summaryrefslogtreecommitdiffstats
path: root/remote/modules/run-virt/data/opt/openslx/scripts
diff options
context:
space:
mode:
authorSimon Rettberg2016-08-04 16:01:53 +0200
committerSimon Rettberg2016-08-04 16:01:53 +0200
commit820d16d840f462bf1b614f487cef1ddb589084b4 (patch)
treef59a936c2f185412de136d81faaf5538e525dcd1 /remote/modules/run-virt/data/opt/openslx/scripts
parent[kernel-vanilla] -> 4.4.16 (diff)
downloadtm-scripts-820d16d840f462bf1b614f487cef1ddb589084b4.tar.gz
tm-scripts-820d16d840f462bf1b614f487cef1ddb589084b4.tar.xz
tm-scripts-820d16d840f462bf1b614f487cef1ddb589084b4.zip
[run-virt] Implement automatic firewalling
Diffstat (limited to 'remote/modules/run-virt/data/opt/openslx/scripts')
-rw-r--r--remote/modules/run-virt/data/opt/openslx/scripts/includes/setup_firewall.inc12
-rw-r--r--remote/modules/run-virt/data/opt/openslx/scripts/pam_script_ses_close.d/runvirt-firewall-clear17
-rwxr-xr-xremote/modules/run-virt/data/opt/openslx/scripts/vmchooser-run_virt4
3 files changed, 33 insertions, 0 deletions
diff --git a/remote/modules/run-virt/data/opt/openslx/scripts/includes/setup_firewall.inc b/remote/modules/run-virt/data/opt/openslx/scripts/includes/setup_firewall.inc
new file mode 100644
index 00000000..f0820ed7
--- /dev/null
+++ b/remote/modules/run-virt/data/opt/openslx/scripts/includes/setup_firewall.inc
@@ -0,0 +1,12 @@
+
+setup_firewall () {
+ local LOGF="${TMPDIR}/firewall.log"
+ local RET
+ [ "$DISPLAY" = ":0" ] || return 0 # For now, to avoid conflicts, we only do this on display :0
+ slxfwtool "$IMGUUID" > "$LOGF" 2>&1
+ RET=$?
+ if [ "$RET" != "0" ]; then
+ slxlog "runvirt-firewall" "Error setting up firewall rules for lecture $IMGUUID (Exit code $RET)" "$LOGF"
+ fi
+ return 0
+}
diff --git a/remote/modules/run-virt/data/opt/openslx/scripts/pam_script_ses_close.d/runvirt-firewall-clear b/remote/modules/run-virt/data/opt/openslx/scripts/pam_script_ses_close.d/runvirt-firewall-clear
new file mode 100644
index 00000000..dab08190
--- /dev/null
+++ b/remote/modules/run-virt/data/opt/openslx/scripts/pam_script_ses_close.d/runvirt-firewall-clear
@@ -0,0 +1,17 @@
+#!/bin/ash
+
+# Sourced by pam_script_ses_close
+
+runvirt_fw_clear () {
+ iptables -w -F runvirt-INPUT
+ ip6tables -w -F runvirt-INPUT
+ iptables -w -F runvirt-OUTPUT
+ ip6tables -w -F runvirt-OUTPUT
+}
+
+if [ "x$PAM_TTY" = "x:0" ]; then
+ runvirt_fw_clear > /dev/null 2>&1
+fi
+
+true
+
diff --git a/remote/modules/run-virt/data/opt/openslx/scripts/vmchooser-run_virt b/remote/modules/run-virt/data/opt/openslx/scripts/vmchooser-run_virt
index 5353d21a..ea3cfe8e 100755
--- a/remote/modules/run-virt/data/opt/openslx/scripts/vmchooser-run_virt
+++ b/remote/modules/run-virt/data/opt/openslx/scripts/vmchooser-run_virt
@@ -64,6 +64,10 @@ else
# This include does not currently work. TODO.
# source ${RUNVIRTINCLUDEDIR}/check_runvirt_needed_files.inc && filecheck
+ # Firewall
+ source "${RUNVIRTINCLUDEDIR}/setup_firewall.inc" || writelog "Could not source setup_firewall"
+ setup_firewall || writelog "Could not run setup_firewall"
+
# Read needed variables from XML file
source ${RUNVIRTINCLUDEDIR}/get_xml_file_variables.inc
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2026-03-01 23:05:54 +0100