Skip to content

Commit 3efd0c3

Browse files
DemiMarieDemiMarie
committed
Use the UUID for the machine ID
This avoids leaking the real machine ID into guests, and provides an easy way for guests to know their own UUID. Fixes: QubesOS/qubes-issues#8833
1 parent f66c912 commit 3efd0c3

File tree

2 files changed

+36
-29
lines changed

2 files changed

+36
-29
lines changed

qubes/tests/vm/qubesvm.py

+30-27
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@
2626

2727
import unittest
2828
import uuid
29+
from uuid import UUID
2930
import datetime
3031

3132
import asyncio
@@ -313,8 +314,9 @@ def get_vm(
313314
None,
314315
qid=kwargs.pop("qid", 1),
315316
name=qubes.tests.VMPREFIX + name,
316-
**kwargs
317+
**kwargs,
317318
)
319+
vm.features["os"] = "Linux"
318320
self.app.domains[vm.qid] = vm
319321
self.app.domains[vm.uuid] = vm
320322
self.app.domains[vm.name] = vm
@@ -846,7 +848,8 @@ def test_500_property_migrate_virt_mode(self):
846848
vm.hvm
847849

848850
def test_600_libvirt_xml_pv(self):
849-
expected = """<domain type="xen">
851+
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
852+
expected = f"""<domain type="xen">
850853
<name>test-inst-test</name>
851854
<uuid>7db78950-c467-4863-94d1-af59806384ea</uuid>
852855
<memory unit="MiB">500</memory>
@@ -856,7 +859,7 @@ def test_600_libvirt_xml_pv(self):
856859
<type arch="x86_64" machine="xenpv">linux</type>
857860
<kernel>/tmp/qubes-test/vm-kernels/dummy/vmlinuz</kernel>
858861
<initrd>/tmp/qubes-test/vm-kernels/dummy/initramfs</initrd>
859-
<cmdline>root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0 swiotlb=2048</cmdline>
862+
<cmdline>systemd.machine_id={UUID(my_uuid).hex} root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0 swiotlb=2048</cmdline>
860863
</os>
861864
<features>
862865
</features>
@@ -880,7 +883,6 @@ def test_600_libvirt_xml_pv(self):
880883
</devices>
881884
</domain>
882885
"""
883-
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
884886
vm = self.get_vm(uuid=my_uuid)
885887
vm.netvm = None
886888
vm.virt_mode = "pv"
@@ -910,6 +912,7 @@ def test_600_libvirt_xml_pv(self):
910912
)
911913

912914
def test_600_libvirt_xml_hvm(self):
915+
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
913916
expected = """<domain type="xen">
914917
<name>test-inst-test</name>
915918
<uuid>7db78950-c467-4863-94d1-af59806384ea</uuid>
@@ -958,7 +961,6 @@ def test_600_libvirt_xml_hvm(self):
958961
</devices>
959962
</domain>
960963
"""
961-
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
962964
vm = self.get_vm(uuid=my_uuid)
963965
vm.netvm = None
964966
vm.virt_mode = "hvm"
@@ -968,7 +970,8 @@ def test_600_libvirt_xml_hvm(self):
968970
)
969971

970972
def test_600_libvirt_xml_hvm_dom0_kernel(self):
971-
expected = """<domain type="xen">
973+
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
974+
expected = f"""<domain type="xen">
972975
<name>test-inst-test</name>
973976
<uuid>7db78950-c467-4863-94d1-af59806384ea</uuid>
974977
<memory unit="MiB">500</memory>
@@ -991,7 +994,7 @@ def test_600_libvirt_xml_hvm_dom0_kernel(self):
991994
<loader type="rom">hvmloader</loader>
992995
<boot dev="cdrom" />
993996
<boot dev="hd" />
994-
<cmdline>root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0 swiotlb=2048</cmdline>
997+
<cmdline>systemd.machine_id={UUID(my_uuid).hex} root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0 swiotlb=2048</cmdline>
995998
</os>
996999
<features>
9971000
<pae/>
@@ -1017,7 +1020,6 @@ def test_600_libvirt_xml_hvm_dom0_kernel(self):
10171020
</devices>
10181021
</domain>
10191022
"""
1020-
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
10211023
vm = self.get_vm(uuid=my_uuid)
10221024
vm.netvm = None
10231025
vm.virt_mode = "hvm"
@@ -1037,6 +1039,7 @@ def test_600_libvirt_xml_hvm_dom0_kernel(self):
10371039
)
10381040

10391041
def test_600_libvirt_xml_hvm_dom0_kernel_kernelopts(self):
1042+
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
10401043
expected = """<domain type="xen">
10411044
<name>test-inst-test</name>
10421045
<uuid>7db78950-c467-4863-94d1-af59806384ea</uuid>
@@ -1086,8 +1089,8 @@ def test_600_libvirt_xml_hvm_dom0_kernel_kernelopts(self):
10861089
</devices>
10871090
</domain>
10881091
"""
1089-
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
10901092
vm = self.get_vm(uuid=my_uuid)
1093+
vm.features["os"] = "Other"
10911094
vm.netvm = None
10921095
vm.virt_mode = "hvm"
10931096
vm.features["qrexec"] = True
@@ -1110,7 +1113,8 @@ def test_600_libvirt_xml_hvm_dom0_kernel_kernelopts(self):
11101113
)
11111114

11121115
def test_600_libvirt_xml_pvh(self):
1113-
expected = """<domain type="xen">
1116+
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
1117+
expected = f"""<domain type="xen">
11141118
<name>test-inst-test</name>
11151119
<uuid>7db78950-c467-4863-94d1-af59806384ea</uuid>
11161120
<memory unit="MiB">500</memory>
@@ -1127,7 +1131,7 @@ def test_600_libvirt_xml_pvh(self):
11271131
<type arch="x86_64" machine="xenpvh">xenpvh</type>
11281132
<kernel>/tmp/qubes-test/vm-kernels/dummy/vmlinuz</kernel>
11291133
<initrd>/tmp/qubes-test/vm-kernels/dummy/initramfs</initrd>
1130-
<cmdline>root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0 swiotlb=2048</cmdline>
1134+
<cmdline>systemd.machine_id={UUID(my_uuid).hex} root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0 swiotlb=2048</cmdline>
11311135
</os>
11321136
<features>
11331137
<pae/>
@@ -1155,7 +1159,6 @@ def test_600_libvirt_xml_pvh(self):
11551159
</devices>
11561160
</domain>
11571161
"""
1158-
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
11591162
vm = self.get_vm(uuid=my_uuid)
11601163
vm.netvm = None
11611164
vm.virt_mode = "pvh"
@@ -1185,7 +1188,8 @@ def test_600_libvirt_xml_pvh(self):
11851188
)
11861189

11871190
def test_600_libvirt_xml_pvh_no_initramfs(self):
1188-
expected = """<domain type="xen">
1191+
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
1192+
expected = f"""<domain type="xen">
11891193
<name>test-inst-test</name>
11901194
<uuid>7db78950-c467-4863-94d1-af59806384ea</uuid>
11911195
<memory unit="MiB">500</memory>
@@ -1201,7 +1205,7 @@ def test_600_libvirt_xml_pvh_no_initramfs(self):
12011205
<os>
12021206
<type arch="x86_64" machine="xenpvh">xenpvh</type>
12031207
<kernel>/tmp/qubes-test/vm-kernels/dummy/vmlinuz</kernel>
1204-
<cmdline>root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0 swiotlb=2048</cmdline>
1208+
<cmdline>systemd.machine_id={UUID(my_uuid).hex} root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0 swiotlb=2048</cmdline>
12051209
</os>
12061210
<features>
12071211
<pae/>
@@ -1229,7 +1233,6 @@ def test_600_libvirt_xml_pvh_no_initramfs(self):
12291233
</devices>
12301234
</domain>
12311235
"""
1232-
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
12331236
vm = self.get_vm(uuid=my_uuid)
12341237
vm.netvm = None
12351238
vm.virt_mode = "pvh"
@@ -1258,7 +1261,8 @@ def test_600_libvirt_xml_pvh_no_initramfs(self):
12581261
)
12591262

12601263
def test_600_libvirt_xml_pvh_no_membalance(self):
1261-
expected = """<domain type="xen">
1264+
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
1265+
expected = f"""<domain type="xen">
12621266
<name>test-inst-test</name>
12631267
<uuid>7db78950-c467-4863-94d1-af59806384ea</uuid>
12641268
<memory unit="MiB">400</memory>
@@ -1275,7 +1279,7 @@ def test_600_libvirt_xml_pvh_no_membalance(self):
12751279
<type arch="x86_64" machine="xenpvh">xenpvh</type>
12761280
<kernel>/tmp/qubes-test/vm-kernels/dummy/vmlinuz</kernel>
12771281
<initrd>/tmp/qubes-test/vm-kernels/dummy/initramfs</initrd>
1278-
<cmdline>root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0 swiotlb=2048</cmdline>
1282+
<cmdline>systemd.machine_id={UUID(my_uuid).hex} root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0 swiotlb=2048</cmdline>
12791283
</os>
12801284
<features>
12811285
<pae/>
@@ -1303,7 +1307,6 @@ def test_600_libvirt_xml_pvh_no_membalance(self):
13031307
</devices>
13041308
</domain>
13051309
"""
1306-
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
13071310
vm = self.get_vm(uuid=my_uuid)
13081311
vm.netvm = None
13091312
vm.virt_mode = "pvh"
@@ -1334,6 +1337,7 @@ def test_600_libvirt_xml_pvh_no_membalance(self):
13341337
)
13351338

13361339
def test_600_libvirt_xml_hvm_pcidev(self):
1340+
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
13371341
expected = """<domain type="xen">
13381342
<name>test-inst-test</name>
13391343
<uuid>7db78950-c467-4863-94d1-af59806384ea</uuid>
@@ -1393,7 +1397,6 @@ def test_600_libvirt_xml_hvm_pcidev(self):
13931397
</devices>
13941398
</domain>
13951399
"""
1396-
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
13971400
# required for PCI devices listing
13981401
self.app.vmm.offline_mode = False
13991402
hostdev_details = unittest.mock.Mock(
@@ -1443,6 +1446,7 @@ def test_600_libvirt_xml_hvm_pcidev(self):
14431446
)
14441447

14451448
def test_600_libvirt_xml_hvm_pcidev_s0ix(self):
1449+
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
14461450
expected = """<domain type="xen">
14471451
<name>test-inst-test</name>
14481452
<uuid>7db78950-c467-4863-94d1-af59806384ea</uuid>
@@ -1503,7 +1507,6 @@ def test_600_libvirt_xml_hvm_pcidev_s0ix(self):
15031507
</devices>
15041508
</domain>
15051509
"""
1506-
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
15071510
# required for PCI devices listing
15081511
self.app.vmm.offline_mode = False
15091512
hostdev_details = unittest.mock.Mock(
@@ -1554,6 +1557,7 @@ def test_600_libvirt_xml_hvm_pcidev_s0ix(self):
15541557
)
15551558

15561559
def test_600_libvirt_xml_hvm_cdrom_boot(self):
1560+
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
15571561
expected = """<domain type="xen">
15581562
<name>test-inst-test</name>
15591563
<uuid>7db78950-c467-4863-94d1-af59806384ea</uuid>
@@ -1610,7 +1614,6 @@ def test_600_libvirt_xml_hvm_cdrom_boot(self):
16101614
</devices>
16111615
</domain>
16121616
"""
1613-
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
16141617
qdb = {
16151618
"/qubes-block-devices/sda": b"",
16161619
"/qubes-block-devices/sda/desc": b"Test device",
@@ -1646,7 +1649,8 @@ def test_600_libvirt_xml_hvm_cdrom_boot(self):
16461649
)
16471650

16481651
def test_600_libvirt_xml_hvm_cdrom_dom0_kernel_boot(self):
1649-
expected = """<domain type="xen">
1652+
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
1653+
expected = f"""<domain type="xen">
16501654
<name>test-inst-test</name>
16511655
<uuid>7db78950-c467-4863-94d1-af59806384ea</uuid>
16521656
<memory unit="MiB">400</memory>
@@ -1669,7 +1673,7 @@ def test_600_libvirt_xml_hvm_cdrom_dom0_kernel_boot(self):
16691673
<loader type="rom">hvmloader</loader>
16701674
<boot dev="cdrom" />
16711675
<boot dev="hd" />
1672-
<cmdline>root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0 swiotlb=2048</cmdline>
1676+
<cmdline>systemd.machine_id={UUID(my_uuid).hex} root=/dev/mapper/dmroot ro nomodeset console=hvc0 rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0 swiotlb=2048</cmdline>
16731677
</os>
16741678
<features>
16751679
<pae/>
@@ -1719,7 +1723,6 @@ def test_600_libvirt_xml_hvm_cdrom_dom0_kernel_boot(self):
17191723
test_qdb = TestQubesDB(qdb)
17201724
dom0 = qubes.vm.adminvm.AdminVM(self.app, None)
17211725
dom0._qdb_connection = test_qdb
1722-
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
17231726
vm = self.get_vm(uuid=my_uuid)
17241727
vm.netvm = None
17251728
vm.virt_mode = "hvm"
@@ -1763,6 +1766,7 @@ def test_600_libvirt_xml_hvm_cdrom_dom0_kernel_boot(self):
17631766
)
17641767

17651768
def test_610_libvirt_xml_network(self):
1769+
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
17661770
expected = """<domain type="xen">
17671771
<name>test-inst-test</name>
17681772
<uuid>7db78950-c467-4863-94d1-af59806384ea</uuid>
@@ -1818,7 +1822,6 @@ def test_610_libvirt_xml_network(self):
18181822
</devices>
18191823
</domain>
18201824
"""
1821-
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
18221825
netvm = self.get_vm(qid=2, name="netvm", provides_network=True)
18231826

18241827
dom0 = self.get_vm(name="dom0", qid=0)
@@ -1851,6 +1854,7 @@ def test_610_libvirt_xml_network(self):
18511854
)
18521855

18531856
def test_611_libvirt_xml_audiovm(self):
1857+
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
18541858
expected = """<domain type="xen">
18551859
<name>test-inst-test</name>
18561860
<uuid>7db78950-c467-4863-94d1-af59806384ea</uuid>
@@ -1905,7 +1909,6 @@ def test_611_libvirt_xml_audiovm(self):
19051909
</devices>
19061910
</domain>
19071911
"""
1908-
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
19091912
netvm = self.get_vm(qid=2, name="netvm", provides_network=True)
19101913
audiovm = self.get_vm(qid=3, name="sys-audio", provides_network=False)
19111914
audiovm._qubesprop_xid = audiovm.qid
@@ -1923,6 +1926,7 @@ def test_611_libvirt_xml_audiovm(self):
19231926
)
19241927

19251928
def test_615_libvirt_xml_block_devices(self):
1929+
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
19261930
expected = """<domain type="xen">
19271931
<name>test-inst-test</name>
19281932
<uuid>7db78950-c467-4863-94d1-af59806384ea</uuid>
@@ -2020,7 +2024,6 @@ def test_615_libvirt_xml_block_devices(self):
20202024
</devices>
20212025
</domain>
20222026
"""
2023-
my_uuid = "7db78950-c467-4863-94d1-af59806384ea"
20242027
vm = self.get_vm(uuid=my_uuid)
20252028
vm.netvm = None
20262029
vm.virt_mode = "hvm"

qubes/vm/qubesvm.py

+6-2
Original file line numberDiff line numberDiff line change
@@ -2533,16 +2533,20 @@ def kernelopts_common(self):
25332533
"""
25342534
if not self.kernel:
25352535
return ""
2536+
if self.features.check_with_template("os", None) == "Linux":
2537+
base_kernelopts = "systemd.machine_id=" + self.uuid.hex + " "
2538+
else:
2539+
base_kernelopts = ""
25362540
kernels_dir = self.storage.kernels_dir
25372541

25382542
kernelopts_path = os.path.join(
25392543
kernels_dir, "default-kernelopts-common.txt"
25402544
)
25412545
if os.path.exists(kernelopts_path):
25422546
with open(kernelopts_path, encoding="ascii") as f_kernelopts:
2543-
return f_kernelopts.read().rstrip("\n\r")
2547+
return base_kernelopts + f_kernelopts.read().rstrip("\n\r")
25442548
else:
2545-
return qubes.config.defaults["kernelopts_common"]
2549+
return base_kernelopts + qubes.config.defaults["kernelopts_common"]
25462550

25472551
#
25482552
# helper methods

0 commit comments

Comments
 (0)