From 4637735882fb642fc5cc98749ccd5308f6d5257a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Tue, 27 Jan 2015 00:27:08 +0100
Subject: [PATCH] network: support for not setting DNS and/or default gateway

This patch introduces two new qvm-services:
 - set-default-route
 - set-dns-server
Both enabled by default. You can disable any of them to not set default
route and/or DNS servers in the VM. Those settings have no effect on
NetVM, where such settings are controlled by NetworkManager.

This is based on patch sent by Joonas Lehtonen
<joonas.lehtonen@openmailbox.org>
https://groups.google.com/d/msgid/qubes-devel/54C39656.3090303%40openmailbox.org

Conflicts:
	network/setup-ip
	vm-init.d/qubes-core
	vm-systemd/qubes-sysinit.sh
---
 network/setup-ip            | 32 +++++++++++++++++++++++---------
 vm-init.d/qubes-core        |  2 ++
 vm-systemd/qubes-sysinit.sh |  9 +++++----
 3 files changed, 30 insertions(+), 13 deletions(-)

diff --git a/network/setup-ip b/network/setup-ip
index 3e9bebf..eac7d88 100755
--- a/network/setup-ip
+++ b/network/setup-ip
@@ -8,16 +8,22 @@ if [ x$ip != x ]; then
     /sbin/ifconfig $INTERFACE $ip netmask 255.255.255.255
     /sbin/ifconfig $INTERFACE up
     /sbin/route add -host $gateway dev $INTERFACE
-    /sbin/route add default gw $gateway
+    if [ -f /var/run/qubes-service/set-default-route ]; then
+        /sbin/route add default gw $gateway
+    fi
     /sbin/ethtool -K $INTERFACE sg off
     /sbin/ethtool -K $INTERFACE tx off
-    echo "nameserver $gateway" > /etc/resolv.conf
-    echo "nameserver $secondary_dns" >> /etc/resolv.conf
+    echo > /etc/resolv.conf
+    if [ -f /var/run/qubes-service/set-dns-server ]; then
+        echo "nameserver $gateway" > /etc/resolv.conf
+        echo "nameserver $secondary_dns" >> /etc/resolv.conf
+    fi
     if [ -f /var/run/qubes-service/network-manager ]; then
-        cat > /etc/NetworkManager/system-connections/qubes-uplink-$INTERFACE <<__EOF__
+        nm_config=/etc/NetworkManager/system-connections/qubes-uplink-$INTERFACE
+        cat > $nm_config <<__EOF__
 [802-3-ethernet]
 duplex=full
- 
+
 [ethernet]
 mac-address=`ip l show dev $INTERFACE |grep link|awk '{print $2}'`
 
@@ -31,20 +37,28 @@ method=ignore
 
 [ipv4]
 method=manual
-dns=$gateway;$secondary_dns
-address1=$ip/32,$gateway
 may-fail=false
 __EOF__
-        chmod 600 /etc/NetworkManager/system-connections/qubes-uplink-$INTERFACE
+        if [ -f /var/run/qubes-service/set-dns-server ]; then
+            echo "dns=$gateway;$secondary_dns" >> $nm_config
+        fi
+        if [ -f /var/run/qubes-service/set-default-route ]; then
+            echo "address1=$ip/32,$gateway" >> $nm_config
+        else
+            echo "address1=$ip/32" >> $nm_config
+        fi
+        chmod 600 $nm_config
     fi
     network=$(qubesdb-read /qubes-netvm-network 2>/dev/null)
-    if [ "x$network" != "x" ]; then
+    if [ "x$network" != "x" ] && [ -f /var/run/qubes-service/set-dns-server ]; then
         gateway=$(qubesdb-read /qubes-netvm-gateway)
         netmask=$(qubesdb-read /qubes-netvm-netmask)
         secondary_dns=$(qubesdb-read /qubes-netvm-secondary-dns)
         echo "NS1=$gateway" > /var/run/qubes/qubes-ns
         echo "NS2=$secondary_dns" >> /var/run/qubes/qubes-ns
         /usr/lib/qubes/qubes-setup-dnat-to-ns
+    fi
+    if [ "x$network" != "x" ]; then
         [ -x /rw/config/qubes-ip-change-hook ] && /rw/config/qubes-ip-change-hook
         # XXX: Backward compatibility
         [ -x /rw/config/qubes_ip_change_hook ] && /rw/config/qubes_ip_change_hook
diff --git a/vm-init.d/qubes-core b/vm-init.d/qubes-core
index ce6a9cc..bef21ec 100755
--- a/vm-init.d/qubes-core
+++ b/vm-init.d/qubes-core
@@ -33,6 +33,8 @@ start()
 		echo "ZONE=\"$timezone\"" >> /etc/sysconfig/clock
 	fi
 
+    touch /var/run/qubes-service/set-default-route
+    touch /var/run/qubes-service/set-dns-server
 	yum_proxy_setup=$(/usr/bin/qubesdb-read /qubes-service/yum-proxy-setup 2> /dev/null || /usr/bin/qubesdb-read /qubes-service/updates-proxy-setup 2> /dev/null)
     type=$(/usr/bin/qubesdb-read /qubes-vm-type)
 	if [ "$yum_proxy_setup" != "0" ] || [ -z "$yum_proxy_setup" -a "$type" == "TemplateVM" ]; then
diff --git a/vm-systemd/qubes-sysinit.sh b/vm-systemd/qubes-sysinit.sh
index a0d0670..d2a9c7c 100755
--- a/vm-systemd/qubes-sysinit.sh
+++ b/vm-systemd/qubes-sysinit.sh
@@ -1,11 +1,12 @@
 #!/bin/bash
 
 # List of services enabled by default (in case of absence of qubesdb entry)
-DEFAULT_ENABLED_NETVM="network-manager qubes-network qubes-update-check qubes-updates-proxy"
-DEFAULT_ENABLED_PROXYVM="meminfo-writer qubes-network qubes-firewall qubes-netwatcher qubes-update-check"
-DEFAULT_ENABLED_APPVM="meminfo-writer cups qubes-update-check"
+DEFAULT_ENABLED_ALL="set-default-route set-dns-server"
+DEFAULT_ENABLED_NETVM="$DEFAULT_ENABLED_ALL network-manager qubes-network qubes-update-check qubes-updates-proxy"
+DEFAULT_ENABLED_PROXYVM="$DEFAULT_ENABLED_ALL meminfo-writer qubes-network qubes-firewall qubes-netwatcher qubes-update-check"
+DEFAULT_ENABLED_APPVM="$DEFAULT_ENABLED_ALL meminfo-writer cups qubes-update-check"
 DEFAULT_ENABLED_TEMPLATEVM="$DEFAULT_ENABLED_APPVM updates-proxy-setup"
-DEFAULT_ENABLED="meminfo-writer"
+DEFAULT_ENABLED="$DEFAULT_ENABLED_ALL meminfo-writer"
 
 QDB_READ=qubesdb-read
 QDB_LS=qubesdb-multiread