Skip to content

Commit

Permalink
Validate default_kernel global property on set
Browse files Browse the repository at this point in the history
  • Loading branch information
alimirjamali committed Aug 18, 2024
1 parent a1a023b commit 134e971
Show file tree
Hide file tree
Showing 4 changed files with 57 additions and 0 deletions.
28 changes: 28 additions & 0 deletions qubes/app.py
Original file line number Diff line number Diff line change
Expand Up @@ -674,6 +674,27 @@ def _setter_default_netvm(app, prop, value):
return value


def _validate_kernel(obj, name, kernel):
if not kernel:
return
dirname = os.path.join(
qubes.config.qubes_base_dir,
qubes.config.system_path['qubes_kernels_base_dir'],
kernel)
if not os.path.exists(dirname):
raise qubes.exc.QubesPropertyValueError(
obj, name, kernel,
'Kernel {!r} not installed'.format(
kernel))
for filename in ('vmlinuz',):
if not os.path.exists(os.path.join(dirname, filename)):
raise qubes.exc.QubesPropertyValueError(
obj, name, kernel,
'Kernel {!r} not properly installed: '
'missing {!r} file'.format(
kernel, filename))


class Qubes(qubes.PropertyHolder):
"""Main Qubes application
Expand Down Expand Up @@ -1593,3 +1614,10 @@ def on_property_set_default_dispvm(self, event, name, newvalue,
# resetting dispvm to its default value
vm.fire_event('property-reset:default_dispvm',
name='default_dispvm', oldvalue=oldvalue)

@qubes.events.handler('property-pre-set:default_kernel')
# pylint: disable-next=invalid-name
def on_property_pre_set_default_kernel(self, event, name, newvalue,
oldvalue=None):
# pylint: disable=unused-argument
_validate_kernel(self, 'default_kernel', newvalue)
15 changes: 15 additions & 0 deletions qubes/tests/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -458,6 +458,21 @@ def setUp(self):
self.loop = asyncio.get_event_loop()
self.addCleanup(self.cleanup_loop)

self.test_base_dir = '/tmp/qubes-test-dir'
self.base_dir_patch = unittest.mock.patch.dict(qubes.config.system_path,
{'qubes_base_dir': self.test_base_dir})
self.base_dir_patch2 = unittest.mock.patch(
'qubes.config.qubes_base_dir', self.test_base_dir)
self.base_dir_patch3 = unittest.mock.patch.dict(
qubes.config.defaults['pool_configs']['varlibqubes'],
{'dir_path': self.test_base_dir})
self.base_dir_patch.start()
self.base_dir_patch2.start()
self.base_dir_patch3.start()
kernel_dir = '/tmp/qubes-test-dir/vm-kernels/1.0'
os.makedirs(kernel_dir, exist_ok=True)
open(os.path.join(kernel_dir, 'vmlinuz'), 'w').close()

def cleanup_gc(self):
gc.collect()
leaked = [obj for obj in gc.get_objects() + gc.garbage
Expand Down
3 changes: 3 additions & 0 deletions qubes/tests/api_admin.py
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,9 @@ def setUp(self):
self.base_dir_patch.start()
self.base_dir_patch2.start()
self.base_dir_patch3.start()
kernel_dir = '/tmp/qubes-test-dir/vm-kernels/1.0'
os.makedirs(kernel_dir, exist_ok=True)
open(os.path.join(kernel_dir, 'vmlinuz'), 'w').close()
app = qubes.Qubes('/tmp/qubes-test.xml', load=False)
app.vmm = unittest.mock.Mock(spec=qubes.app.VMMConnection)
app.load_initial_values()
Expand Down
11 changes: 11 additions & 0 deletions run-tests
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,13 @@ if sudo --non-interactive "$name/ci/lvm-manage" setup-lvm vg$$/pool; then
CLEANUP_LVM=yes
fi

CLEANUP_KERNEL_POOL=
if [ ! -d "/var/lib/qubes/vm-kernels" ]; then
sudo mkdir --parents /var/lib/qubes/vm-kernels/dummy
sudo touch /var/lib/qubes/vm-kernels/dummy/vmlinuz
CLEANUP_KERNEL_POOL=yes
fi

: "${PYTHON:=python3}"
: "${TESTPYTHONPATH:=test-packages}"

Expand All @@ -32,6 +39,10 @@ export PYTHONPATH
"${PYTHON}" setup.py egg_info --egg-base "${TESTPYTHONPATH}"
"${PYTHON}" -m coverage run --rcfile=ci/coveragerc -m qubes.tests.run "$@"
retcode=$?
if [ -n "$CLEANUP_KERNEL_POOL" ]; then
sudo rm /var/lib/qubes/vm-kernels/dummy/vmlinuz
sudo rmdir /var/lib/qubes/vm-kernels/dummy
fi
if [ -n "$CLEANUP_LVM" ]; then
sudo --non-interactive $(dirname "$0")/ci/lvm-manage cleanup-lvm "$DEFAULT_LVM_POOL"
fi
Expand Down

0 comments on commit 134e971

Please sign in to comment.