, passio_stderr=False,
    1479. 

  1479.             ignore_stderr=False, localcmd = None, wait = False, gui = True,
    1480. 

  1480.             filter_esc = False):
    1481. 

  1481.         """command should be in form 'cmdline'
    1482. 

  1482.             When passio_popen=True, popen object with stdout connected to pipe.
    1483. 

  1483.             When additionally passio_stderr=True, stderr also is connected to pipe.
    1484. 

  1484.             When ignore_stderr=True, stderr is connected to /dev/null.
    1485. 

  1485.             """
    1486. 

  1486. 

  1487.         if user is None:
    1488. 

  1488.             user = self.default_user
    1489. 

  1489.         null = None
    1490. 

  1490.         if not self.is_running() and not self.is_paused():
    1491. 

  1491.             if not autostart:
    1492. 

  1492.                 raise QubesException("VM not running")
    1493. 

  1493. 

  1494.             try:
    1495. 

  1495.                 if notify_function is not None:
    1496. 

  1496.                     notify_function ("info", "Starting the '{0}' VM...".format(self.name))
    1497. 

  1497.                 elif verbose:
    1498. 

  1498.                     print >> sys.stderr, "Starting the VM '{0}'...".format(self.name)
    1499. 

  1499.                 xid = self.start(verbose=verbose, start_guid = gui, notify_function=notify_function)
    1500. 

  1500.             except (IOError, OSError, QubesException) as err:
    1501. 

  1501.                 raise QubesException("Error while starting the '{0}' VM: {1}".format(self.name, err))
    1502. 

  1502.             except (MemoryError) as err:
    1503. 

  1503.                 raise QubesException("Not enough memory to start '{0}' VM! "
    1504. 

  1504.                                      "Close one or more running VMs and try "
    1505. 

  1505.                                      "again.".format(self.name))
    1506. 

  1506. 

  1507.         if self.is_paused():
    1508. 

  1508.             raise QubesException("VM is paused")
    1509. 

  1509.         if not self.is_qrexec_running():
    1510. 

  1510.             raise QubesException(
    1511. 

  1511.                 "Domain '{}': qrexec not connected.".format(self.name))
    1512. 

  1512. 

  1513.         xid = self.get_xid()
    1514. 

  1514.         if gui and os.getenv("DISPLAY") is not None and not self.is_guid_running():
    1515. 

  1515.             self.start_guid(verbose = verbose, notify_function = notify_function)
    1516. 

  1516. 

  1517.         args = [system_path["qrexec_client_path"], "-d", str(xid), "%s:%s" % (user, command)]
    1518. 

  1518.         if localcmd is not None:
    1519. 

  1519.             args += [ "-l", localcmd]
    1520. 

  1520.         if filter_esc:
    1521. 

  1521.             args += ["-t"]
    1522. 

  1522.         if os.isatty(sys.stderr.fileno()):
    1523. 

  1523.             args += ["-T"]
    1524. 

  1524.         if passio:
    1525. 

  1525.             os.execv(system_path["qrexec_client_path"], args)
    1526. 

  1526.             exit(1)
    1527. 

  1527. 

  1528.         call_kwargs = {}
    1529. 

  1529.         if ignore_stderr:
    1530. 

  1530.             null = open("/dev/null", "w")
    1531. 

  1531.             call_kwargs['stderr'] = null
    1532. 

  1532. 

  1533.         if passio_popen:
    1534. 

  1534.             popen_kwargs={'stdout': subprocess.PIPE}
    1535. 

  1535.             popen_kwargs['stdin'] = subprocess.PIPE
    1536. 

  1536.             if passio_stderr:
    1537. 

  1537.                 popen_kwargs['stderr'] = subprocess.PIPE
    1538. 

  1538.             else:
    1539. 

  1539.                 popen_kwargs['stderr'] = call_kwargs.get('stderr', None)
    1540. 

  1540.             p = subprocess.Popen (args, **popen_kwargs)
    1541. 

  1541.             if null:
    1542. 

  1542.                 null.close()
    1543. 

  1543.             return p
    1544. 

  1544.         if not wait:
    1545. 

  1545.             args += ["-e"]
    1546. 

  1546.         retcode = subprocess.call(args, **call_kwargs)
    1547. 

  1547.         if null:
    1548. 

  1548.             null.close()
    1549. 

  1549.         return retcode
    1550. 

  1550. 

  1551.     def run_service(self, service, source="dom0", user=None,
    1552. 

  1552.                     passio_popen =  False, input=None):
    1553. 

  1553.         if input and passio_popen:
    1554. 

  1554.             raise ValueError("'input' and 'passio_popen' cannot be used "
    1555. 

  1555.                              "together")
    1556. 

  1556.         if input:
    1557. 

  1557.             return self.run("QUBESRPC %s %s" % (service, source),
    1558. 

  1558.                         localcmd="echo %s" % input, user=user, wait=True)
    1559. 

  1559.         else:
    1560. 

  1560.             return self.run("QUBESRPC %s %s" % (service, source),
    1561. 

  1561.                         passio_popen=passio_popen, user=user, wait=True)
    1562. 

  1562. 

  1563.     def attach_network(self, verbose = False, wait = True, netvm = None):
    1564. 

  1564.         if dry_run:
    1565. 

  1565.             return
    1566. 

  1566. 

  1567.         if not self.is_running():
    1568. 

  1568.             raise QubesException ("VM not running!")
    1569. 

  1569. 

  1570.         if netvm is None:
    1571. 

  1571.             netvm = self.netvm
    1572. 

  1572. 

  1573.         if netvm is None:
    1574. 

  1574.             raise QubesException ("NetVM not set!")
    1575. 

  1575. 

  1576.         if netvm.qid != 0:
    1577. 

  1577.             if not netvm.is_running():
    1578. 

  1578.                 if verbose:
    1579. 

  1579.                     print >> sys.stderr, "--> Starting NetVM {0}...".format(netvm.name)
    1580. 

  1580.                 netvm.start()
    1581. 

  1581. 

  1582.         xs_path = '/local/domain/%d/device/vif/0/state' % (self.xid)
    1583. 

  1583.         if xs.read('', xs_path) is not None:
    1584. 

  1584.             # TODO: check its state and backend state (this can be stale vif after NetVM restart)
    1585. 

  1585.             if verbose:
    1586. 

  1586.                 print >> sys.stderr, "NOTICE: Network already attached"
    1587. 

  1587.                 return
    1588. 

  1588. 

  1589.         xm_cmdline = ["/usr/sbin/xl", "network-attach", str(self.xid), "script=/etc/xen/scripts/vif-route-qubes", "ip="+self.ip, "backend="+netvm.name ]
    1590. 

  1590.         retcode = subprocess.call (xm_cmdline)
    1591. 

  1591.         if retcode != 0:
    1592. 

  1592.             print >> sys.stderr, ("WARNING: Cannot attach to network to '{0}'!".format(self.name))
    1593. 

  1593.         if wait:
    1594. 

  1594.             tries = 0
    1595. 

  1595.             while xs.read('', xs_path) != '4':
    1596. 

  1596.                 tries += 1
    1597. 

  1597.                 if tries > 50:
    1598. 

  1598.                     raise QubesException ("Network attach timed out!")
    1599. 

  1599.                 time.sleep(0.2)
    1600. 

  1600. 

  1601.     def wait_for_session(self, notify_function = None):
    1602. 

  1602.         #self.run('echo $$ >> /tmp/qubes-session-waiter; [ ! -f /tmp/qubes-session-env ] && exec sleep 365d', ignore_stderr=True, gui=False, wait=True)
    1603. 

  1603. 

  1604.         # Note : User root is redefined to SYSTEM in the Windows agent code
    1605. 

  1605.         p = self.run('QUBESRPC qubes.WaitForSession none', user="root", passio_popen=True, gui=False, wait=True)
    1606. 

  1606.         p.communicate(input=self.default_user)
    1607. 

  1607. 

  1608.     def start_guid(self, verbose = True, notify_function = None,
    1609. 

  1609.             extra_guid_args=[], before_qrexec=False):
    1610. 

  1610.         if verbose:
    1611. 

  1611.             print >> sys.stderr, "--> Starting Qubes GUId..."
    1612. 

  1612.         xid = self.get_xid()
    1613. 

  1613. 

  1614.         guid_cmd = [system_path["qubes_guid_path"],
    1615. 

  1615.             "-d", str(xid),
    1616. 

  1616.             "-c", self.label.color,
    1617. 

  1617.             "-i", self.label.icon_path,
    1618. 

  1618.             "-l", str(self.label.index)]
    1619. 

  1619.         guid_cmd += extra_guid_args
    1620. 

  1620.         if self.debug:
    1621. 

  1621.             guid_cmd += ['-v', '-v']
    1622. 

  1622.         retcode = subprocess.call (guid_cmd)
    1623. 

  1623.         if (retcode != 0) :
    1624. 

  1624.             raise QubesException("Cannot start qubes-guid!")
    1625. 

  1625. 

  1626.         if verbose:
    1627. 

  1627.             print >> sys.stderr, "--> Sending monitor layout..."
    1628. 

  1628. 

  1629.         try:
    1630. 

  1630.             subprocess.call([system_path["monitor_layout_notify_cmd"], self.name])
    1631. 

  1631.         except Exception as e:
    1632. 

  1632.             print >>sys.stderr, "ERROR: %s" % e
    1633. 

  1633. 

  1634.         if verbose:
    1635. 

  1635.             print >> sys.stderr, "--> Waiting for qubes-session..."
    1636. 

  1636. 

  1637.         self.wait_for_session(notify_function)
    1638. 

  1638. 

  1639.     def start_qrexec_daemon(self, verbose = False, notify_function = None):
    1640. 

  1640.         if verbose:
    1641. 

  1641.             print >> sys.stderr, "--> Starting the qrexec daemon..."
    1642. 

  1642.         xid = self.get_xid()
    1643. 

  1643.         qrexec_env = os.environ
    1644. 

  1644.         qrexec_env['QREXEC_STARTUP_TIMEOUT'] = str(self.qrexec_timeout)
    1645. 

  1645.         retcode = subprocess.call ([system_path["qrexec_daemon_path"], str(xid), self.name, self.default_user], env=qrexec_env)
    1646. 

  1646.         if (retcode != 0) :
    1647. 

  1647.             raise OSError ("Cannot execute qrexec-daemon!")
    1648. 

  1648. 

  1649.     def start(self, debug_console = False, verbose = False, preparing_dvm = False, start_guid = True, notify_function = None):
    1650. 

  1650.         if dry_run:
    1651. 

  1651.             return
    1652. 

  1652. 

  1653.         # Intentionally not used is_running(): eliminate also "Paused", "Crashed", "Halting"
    1654. 

  1654.         if self.get_power_state() != "Halted":
    1655. 

  1655.             raise QubesException ("VM is already running!")
    1656. 

  1656. 

  1657.         self.verify_files()
    1658. 

  1658. 

  1659.         if self.netvm is not None:
    1660. 

  1660.             if self.netvm.qid != 0:
    1661. 

  1661.                 if not self.netvm.is_running():
    1662. 

  1662.                     if verbose:
    1663. 

  1663.                         print >> sys.stderr, "--> Starting NetVM {0}...".format(self.netvm.name)
    1664. 

  1664.                     self.netvm.start(verbose = verbose, start_guid = start_guid, notify_function = notify_function)
    1665. 

  1665. 

  1666.         self.reset_volatile_storage(verbose=verbose)
    1667. 

  1667.         if verbose:
    1668. 

  1668.             print >> sys.stderr, "--> Loading the VM (type = {0})...".format(self.type)
    1669. 

  1669. 

  1670.         # refresh config file
    1671. 

  1671.         self.create_config_file()
    1672. 

  1672. 

  1673.         mem_required = int(self.memory) * 1024 * 1024
    1674. 

  1674.         qmemman_client = QMemmanClient()
    1675. 

  1675.         try:
    1676. 

  1676.             got_memory = qmemman_client.request_memory(mem_required)
    1677. 

  1677.         except IOError as e:
    1678. 

  1678.             raise IOError("ERROR: Failed to connect to qmemman: %s" % str(e))
    1679. 

  1679.         if not got_memory:
    1680. 

  1680.             qmemman_client.close()
    1681. 

  1681.             raise MemoryError ("ERROR: insufficient memory to start VM '%s'" % self.name)
    1682. 

  1682. 

  1683.         # Bind pci devices to pciback driver
    1684. 

  1684.         for pci in self.pcidevs:
    1685. 

  1685.             try:
    1686. 

  1686.                 subprocess.check_call(['sudo', system_path["qubes_pciback_cmd"], pci])
    1687. 

  1687.             except subprocess.CalledProcessError:
    1688. 

  1688.                 raise QubesException("Failed to prepare PCI device %s" % pci)
    1689. 

  1689. 

  1690.         xl_cmdline = ['sudo', '/usr/sbin/xl', 'create', self.conf_file, '-q', '-p']
    1691. 

  1691. 

  1692.         try:
    1693. 

  1693.             subprocess.check_call(xl_cmdline)
    1694. 

  1694.         except:
    1695. 

  1695.             try:
    1696. 

  1696.                 self._cleanup_zombie_domains()
    1697. 

  1697.             except:
    1698. 

  1698.                 pass
    1699. 

  1699.             raise QubesException("Failed to load VM config")
    1700. 

  1700. 

  1701.         xid = self.get_xid()
    1702. 

  1702.         self.xid = xid
    1703. 

  1703. 

  1704.         if preparing_dvm:
    1705. 

  1705.             self.services['qubes-dvm'] = True
    1706. 

  1706.         if verbose:
    1707. 

  1707.             print >> sys.stderr, "--> Setting Xen Store info for the VM..."
    1708. 

  1708.         self.create_xenstore_entries(xid)
    1709. 

  1709. 

  1710.         qvm_collection = QubesVmCollection()
    1711. 

  1711.         qvm_collection.lock_db_for_reading()
    1712. 

  1712.         qvm_collection.load()
    1713. 

  1713.         qvm_collection.unlock_db()
    1714. 

  1714. 

  1715.         if verbose:
    1716. 

  1716.             print >> sys.stderr, "--> Updating firewall rules..."
    1717. 

  1717.         for vm in qvm_collection.values():
    1718. 

  1718.             if vm.is_proxyvm() and vm.is_running():
    1719. 

  1719.                 vm.write_iptables_xenstore_entry()
    1720. 

  1720. 

  1721.         # fire hooks
    1722. 

  1722.         for hook in self.hooks_start:
    1723. 

  1723.             hook(self, verbose = verbose, preparing_dvm =  preparing_dvm,
    1724. 

  1724.                     start_guid = start_guid, notify_function = notify_function)
    1725. 

  1725. 

  1726.         if verbose:
    1727. 

  1727.             print >> sys.stderr, "--> Starting the VM..."
    1728. 

  1728.         xc.domain_unpause(xid)
    1729. 

  1729. 

  1730. # close() is not really needed, because the descriptor is close-on-exec
    1731. 

  1731. # anyway, the reason to postpone close() is that possibly xl is not done
    1732. 

  1732. # constructing the domain after its main process exits
    1733. 

  1733. # so we close() when we know the domain is up
    1734. 

  1734. # the successful unpause is some indicator of it
    1735. 

  1735.         qmemman_client.close()
    1736. 

  1736. 

  1737.         if self._start_guid_first and start_guid and not preparing_dvm and os.path.exists('/var/run/shm.id'):
    1738. 

  1738.             self.start_guid(verbose=verbose, notify_function=notify_function, before_qrexec=True)
    1739. 

  1739. 

  1740.         if not preparing_dvm:
    1741. 

  1741.             self.start_qrexec_daemon(verbose=verbose,notify_function=notify_function)
    1742. 

  1742. 

  1743.         if start_guid and not preparing_dvm and os.path.exists('/var/run/shm.id'):
    1744. 

  1744.             self.start_guid(verbose=verbose, notify_function=notify_function)
    1745. 

  1745. 

  1746.         if preparing_dvm:
    1747. 

  1747.             if verbose:
    1748. 

  1748.                 print >> sys.stderr, "--> Preparing config template for DispVM"
    1749. 

  1749.             self.create_config_file(file_path = self.dir_path + '/dvm.conf', prepare_dvm = True)
    1750. 

  1750. 

  1751.         return xid
    1752. 

  1752. 

  1753.     def _cleanup_zombie_domains(self):
    1754. 

  1754.         """
    1755. 

  1755.         This function is workaround broken libxl (which leaves not fully
    1756. 

  1756.         created domain on failure) and vchan on domain crash behaviour
    1757. 

  1757.         @return: None
    1758. 

  1758.         """
    1759. 

  1759.         xc = self.get_xc_dominfo()
    1760. 

  1760.         if xc and xc['dying'] == 1:
    1761. 

  1761.             # GUID still running?
    1762. 

  1762.             guid_pidfile = '/var/run/qubes/guid-running.%d' % xc['domid']
    1763. 

  1763.             if os.path.exists(guid_pidfile):
    1764. 

  1764.                 guid_pid = open(guid_pidfile).read().strip()
    1765. 

  1765.                 os.kill(int(guid_pid), 15)
    1766. 

  1766.             # qrexec still running?
    1767. 

  1767.             if self.is_qrexec_running():
    1768. 

  1768.                 #TODO: kill qrexec daemon
    1769. 

  1769.                 pass
    1770. 

  1770. 

  1771.     def shutdown(self, force=False, xid = None):
    1772. 

  1772.         if dry_run:
    1773. 

  1773.             return
    1774. 

  1774. 

  1775.         if not self.is_running():
    1776. 

  1776.             raise QubesException ("VM already stopped!")
    1777. 

  1777. 

  1778.         subprocess.call (['/usr/sbin/xl', 'shutdown', str(xid) if xid is not None else self.name])
    1779. 

  1779.         #xc.domain_destroy(self.get_xid())
    1780. 

  1780. 

  1781.     def force_shutdown(self, xid = None):
    1782. 

  1782.         if dry_run:
    1783. 

  1783.             return
    1784. 

  1784. 

  1785.         if not self.is_running() and not self.is_paused():
    1786. 

  1786.             raise QubesException ("VM already stopped!")
    1787. 

  1787. 

  1788.         subprocess.call(['sudo', '/usr/sbin/xl', 'destroy',
    1789. 

  1789.                          str(xid) if xid is not None else self.name])
    1790. 

  1790. 

  1791.     def suspend(self):
    1792. 

  1792.         if dry_run:
    1793. 

  1793.             return
    1794. 

  1794. 

  1795.         if not self.is_running() and not self.is_paused():
    1796. 

  1796.             raise QubesException ("VM already stopped!")
    1797. 

  1797. 

  1798.         if len (self.pcidevs) > 0:
    1799. 

  1799.             xs_path = '/local/domain/%d/control/shutdown' % self.get_xid()
    1800. 

  1800.             xs.write('', xs_path, 'suspend')
    1801. 

  1801.             tries = 0
    1802. 

  1802.             while self.get_power_state() != "Suspended":
    1803. 

  1803.                 tries += 1
    1804. 

  1804.                 if tries > 15:
    1805. 

  1805.                     # fallback to pause
    1806. 

  1806.                     print >>sys.stderr, "Failed to suspend domain %s, falling back to pause method" % self.name
    1807. 

  1807.                     self.pause()
    1808. 

  1808.                     break
    1809. 

  1809.                 time.sleep(0.2)
    1810. 

  1810.         else:
    1811. 

  1811.             self.pause()
    1812. 

  1812. 

  1813.     def resume(self):
    1814. 

  1814.         if dry_run:
    1815. 

  1815.             return
    1816. 

  1816. 

  1817.         xc_info = self.get_xc_dominfo()
    1818. 

  1818.         if not xc_info:
    1819. 

  1819.             raise QubesException ("VM isn't started (cannot get xc_dominfo)!")
    1820. 

  1820. 

  1821.         if xc_info['shutdown_reason'] == 2:
    1822. 

  1822.             # suspended
    1823. 

  1823.             xc.domain_resume(xc_info['domid'], 1)
    1824. 

  1824.             xs.resume_domain(xc_info['domid'])
    1825. 

  1825.         else:
    1826. 

  1826.             self.unpause()
    1827. 

  1827. 

  1828.     def pause(self):
    1829. 

  1829.         if dry_run:
    1830. 

  1830.             return
    1831. 

  1831. 

  1832.         xc.domain_pause(self.get_xid())
    1833. 

  1833. 

  1834.     def unpause(self):
    1835. 

  1835.         if dry_run:
    1836. 

  1836.             return
    1837. 

  1837. 

  1838.         xc.domain_unpause(self.get_xid())
    1839. 

  1839. 

  1840.     def get_xml_attrs(self):
    1841. 

  1841.         attrs = {}
    1842. 

  1842.         attrs_config = self.get_attrs_config()
    1843. 

  1843.         for attr in attrs_config:
    1844. 

  1844.             attr_config = attrs_config[attr]
    1845. 

  1845.             if 'save' in attr_config:
    1846. 

  1846.                 if 'save_skip' in attr_config:
    1847. 

  1847.                     if callable(attr_config['save_skip']):
    1848. 

  1848.                         if attr_config['save_skip']():
    1849. 

  1849.                             continue
    1850. 

  1850.                     elif eval(attr_config['save_skip']):
    1851. 

  1851.                         continue
    1852. 

  1852.                 if callable(attr_config['save']):
    1853. 

  1853.                     value = attr_config['save']()
    1854. 

  1854.                 else:
    1855. 

  1855.                     value = eval(attr_config['save'])
    1856. 

  1856.                 if 'save_attr' in attr_config:
    1857. 

  1857.                     attrs[attr_config['save_attr']] = value
    1858. 

  1858.                 else:
    1859. 

  1859.                     attrs[attr] = value
    1860. 

  1860.         return attrs
    1861. 

  1861. 

  1862.     def create_xml_element(self):
    1863. 

  1863.         # Compatibility hack (Qubes*VM in type vs Qubes*Vm in XML)...
    1864. 

  1864.         rx_type = re.compile (r"VM")
    1865. 

  1865. 

  1866.         attrs = self.get_xml_attrs()
    1867. 

  1867.         element = lxml.etree.Element(
    1868. 

  1868.             "Qubes" + rx_type.sub("Vm", self.type),
    1869. 

  1869.             **attrs)
    1870. 

  1870.         return element
    1871. 

  1871. 

  1872. register_qubes_vm_class(QubesVm)
    1873.