qvm-open-in-vm: implement --view-only option
Implement option to disallow (ignore in fact) modifications of file opened in another VM (including DispVM). This commit implements actual services part and handling in wrapping scripts. Fixes QubesOS/qubes-issues#1118
This commit is contained in:
Marek Marczykowski-Górecki
parent
5deac1802f
commit
ef557ca460
@ -9,6 +9,7 @@
|
|||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <libqubes-rpc-filecopy.h>
|
#include <libqubes-rpc-filecopy.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
|
#include <getopt.h>
|
||||||
#include <gui-fatal.h>
|
#include <gui-fatal.h>
|
||||||
#include "dvm2.h"
|
#include "dvm2.h"
|
||||||
|
|
||||||
@ -92,17 +93,35 @@ void recv_file(const char *fname)
|
|||||||
actually_recv_file(fname, tempfile, tmpfd);
|
actually_recv_file(fname, tempfile, tmpfd);
|
||||||
}
|
}
|
||||||
|
|
||||||
void talk_to_daemon(const char *fname)
|
|
||||||
{
|
|
||||||
send_file(fname);
|
|
||||||
recv_file(fname);
|
|
||||||
}
|
|
||||||
|
|
||||||
int main(int argc, char ** argv)
|
int main(int argc, char ** argv)
|
||||||
{
|
{
|
||||||
|
char *fname;
|
||||||
|
int view_only = 0;
|
||||||
|
int ret;
|
||||||
|
const struct option opts[] = {
|
||||||
|
{"view-only", no_argument, &view_only, 1},
|
||||||
|
{0}
|
||||||
|
};
|
||||||
|
|
||||||
|
while ((ret=getopt_long(argc, argv, "", opts, NULL)) != -1) {
|
||||||
|
if (ret == '?') {
|
||||||
|
exit(2);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
signal(SIGPIPE, SIG_IGN);
|
signal(SIGPIPE, SIG_IGN);
|
||||||
if (argc!=2)
|
|
||||||
|
if (optind >= argc)
|
||||||
gui_fatal("OpenInVM - no file given?");
|
gui_fatal("OpenInVM - no file given?");
|
||||||
talk_to_daemon(argv[1]);
|
fname = argv[optind];
|
||||||
|
send_file(fname);
|
||||||
|
if (!view_only) {
|
||||||
|
recv_file(fname);
|
||||||
|
} else {
|
||||||
|
/* discard received data */
|
||||||
|
int null_fd = open("/dev/null", O_WRONLY);
|
||||||
|
copy_fd_all(null_fd, 0);
|
||||||
|
close(null_fd);
|
||||||
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -20,10 +20,10 @@
|
|||||||
#
|
#
|
||||||
#
|
#
|
||||||
|
|
||||||
if ! [ $# = 1 ] ; then
|
if ! [ $# = 1 ] && ! [ $# = 2 ]; then
|
||||||
echo "Usage: $0 filename"
|
echo "Usage: $0 [--view-only] filename"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# shellcheck disable=SC2016
|
# shellcheck disable=SC2016
|
||||||
exec qvm-open-in-vm '$dispvm' "$1"
|
exec qvm-open-in-vm '$dispvm' "$@"
|
||||||
|
|||||||
@ -20,16 +20,37 @@
|
|||||||
#
|
#
|
||||||
#
|
#
|
||||||
|
|
||||||
if ! [ $# = 2 ] ; then
|
usage() {
|
||||||
echo "Usage: $0 vmname filename"
|
echo "Usage: $0 [--view-only] vmname filename"
|
||||||
exit 1
|
exit 2
|
||||||
|
}
|
||||||
|
|
||||||
|
qopen_opts=
|
||||||
|
target=
|
||||||
|
filename=
|
||||||
|
|
||||||
|
while [ $# -gt 0 ]; do
|
||||||
|
if [ "x$1" = "x--view-only" ]; then
|
||||||
|
qopen_opts=--view-only
|
||||||
|
elif [ -z "$target" ]; then
|
||||||
|
target="$1"
|
||||||
|
elif [ -z "$filename" ]; then
|
||||||
|
filename="$1"
|
||||||
|
else
|
||||||
|
usage
|
||||||
|
fi
|
||||||
|
shift
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ -z "$target" ] || [ -z "$filename" ]; then
|
||||||
|
usage
|
||||||
fi
|
fi
|
||||||
|
|
||||||
case "$2" in
|
case "$filename" in
|
||||||
*://*)
|
*://*)
|
||||||
exec /usr/lib/qubes/qrexec-client-vm "$1" qubes.OpenURL /bin/echo "$2"
|
exec /usr/lib/qubes/qrexec-client-vm "$target" qubes.OpenURL /bin/echo "$filename"
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
exec /usr/lib/qubes/qrexec-client-vm "$1" qubes.OpenInVM "/usr/lib/qubes/qopen-in-vm" "$2"
|
exec /usr/lib/qubes/qrexec-client-vm "$target" qubes.OpenInVM "/usr/lib/qubes/qopen-in-vm" $qopen_opts "$filename"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user