/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

qvm-clone does not preserve firewall rules #1032

Closed
marmarek opened this Issue Jun 21, 2015 · 2 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Release 3.0
2 participants
@marmarek @3hhh
@marmarek
Member

marmarek commented Jun 21, 2015

https://groups.google.com/d/msgid/qubes-users/5586EE60.7010402%40hackingthe.net

  1. Cloning an AppVM does not appear to clone all settings; in particular the
    firewall rules are set to "allow all" for the clone by default. I'm not sure
    whether this one already existed in R2.

@marmarek marmarek added bug C: core P: major labels Jun 21, 2015

@marmarek marmarek added this to the Release 3.0 milestone Jun 21, 2015

@3hhh

This comment has been minimized.

Show comment
Hide comment
@3hhh

3hhh Jun 24, 2015

Just noticed one more similar issue: I created a dvm from within a VM with limited firewall rules - all rules were set to allowed all for the dvm instead of being cloned from the original VM.
The netvm settings were taken over now though (not as in R2).

3hhh commented Jun 24, 2015

Just noticed one more similar issue: I created a dvm from within a VM with limited firewall rules - all rules were set to allowed all for the dvm instead of being cloned from the original VM.
The netvm settings were taken over now though (not as in R2).

@marmarek marmarek closed this in marmarek/old-qubes-core-admin@1199806 Jul 8, 2015

marmarek added a commit to marmarek/old-qubes-core-admin that referenced this issue Sep 29, 2015

@marmarek
core: fix handling firewall configuration for VM clones and DispVMs (… 
…#1032)

There were two bugs:
1. Firewall configuration wasn't copied during qvm-clone (it is in
   separate file, so now it is included in vm.clone_disk_files).
2. Non-default firewall configuration wasn't stored in qubes.xml. This
   means that initially DispVM got proper configuration (inherited from
   calling VM), but if anything caused firewall reload (for example
   starting another VM), the firewall rules was cleared to default state
   (allow all).

Fixes QubesOS/qubes-issues#1032

(cherry picked from commit 1199806)

Conflicts:
	core-modules/000QubesVm.py
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
43a8625
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Oct 29, 2015

Member

Automated announcement from builder-github

The package qubes-core-dom0-doc-2.1.74-1 has been pushed to the r2 stable repository for dom0.
To install this update, please use the standard update command:

sudo qubes-dom0-update

Or update dom0 via Qubes Manager.
Member

marmarek commented Oct 29, 2015

Automated announcement from builder-github

The package qubes-core-dom0-doc-2.1.74-1 has been pushed to the r2 stable repository for dom0.
To install this update, please use the standard update command:

sudo qubes-dom0-update

Or update dom0 via Qubes Manager.

@marmarek marmarek added the r2-dom0-stable label Oct 29, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment