Skip to content

Commit

Permalink
Use the UUID for the machine ID
Browse files Browse the repository at this point in the history 
This avoids leaking the real machine ID into guests, and provides an
easy way for guests to know their own UUID.

Fixes: QubesOS/qubes-issues#8833
  • Loading branch information
@DemiMarie
DemiMarie committed Dec 23, 2024
1 parent f66c912 commit 3efd0c3
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 29 deletions.
57 changes: 30 additions & 27 deletions qubes/tests/vm/qubesvm.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@

import unittest
import uuid
from uuid import UUID
import datetime

import asyncio
Expand Down Expand Up @@ -313,8 +314,9 @@ def get_vm(
None,
qid=kwargs.pop("qid", 1),
name=qubes.tests.VMPREFIX + name,
**kwargs
**kwargs,
)
vm.features["os"] = "Linux"
self.app.domains[vm.qid] = vm
self.app.domains[vm.uuid] = vm
self.app.domains[vm.name] = vm
Expand Down Expand Up @@ -846,7 +848,8 @@ def test_500_property_migrate_virt_mode(self):
vm.hvm

def test_600_libvirt_xml_pv(self):
expected = """<domain type="xen">
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
expected = f"""<domain type="xen">
<name>test-inst-test</name>
<uuid>7db78950-c467-4863-94d1-af59806384ea</uuid>
<memory unit="MiB">500</memory>
Expand All @@ -856,7 +859,7 @@ def test_600_libvirt_xml_pv(self):
<type arch="x86_64" machine="xenpv">linux</type>
<kernel>/tmp/qubes-test/vm-kernels/dummy/vmlinuz</kernel>
<initrd>/tmp/qubes-test/vm-kernels/dummy/initramfs</initrd>
<cmdline>root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0 swiotlb=2048</cmdline>
<cmdline>systemd.machine_id={UUID(my_uuid).hex} root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0 swiotlb=2048</cmdline>
</os>
<features>
</features>
Expand All @@ -880,7 +883,6 @@ def test_600_libvirt_xml_pv(self):
</devices>
</domain>
"""
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
vm = self.get_vm(uuid=my_uuid)
vm.netvm = None
vm.virt_mode = "pv"
Expand Down Expand Up @@ -910,6 +912,7 @@ def test_600_libvirt_xml_pv(self):
)

def test_600_libvirt_xml_hvm(self):
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
expected = """<domain type="xen">
<name>test-inst-test</name>
<uuid>7db78950-c467-4863-94d1-af59806384ea</uuid>
Expand Down Expand Up @@ -958,7 +961,6 @@ def test_600_libvirt_xml_hvm(self):
</devices>
</domain>
"""
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
vm = self.get_vm(uuid=my_uuid)
vm.netvm = None
vm.virt_mode = "hvm"
Expand All @@ -968,7 +970,8 @@ def test_600_libvirt_xml_hvm(self):
)

def test_600_libvirt_xml_hvm_dom0_kernel(self):
expected = """<domain type="xen">
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
expected = f"""<domain type="xen">
<name>test-inst-test</name>
<uuid>7db78950-c467-4863-94d1-af59806384ea</uuid>
<memory unit="MiB">500</memory>
Expand All @@ -991,7 +994,7 @@ def test_600_libvirt_xml_hvm_dom0_kernel(self):
<loader type="rom">hvmloader</loader>
<boot dev="cdrom" />
<boot dev="hd" />
<cmdline>root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0 swiotlb=2048</cmdline>
<cmdline>systemd.machine_id={UUID(my_uuid).hex} root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0 swiotlb=2048</cmdline>
</os>
<features>
<pae/>
Expand All @@ -1017,7 +1020,6 @@ def test_600_libvirt_xml_hvm_dom0_kernel(self):
</devices>
</domain>
"""
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
vm = self.get_vm(uuid=my_uuid)
vm.netvm = None
vm.virt_mode = "hvm"
Expand All @@ -1037,6 +1039,7 @@ def test_600_libvirt_xml_hvm_dom0_kernel(self):
)

def test_600_libvirt_xml_hvm_dom0_kernel_kernelopts(self):
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
expected = """<domain type="xen">
<name>test-inst-test</name>
<uuid>7db78950-c467-4863-94d1-af59806384ea</uuid>
Expand Down Expand Up @@ -1086,8 +1089,8 @@ def test_600_libvirt_xml_hvm_dom0_kernel_kernelopts(self):
</devices>
</domain>
"""
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
vm = self.get_vm(uuid=my_uuid)
vm.features["os"] = "Other"
vm.netvm = None
vm.virt_mode = "hvm"
vm.features["qrexec"] = True
Expand All @@ -1110,7 +1113,8 @@ def test_600_libvirt_xml_hvm_dom0_kernel_kernelopts(self):
)

def test_600_libvirt_xml_pvh(self):
expected = """<domain type="xen">
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
expected = f"""<domain type="xen">
<name>test-inst-test</name>
<uuid>7db78950-c467-4863-94d1-af59806384ea</uuid>
<memory unit="MiB">500</memory>
Expand All @@ -1127,7 +1131,7 @@ def test_600_libvirt_xml_pvh(self):
<type arch="x86_64" machine="xenpvh">xenpvh</type>
<kernel>/tmp/qubes-test/vm-kernels/dummy/vmlinuz</kernel>
<initrd>/tmp/qubes-test/vm-kernels/dummy/initramfs</initrd>
<cmdline>root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0 swiotlb=2048</cmdline>
<cmdline>systemd.machine_id={UUID(my_uuid).hex} root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0 swiotlb=2048</cmdline>
</os>
<features>
<pae/>
Expand Down Expand Up @@ -1155,7 +1159,6 @@ def test_600_libvirt_xml_pvh(self):
</devices>
</domain>
"""
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
vm = self.get_vm(uuid=my_uuid)
vm.netvm = None
vm.virt_mode = "pvh"
Expand Down Expand Up @@ -1185,7 +1188,8 @@ def test_600_libvirt_xml_pvh(self):
)

def test_600_libvirt_xml_pvh_no_initramfs(self):
expected = """<domain type="xen">
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
expected = f"""<domain type="xen">
<name>test-inst-test</name>
<uuid>7db78950-c467-4863-94d1-af59806384ea</uuid>
<memory unit="MiB">500</memory>
Expand All @@ -1201,7 +1205,7 @@ def test_600_libvirt_xml_pvh_no_initramfs(self):
<os>
<type arch="x86_64" machine="xenpvh">xenpvh</type>
<kernel>/tmp/qubes-test/vm-kernels/dummy/vmlinuz</kernel>
<cmdline>root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0 swiotlb=2048</cmdline>
<cmdline>systemd.machine_id={UUID(my_uuid).hex} root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0 swiotlb=2048</cmdline>
</os>
<features>
<pae/>
Expand Down Expand Up @@ -1229,7 +1233,6 @@ def test_600_libvirt_xml_pvh_no_initramfs(self):
</devices>
</domain>
"""
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
vm = self.get_vm(uuid=my_uuid)
vm.netvm = None
vm.virt_mode = "pvh"
Expand Down Expand Up @@ -1258,7 +1261,8 @@ def test_600_libvirt_xml_pvh_no_initramfs(self):
)

def test_600_libvirt_xml_pvh_no_membalance(self):
expected = """<domain type="xen">
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
expected = f"""<domain type="xen">
<name>test-inst-test</name>
<uuid>7db78950-c467-4863-94d1-af59806384ea</uuid>
<memory unit="MiB">400</memory>
Expand All @@ -1275,7 +1279,7 @@ def test_600_libvirt_xml_pvh_no_membalance(self):
<type arch="x86_64" machine="xenpvh">xenpvh</type>
<kernel>/tmp/qubes-test/vm-kernels/dummy/vmlinuz</kernel>
<initrd>/tmp/qubes-test/vm-kernels/dummy/initramfs</initrd>
<cmdline>root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0 swiotlb=2048</cmdline>
<cmdline>systemd.machine_id={UUID(my_uuid).hex} root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0 swiotlb=2048</cmdline>
</os>
<features>
<pae/>
Expand Down Expand Up @@ -1303,7 +1307,6 @@ def test_600_libvirt_xml_pvh_no_membalance(self):
</devices>
</domain>
"""
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
vm = self.get_vm(uuid=my_uuid)
vm.netvm = None
vm.virt_mode = "pvh"
Expand Down Expand Up @@ -1334,6 +1337,7 @@ def test_600_libvirt_xml_pvh_no_membalance(self):
)

def test_600_libvirt_xml_hvm_pcidev(self):
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
expected = """<domain type="xen">
<name>test-inst-test</name>
<uuid>7db78950-c467-4863-94d1-af59806384ea</uuid>
Expand Down Expand Up @@ -1393,7 +1397,6 @@ def test_600_libvirt_xml_hvm_pcidev(self):
</devices>
</domain>
"""
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
# required for PCI devices listing
self.app.vmm.offline_mode = False
hostdev_details = unittest.mock.Mock(
Expand Down Expand Up @@ -1443,6 +1446,7 @@ def test_600_libvirt_xml_hvm_pcidev(self):
)

def test_600_libvirt_xml_hvm_pcidev_s0ix(self):
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
expected = """<domain type="xen">
<name>test-inst-test</name>
<uuid>7db78950-c467-4863-94d1-af59806384ea</uuid>
Expand Down Expand Up @@ -1503,7 +1507,6 @@ def test_600_libvirt_xml_hvm_pcidev_s0ix(self):
</devices>
</domain>
"""
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
# required for PCI devices listing
self.app.vmm.offline_mode = False
hostdev_details = unittest.mock.Mock(
Expand Down Expand Up @@ -1554,6 +1557,7 @@ def test_600_libvirt_xml_hvm_pcidev_s0ix(self):
)

def test_600_libvirt_xml_hvm_cdrom_boot(self):
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
expected = """<domain type="xen">
<name>test-inst-test</name>
<uuid>7db78950-c467-4863-94d1-af59806384ea</uuid>
Expand Down Expand Up @@ -1610,7 +1614,6 @@ def test_600_libvirt_xml_hvm_cdrom_boot(self):
</devices>
</domain>
"""
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
qdb = {
"/qubes-block-devices/sda": b"",
"/qubes-block-devices/sda/desc": b"Test device",
Expand Down Expand Up @@ -1646,7 +1649,8 @@ def test_600_libvirt_xml_hvm_cdrom_boot(self):
)

def test_600_libvirt_xml_hvm_cdrom_dom0_kernel_boot(self):
expected = """<domain type="xen">
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
expected = f"""<domain type="xen">
<name>test-inst-test</name>
<uuid>7db78950-c467-4863-94d1-af59806384ea</uuid>
<memory unit="MiB">400</memory>
Expand All @@ -1669,7 +1673,7 @@ def test_600_libvirt_xml_hvm_cdrom_dom0_kernel_boot(self):
<loader type="rom">hvmloader</loader>
<boot dev="cdrom" />
<boot dev="hd" />
<cmdline>root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0 swiotlb=2048</cmdline>
<cmdline>systemd.machine_id={UUID(my_uuid).hex} root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0 swiotlb=2048</cmdline>
</os>
<features>
<pae/>
Expand Down Expand Up @@ -1719,7 +1723,6 @@ def test_600_libvirt_xml_hvm_cdrom_dom0_kernel_boot(self):
test_qdb = TestQubesDB(qdb)
dom0 = qubes.vm.adminvm.AdminVM(self.app, None)
dom0._qdb_connection = test_qdb
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
vm = self.get_vm(uuid=my_uuid)
vm.netvm = None
vm.virt_mode = "hvm"
Expand Down Expand Up @@ -1763,6 +1766,7 @@ def test_600_libvirt_xml_hvm_cdrom_dom0_kernel_boot(self):
)

def test_610_libvirt_xml_network(self):
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
expected = """<domain type="xen">
<name>test-inst-test</name>
<uuid>7db78950-c467-4863-94d1-af59806384ea</uuid>
Expand Down Expand Up @@ -1818,7 +1822,6 @@ def test_610_libvirt_xml_network(self):
</devices>
</domain>
"""
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
netvm = self.get_vm(qid=2, name="netvm", provides_network=True)

dom0 = self.get_vm(name="dom0", qid=0)
Expand Down Expand Up @@ -1851,6 +1854,7 @@ def test_610_libvirt_xml_network(self):
)

def test_611_libvirt_xml_audiovm(self):
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
expected = """<domain type="xen">
<name>test-inst-test</name>
<uuid>7db78950-c467-4863-94d1-af59806384ea</uuid>
Expand Down Expand Up @@ -1905,7 +1909,6 @@ def test_611_libvirt_xml_audiovm(self):
</devices>
</domain>
"""
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
netvm = self.get_vm(qid=2, name="netvm", provides_network=True)
audiovm = self.get_vm(qid=3, name="sys-audio", provides_network=False)
audiovm._qubesprop_xid = audiovm.qid
Expand All @@ -1923,6 +1926,7 @@ def test_611_libvirt_xml_audiovm(self):
)

def test_615_libvirt_xml_block_devices(self):
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
expected = """<domain type="xen">
<name>test-inst-test</name>
<uuid>7db78950-c467-4863-94d1-af59806384ea</uuid>
Expand Down Expand Up @@ -2020,7 +2024,6 @@ def test_615_libvirt_xml_block_devices(self):
</devices>
</domain>
"""
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
vm = self.get_vm(uuid=my_uuid)
vm.netvm = None
vm.virt_mode = "hvm"
Expand Down
8 changes: 6 additions & 2 deletions qubes/vm/qubesvm.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2533,16 +2533,20 @@ def kernelopts_common(self):
"""
if not self.kernel:
return ""
if self.features.check_with_template("os", None) == "Linux":
base_kernelopts = "systemd.machine_id=" + self.uuid.hex + " "
else:
base_kernelopts = ""
kernels_dir = self.storage.kernels_dir

kernelopts_path = os.path.join(
kernels_dir, "default-kernelopts-common.txt"
)
if os.path.exists(kernelopts_path):
with open(kernelopts_path, encoding="ascii") as f_kernelopts:
return f_kernelopts.read().rstrip("\n\r")
return base_kernelopts + f_kernelopts.read().rstrip("\n\r")
else:
return qubes.config.defaults["kernelopts_common"]
return base_kernelopts + qubes.config.defaults["kernelopts_common"]

#
# helper methods
Expand Down

0 comments on commit 3efd0c3

Please sign in to comment.