Validate default_kernel global property on set

fixes: QubesOS/qubes-issues#8992
QubesOS · Aug 18, 2024 · 4bec5ec · 4bec5ec
1 parent a1a023b
commit 4bec5ec
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 1 deletion.
diff --git a/qubes/app.py b/qubes/app.py
@@ -642,7 +642,6 @@ def _default_pool(app):
  return pool
  raise AttributeError('Cannot determine default storage pool')
 
-
 def _setter_pool(app, prop, value):
  if isinstance(value, qubes.storage.Pool):
  return value
@@ -674,6 +673,27 @@ def _setter_default_netvm(app, prop, value):
  return value
 
 
+def _validate_kernel(obj, name, kernel):
+ if not kernel:
+ return
+ dirname = os.path.join(
+ qubes.config.qubes_base_dir,
+ qubes.config.system_path['qubes_kernels_base_dir'],
+ kernel)
+ if not os.path.exists(dirname):
+ raise qubes.exc.QubesPropertyValueError(
+ obj, name, kernel,
+ 'Kernel {!r} not installed'.format(
+ kernel))
+ for filename in ('vmlinuz',):
+ if not os.path.exists(os.path.join(dirname, filename)):
+ raise qubes.exc.QubesPropertyValueError(
+ obj, name, kernel,
+ 'Kernel {!r} not properly installed: '
+ 'missing {!r} file'.format(
+ kernel, filename))
+
+
 class Qubes(qubes.PropertyHolder):
  """Main Qubes application
 
@@ -1593,3 +1613,10 @@ def on_property_set_default_dispvm(self, event, name, newvalue,
  # resetting dispvm to its default value
  vm.fire_event('property-reset:default_dispvm',
  name='default_dispvm', oldvalue=oldvalue)
+
+ @qubes.events.handler('property-pre-set:default_kernel')
+ # pylint: disable-next=invalid-name
+ def on_property_pre_set_default_kernel(self, event, name, newvalue,
+ oldvalue=None):
+ # pylint: disable=unused-argument
+ _validate_kernel(self, 'default_kernel', newvalue)
diff --git a/run-tests b/run-tests
@@ -19,6 +19,17 @@ if sudo --non-interactive "$name/ci/lvm-manage" setup-lvm vg$$/pool; then
  CLEANUP_LVM=yes
 fi
 
+CLEANUP_KERNEL_POOL=
+if [ ! -d "/var/lib/qubes/vm-kernels" ]; then
+ sudo mkdir --parents /var/lib/qubes/vm-kernels/dummy
+ sudo touch /var/lib/qubes/vm-kernels/dummy/vmlinuz
+ sudo mkdir --parents /var/lib/qubes/vm-kernels/1.0
+ sudo touch /var/lib/qubes/vm-kernels/1.0/vmlinuz
+ mkdir --parents /tmp/qubes-test-dir/vm-kernels/1.0
+ touch /tmp/qubes-test-dir/vm-kernels/1.0/vmlinuz
+ CLEANUP_KERNEL_POOL=yes
+fi
+
 : "${PYTHON:=python3}"
 : "${TESTPYTHONPATH:=test-packages}"
 
@@ -32,6 +43,15 @@ export PYTHONPATH
 "${PYTHON}" setup.py egg_info --egg-base "${TESTPYTHONPATH}"
 "${PYTHON}" -m coverage run --rcfile=ci/coveragerc -m qubes.tests.run "$@"
 retcode=$?
+if [ -n "$CLEANUP_KERNEL_POOL" ]; then
+ sudo rm /var/lib/qubes/vm-kernels/dummy/vmlinuz
+ sudo rmdir /var/lib/qubes/vm-kernels/dummy
+ sudo rm /var/lib/qubes/vm-kernels/1.0/vmlinuz
+ sudo rmdir /var/lib/qubes/vm-kernels/1.0
+ sudo rmdir /var/lib/qubes/vm-kernels
+ rm /tmp/qubes-test-dir/vm-kernels/1.0/vmlinuz
+ rmdir /tmp/qubes-test-dir/vm-kernels/1.0
+fi
 if [ -n "$CLEANUP_LVM" ]; then
  sudo --non-interactive $(dirname "$0")/ci/lvm-manage cleanup-lvm "$DEFAULT_LVM_POOL"
 fi