qfile-daemon-dvm 6.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161
  1. #!/usr/bin/python2
  2. #
  3. # The Qubes OS Project, http://www.qubes-os.org
  4. #
  5. # Copyright (C) 2010 Rafal Wojtczuk <rafal@invisiblethingslab.com>
  6. #
  7. # This program is free software; you can redistribute it and/or
  8. # modify it under the terms of the GNU General Public License
  9. # as published by the Free Software Foundation; either version 2
  10. # of the License, or (at your option) any later version.
  11. #
  12. # This program is distributed in the hope that it will be useful,
  13. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. # GNU General Public License for more details.
  16. #
  17. # You should have received a copy of the GNU General Public License
  18. # along with this program; if not, write to the Free Software
  19. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
  20. #
  21. #
  22. import os
  23. import subprocess
  24. import sys
  25. import fcntl
  26. import shutil
  27. import time
  28. from qubes.qubes import QubesVmCollection
  29. from qubes.qubes import QubesException
  30. from qubes.qubes import QubesDaemonPidfile
  31. from qubes.qubes import QubesDispVmLabels
  32. from qubes.notify import tray_notify,tray_notify_error,tray_notify_init
  33. current_savefile = '/var/run/qubes/current-savefile'
  34. current_dvm_conf = '/var/run/qubes/current-dvm.conf'
  35. current_savefile_vmdir = '/var/lib/qubes/dvmdata/vmdir'
  36. class QfileDaemonDvm:
  37. def __init__(self, name):
  38. self.name = name
  39. def get_disp_templ(self):
  40. vmdir = os.readlink(current_savefile_vmdir)
  41. return vmdir.split('/')[-1]
  42. def do_get_dvm(self):
  43. tray_notify("Starting new DispVM...", "red")
  44. qvm_collection = QubesVmCollection()
  45. qvm_collection.lock_db_for_writing()
  46. tar_process = subprocess.Popen(['bsdtar', '-C', current_savefile_vmdir,
  47. '-xSUf', os.path.join(current_savefile_vmdir, 'saved-cows.tar')])
  48. qvm_collection.load()
  49. print >>sys.stderr, "time=%s, collection loaded" % (str(time.time()))
  50. vm = qvm_collection.get_vm_by_name(self.name)
  51. if vm is None:
  52. sys.stderr.write( 'Domain ' + self.name + ' does not exist ?')
  53. qvm_collection.unlock_db()
  54. return None
  55. label = vm.label
  56. if len(sys.argv) > 4 and len(sys.argv[4]) > 0:
  57. assert sys.argv[4] in QubesDispVmLabels.keys(), "Invalid label"
  58. label = QubesDispVmLabels[sys.argv[4]]
  59. disp_templ = self.get_disp_templ()
  60. vm_disptempl = qvm_collection.get_vm_by_name(disp_templ)
  61. if vm_disptempl is None:
  62. sys.stderr.write( 'Domain ' + disp_templ + ' does not exist ?')
  63. qvm_collection.unlock_db()
  64. return None
  65. dispvm=qvm_collection.add_new_vm('QubesDisposableVm', disp_template=vm_disptempl, label=label)
  66. print >>sys.stderr, "time=%s, VM created" % (str(time.time()))
  67. # By default inherit firewall rules from calling VM
  68. if os.path.exists(vm.firewall_conf):
  69. disp_firewall_conf = '/var/run/qubes/%s-firewall.xml' % dispvm.name
  70. shutil.copy(vm.firewall_conf, disp_firewall_conf)
  71. dispvm.firewall_conf = disp_firewall_conf
  72. if len(sys.argv) > 5 and len(sys.argv[5]) > 0:
  73. assert os.path.exists(sys.argv[5]), "Invalid firewall.conf location"
  74. dispvm.firewall_conf = sys.argv[5]
  75. if vm.qid != 0:
  76. dispvm.netvm = vm.dispvm_netvm
  77. # Wait for tar to finish
  78. if tar_process.wait() != 0:
  79. sys.stderr.write('Failed to unpack saved-cows.tar')
  80. qvm_collection.unlock_db()
  81. return None
  82. print >>sys.stderr, "time=%s, VM starting" % (str(time.time()))
  83. dispvm.start()
  84. print >>sys.stderr, "time=%s, VM started" % (str(time.time()))
  85. qvm_collection.save()
  86. qvm_collection.unlock_db()
  87. # Reload firewall rules
  88. print >>sys.stderr, "time=%s, reloading firewall" % (str(time.time()))
  89. for vm in qvm_collection.values():
  90. if vm.is_proxyvm() and vm.is_running():
  91. vm.write_iptables_qubesdb_entry()
  92. return dispvm
  93. def dvm_setup_ok(self):
  94. dvmdata_dir = '/var/lib/qubes/dvmdata/'
  95. if not os.path.isfile(current_savefile):
  96. return False
  97. if not os.path.isfile(dvmdata_dir+'default-savefile') or not os.path.isfile(dvmdata_dir+'savefile-root'):
  98. return False
  99. dvm_mtime = os.stat(current_savefile).st_mtime
  100. root_mtime = os.stat(dvmdata_dir+'savefile-root').st_mtime
  101. if dvm_mtime < root_mtime:
  102. template_name = os.path.basename(os.path.dirname(os.readlink(dvmdata_dir+'savefile-root')))
  103. if subprocess.call(["xl", "domid", template_name]) == 0:
  104. tray_notify("For optimum performance, you should not "
  105. "start DispVM when its template is running.", "red")
  106. return False
  107. return True
  108. def get_dvm(self):
  109. if not self.dvm_setup_ok():
  110. if os.system("/usr/lib/qubes/qubes-update-dispvm-savefile-with-progress.sh >/dev/null </dev/null" ) != 0:
  111. tray_notify_error("DVM savefile creation failed")
  112. return None
  113. return self.do_get_dvm()
  114. def remove_disposable_from_qdb(self, name):
  115. qvm_collection = QubesVmCollection()
  116. qvm_collection.lock_db_for_writing()
  117. qvm_collection.load()
  118. vm = qvm_collection.get_vm_by_name(name)
  119. if vm is None:
  120. qvm_collection.unlock_db()
  121. return False
  122. qvm_collection.pop(vm.qid)
  123. qvm_collection.save()
  124. qvm_collection.unlock_db()
  125. def main():
  126. global notify_object
  127. exec_index = sys.argv[1]
  128. src_vmname = sys.argv[2]
  129. user = sys.argv[3]
  130. #accessed directly by get_dvm()
  131. # sys.argv[4] - override label
  132. # sys.argv[5] - override firewall
  133. print >>sys.stderr, "time=%s, qfile-daemon-dvm init" % (str(time.time()))
  134. tray_notify_init()
  135. print >>sys.stderr, "time=%s, creating DispVM" % (str(time.time()))
  136. qfile = QfileDaemonDvm(src_vmname)
  137. dispvm = qfile.get_dvm()
  138. if dispvm is not None:
  139. print >>sys.stderr, "time=%s, starting VM process" % (str(time.time()))
  140. subprocess.call(['/usr/lib/qubes/qrexec-client', '-d', dispvm.name,
  141. user+':exec /usr/lib/qubes/qubes-rpc-multiplexer ' + exec_index + " " + src_vmname])
  142. dispvm.force_shutdown()
  143. qfile.remove_disposable_from_qdb(dispvm.name)
  144. main()