/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

default_fw_netvm results in all "provides_network" VMs bypassing firewall by default #3247

Closed
qubesuser opened this Issue Oct 28, 2017 · 4 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Release 4.0
3 participants
@qubesuser @marmarek @qubesos-bot
@qubesuser

qubesuser commented Oct 28, 2017

Qubes OS version:

R4.0-rc2

Steps to reproduce the behavior:

  1. Create a VM with provides_network=true

Expected behavior:

The (default) netvm for the VM should be sys-firewall.

Actual behavior:

The (default) netvm for the VM is sys-net.

General notes:

Only sys-firewall should be connected to sys-net (in normal configurations), so it doesn't make sense to attach any VM by default to sys-net. Whether a VM is a proxy VM shouldn't really impact that.

I'd recommend completely removing the default_fw_netvm preference and just setting the sys-firewall netvm explicitly to sys-net when sys-firewall is created.

Workaround

Set sys-firewall netvm to sys-net explicitly and then set default_fw_netvm to sys-firewall
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Oct 28, 2017

Member

I'd recommend completely removing the default_fw_netvm preference and just setting the sys-firewall netvm explicitly to sys-net when sys-firewall is created.

Makes sense
Member

marmarek commented Oct 28, 2017

I'd recommend completely removing the default_fw_netvm preference and just setting the sys-firewall netvm explicitly to sys-net when sys-firewall is created.

Makes sense

@marmarek marmarek added bug C: core P: major labels Oct 28, 2017

@marmarek marmarek added this to the Release 4.0 milestone Oct 28, 2017

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Oct 28, 2017

Member

BTW default_fw_netvm caused some problems already: #3190
Member

marmarek commented Oct 28, 2017

BTW default_fw_netvm caused some problems already: #3190

marmarek added a commit to marmarek/qubes-core-admin that referenced this issue Dec 1, 2017

@marmarek
app: kill default_fw_netvm property 
Having both default_netvm and default_fw_netvm cause a lot of confusion,
because it isn't clear for the user which one is used when. Additionally
changing provides_network property may also change netvm property, which
may be unintended effect. This as a whole make it hard to:
- cover all netvm-changing actions with policy for Admin API
- cover all netvm-changing events (for example to apply the change to
the running VM, or to check for netvm loops)

As suggested by @qubesuser, kill the default_fw_netvm property and
simplify the logic around it.
Since we're past rc1, implement also migration logic. And add tests for
said migration.

Fixes QubesOS/qubes-issues#3247
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
e194858

marmarek added a commit to marmarek/qubes-core-admin that referenced this issue Dec 5, 2017

@marmarek
app: kill default_fw_netvm property 
Having both default_netvm and default_fw_netvm cause a lot of confusion,
because it isn't clear for the user which one is used when. Additionally
changing provides_network property may also change netvm property, which
may be unintended effect. This as a whole make it hard to:
- cover all netvm-changing actions with policy for Admin API
- cover all netvm-changing events (for example to apply the change to
the running VM, or to check for netvm loops)

As suggested by @qubesuser, kill the default_fw_netvm property and
simplify the logic around it.
Since we're past rc1, implement also migration logic. And add tests for
said migration.

Fixes QubesOS/qubes-issues#3247
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
a57f4e0

marmarek added a commit to marmarek/qubes-core-admin that referenced this issue Dec 6, 2017

@marmarek
app: kill default_fw_netvm property 
Having both default_netvm and default_fw_netvm cause a lot of confusion,
because it isn't clear for the user which one is used when. Additionally
changing provides_network property may also change netvm property, which
may be unintended effect. This as a whole make it hard to:
- cover all netvm-changing actions with policy for Admin API
- cover all netvm-changing events (for example to apply the change to
the running VM, or to check for netvm loops)

As suggested by @qubesuser, kill the default_fw_netvm property and
simplify the logic around it.
Since we're past rc1, implement also migration logic. And add tests for
said migration.

Fixes QubesOS/qubes-issues#3247
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
7de9fa8

@marmarek marmarek closed this in marmarek/qubes-core-admin@f223594 Dec 10, 2017

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Dec 22, 2017

Automated announcement from builder-github

The package qubes-core-dom0-4.0.15-1.fc25 has been pushed to the r4.0 testing repository for dom0.
To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update

qubesos-bot commented Dec 22, 2017

Automated announcement from builder-github

The package qubes-core-dom0-4.0.15-1.fc25 has been pushed to the r4.0 testing repository for dom0.
To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update

@qubesos-bot qubesos-bot added the r4.0-dom0-cur-test label Dec 22, 2017

@qubesos-bot qubesos-bot referenced this issue in QubesOS/updates-status Dec 22, 2017

Closed

core-admin v4.0.15 (r4.0) #327

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Jan 5, 2018

Automated announcement from builder-github

The package qubes-core-dom0-4.0.15-1.fc25 has been pushed to the r4.0 stable repository for dom0.
To install this update, please use the standard update command:

sudo qubes-dom0-update

Or update dom0 via Qubes Manager.

Changes included in this update

qubesos-bot commented Jan 5, 2018

Automated announcement from builder-github

The package qubes-core-dom0-4.0.15-1.fc25 has been pushed to the r4.0 stable repository for dom0.
To install this update, please use the standard update command:

sudo qubes-dom0-update

Or update dom0 via Qubes Manager.

Changes included in this update

@qubesos-bot qubesos-bot added r4.0-dom0-stable and removed r4.0-dom0-cur-test labels Jan 5, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment