templatevm: set default netvm to None for templates

Since we have qrexec-based updates proxy, we can even stronger isolate templates from outside threats. QubesOS/qubes-issues#1854
marmarek · Jun 3, 2017 · cea6ecb · cea6ecb
1 parent eccb37c
commit cea6ecb
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/qubes/vm/templatevm.py b/qubes/vm/templatevm.py
@@ -27,6 +27,7 @@
 import qubes
 import qubes.config
 import qubes.vm.qubesvm
+import qubes.vm.mix.net
 from qubes.config import defaults
 from qubes.vm.qubesvm import QubesVM
 
@@ -52,6 +53,13 @@ def appvms(self):
             if hasattr(vm, 'template') and vm.template is self:
                 yield vm
 
+    netvm = qubes.VMProperty('netvm', load_stage=4, allow_none=True,
+        default=None,
+        # pylint: disable=protected-access
+        setter=qubes.vm.qubesvm.QubesVM.netvm._setter,
+        doc='''VM that provides network connection to this domain. When
+            `None`, machine is disconnected.''')
+
     def __init__(self, *args, **kwargs):
         assert 'template' not in kwargs, "A TemplateVM can not have a template"
         self.volume_config = {