Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

qubes_netwatcher: add a note about NETCFG untrusted origin

Browse Source
This commit is contained in:
Rafal Wojtczuk 2011-05-09 16:23:52 +02:00
parent 0d785fcbf8
commit 5923741c83
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
proxyvm/bin/qubes_netwatcher
View File

@ -13,11 +13,12 @@ trap 'exit 0' SIGTERM
while true; do while true; do
NET_DOMID=$(/usr/bin/xenstore-read qubes_netvm_domid) NET_DOMID=$(/usr/bin/xenstore-read qubes_netvm_domid)
if [[ -n "$NET_DOMID" ]] && [[ $NET_DOMID -gt 0 ]]; then if [[ -n "$NET_DOMID" ]] && [[ $NET_DOMID -gt 0 ]]; then
NETCFG=$(/usr/bin/xenstore-read /local/domain/$NET_DOMID/qubes_netvm_external_ip) UNTRUSTED_NETCFG=$(/usr/bin/xenstore-read /local/domain/$NET_DOMID/qubes_netvm_external_ip)
if [[ "$NETCFG" != "$CURR_NETCFG" ]]; then # UNTRUSTED_NETCFG is not parsed in any way
if [[ "$UNTRUSTED_NETCFG" != "$CURR_NETCFG" ]]; then
/sbin/service qubes_firewall stop /sbin/service qubes_firewall stop
/sbin/service qubes_firewall start /sbin/service qubes_firewall start
CURR_NETCFG="$NETCFG" CURR_NETCFG="$UNTRUSTED_NETCFG"
/usr/bin/xenstore-write qubes_netvm_external_ip "$CURR_NETCFG" /usr/bin/xenstore-write qubes_netvm_external_ip "$CURR_NETCFG"
fi fi