From 86d03129db3f5bf87de8bad15866de933569e64b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Sat, 6 Apr 2024 15:24:18 +0200 Subject: [PATCH] qvm-start-daemon: handle policy denials Do not interrupt enumerating VMs if one gets policy deny. QubesOS/qubes-issues#1590 --- qubesadmin/tools/qvm_start_daemon.py | 44 +++++++++++++++------------- 1 file changed, 24 insertions(+), 20 deletions(-) diff --git a/qubesadmin/tools/qvm_start_daemon.py b/qubesadmin/tools/qvm_start_daemon.py index f7a9e6320..ac8a113ba 100644 --- a/qubesadmin/tools/qvm_start_daemon.py +++ b/qubesadmin/tools/qvm_start_daemon.py @@ -694,28 +694,32 @@ def on_connection_established(self, _subject, _event, **_kwargs): monitor_layout = get_monitor_layout() self.app.domains.clear_cache() for vm in self.app.domains: - if vm.klass == 'AdminVM': - continue + try: + if vm.klass == 'AdminVM': + continue - if not self.is_watched(vm): - continue + if not self.is_watched(vm): + continue - power_state = vm.get_power_state() - if power_state == 'Running': - if "guivm" in self.enabled_services: - asyncio.ensure_future( - self.start_gui(vm, monitor_layout=monitor_layout) - ) - if "audiovm" in self.enabled_services: - asyncio.ensure_future(self.start_audio(vm)) - self.xid_cache[vm.name] = vm.xid, vm.stubdom_xid - elif power_state == 'Transient': - # it is still starting, we'll get 'domain-start' - # event when fully started - if "guivm" in self.enabled_services and vm.virt_mode == 'hvm': - asyncio.ensure_future( - self.start_gui_for_stubdomain(vm) - ) + power_state = vm.get_power_state() + if power_state == 'Running': + if "guivm" in self.enabled_services: + asyncio.ensure_future( + self.start_gui(vm, monitor_layout=monitor_layout) + ) + if "audiovm" in self.enabled_services: + asyncio.ensure_future(self.start_audio(vm)) + self.xid_cache[vm.name] = vm.xid, vm.stubdom_xid + elif power_state == 'Transient': + # it is still starting, we'll get 'domain-start' + # event when fully started + if "guivm" in self.enabled_services \ + and vm.virt_mode == 'hvm': + asyncio.ensure_future( + self.start_gui_for_stubdomain(vm) + ) + except qubesadmin.exc.QubesDaemonCommunicationError as e: + vm.log.warning("Failed to handle %s: %s", vm.name, str(e)) def on_domain_stopped(self, vm, _event, **_kwargs): """Handler of 'domain-stopped' event, cleans up"""