Home Explore Help
Sign In
Qubes
/
core-agent-linux
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

qvm-open-in-vm: implement --view-only option

Implement option to disallow (ignore in fact) modifications of file
opened in another VM (including DispVM).
This commit implements actual services part and handling in wrapping scripts.

Fixes QubesOS/qubes-issues#1118
Marek Marczykowski-Górecki 5 years ago
parent
5deac1802f
commit
ef557ca460
3 changed files with 57 additions and 17 deletions
Split View Show Diff Stats
  1. 27 8
      qubes-rpc/qopen-in-vm.c
  2. 3 3
      qubes-rpc/qvm-open-in-dvm
  3. 27 6
      qubes-rpc/qvm-open-in-vm

+ 27 - 8
qubes-rpc/qopen-in-vm.c
View File 

@@ -9,6 +9,7 @@
 
 #include <stdlib.h>
 
 #include <libqubes-rpc-filecopy.h>
 
 #include <unistd.h>
 
+#include <getopt.h>
 
 #include <gui-fatal.h>
 
 #include "dvm2.h"
 
 
@@ -92,17 +93,35 @@ void recv_file(const char *fname)
 
         actually_recv_file(fname, tempfile, tmpfd);
 
 }
 
 
-void talk_to_daemon(const char *fname)
 
-{
 
-    send_file(fname);
 
-    recv_file(fname);
 
-}
 
-
 
 int main(int argc, char ** argv)
 
 {
 
+    char *fname;
 
+    int view_only = 0;
 
+    int ret;
 
+    const struct option opts[] = {
 
+        {"view-only", no_argument, &view_only, 1},
 
+        {0}
 
+    };
 
+
 
+    while ((ret=getopt_long(argc, argv, "", opts, NULL)) != -1) {
 
+        if (ret == '?') {
 
+            exit(2);
 
+        }
 
+    }
 
+
 
     signal(SIGPIPE, SIG_IGN);
 
-    if (argc!=2)
 
+
 
+    if (optind >= argc)
 
         gui_fatal("OpenInVM - no file given?");
 
-    talk_to_daemon(argv[1]);
 
+    fname = argv[optind];
 
+    send_file(fname);
 
+    if (!view_only) {
 
+        recv_file(fname);
 
+    } else {
 
+        /* discard received data */
 
+        int null_fd = open("/dev/null", O_WRONLY);
 
+        copy_fd_all(null_fd, 0);
 
+        close(null_fd);
 
+    }
 
     return 0;
 
 }

+ 3 - 3
qubes-rpc/qvm-open-in-dvm
View File 

@@ -20,10 +20,10 @@
 
 #
 
 #
 
 
-if ! [ $# = 1 ] ; then
 
-	echo "Usage: $0 filename"
 
+if ! [ $# = 1 ] && ! [ $# = 2 ]; then
 
+	echo "Usage: $0 [--view-only] filename"
 
 	exit 1
 
 fi
 
 
 # shellcheck disable=SC2016
 
-exec qvm-open-in-vm '$dispvm' "$1"
 
+exec qvm-open-in-vm '$dispvm' "$@"

+ 27 - 6
qubes-rpc/qvm-open-in-vm
View File 

@@ -20,16 +20,37 @@
 
 #
 
 #
 
 
-if ! [ $# = 2 ] ; then
 
-	echo "Usage: $0 vmname filename"
 
-	exit 1
 
+usage() {
 
+	echo "Usage: $0 [--view-only] vmname filename"
 
+	exit 2
 
+}
 
+
 
+qopen_opts=
 
+target=
 
+filename=
 
+
 
+while [ $# -gt 0 ]; do
 
+    if [ "x$1" = "x--view-only" ]; then
 
+        qopen_opts=--view-only
 
+    elif [ -z "$target" ]; then
 
+        target="$1"
 
+    elif [ -z "$filename" ]; then
 
+        filename="$1"
 
+    else
 
+        usage
 
+    fi
 
+    shift
 
+done
 
+
 
+if [ -z "$target" ] || [ -z "$filename" ]; then
 
+    usage
 
 fi
 
 
-case "$2" in
 
+case "$filename" in
 
 	*://*)
 
-        exec /usr/lib/qubes/qrexec-client-vm "$1" qubes.OpenURL /bin/echo "$2"
 
+        exec /usr/lib/qubes/qrexec-client-vm "$target" qubes.OpenURL /bin/echo "$filename"
 
         ;;
 
     *)
 
-        exec /usr/lib/qubes/qrexec-client-vm "$1" qubes.OpenInVM "/usr/lib/qubes/qopen-in-vm" "$2"
 
+        exec /usr/lib/qubes/qrexec-client-vm "$target" qubes.OpenInVM "/usr/lib/qubes/qopen-in-vm" $qopen_opts "$filename"
 
         ;;
 
 esac