Commit Graph

517 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
001b42f7d8
backup: fix name of meminfo-writer feature
It's 'service.meminfo-writer'.
2017-10-16 04:11:02 +02:00
Marek Marczykowski-Górecki
cbdc2170b4
tools: clarify that qvm-backup needs absolute path
Fixes QubesOS/qubes-issues#3066
2017-10-16 03:09:10 +02:00
Marek Marczykowski-Górecki
9cdb2a8152
backup: fix restoring template VMs
os.path.splitext fails on path without proper file base name, like
'/something/..000'. Use plain string methods (rsplit).

Fixes QubesOS/qubes-issues#3167
2017-10-16 03:04:59 +02:00
Marek Marczykowski-Górecki
654da7cb03
Drop log.DBusHandler
Packages had missing dependency on python-dbus. Since DBusHandler isn't
used anywhere, drop it, instead of introducing more dependencies.

Reported by @pietrushnic
QubesOS/qubes-issues#3179
2017-10-16 01:33:03 +02:00
Marek Marczykowski-Górecki
2f7d1ca476
vm: fix handling policy deny on admin.vm.List
vm.get_power_state() have specifically documented 'NA' state for cases
when it's unable to get VM's power state. Use this when qrexec policy
forbid checking it.

Reported by @pietrushnic
Fixes QubesOS/qubes-issues#3179
2017-10-16 01:32:56 +02:00
Marek Marczykowski-Górecki
17670eae1b
version 4.0.7 2017-10-08 18:42:41 +02:00
Marek Marczykowski-Górecki
0187588531
tools: adjust qvm-start message and logic, update tests
QubesOS/qubes-issues#3130
2017-10-08 18:17:03 +02:00
Marek Marczykowski-Górecki
bf4c9bacb4
Merge remote-tracking branch 'qubesos/pr/28'
* qubesos/pr/28:
  qvm-start: exit if domain running and no --skip-if-running
2017-10-08 17:14:47 +02:00
Marek Marczykowski-Górecki
45a7c5516c
rpm: add conflict with too-old qubes-manager
There is an API change, be sure to install both updates at the same
time.
2017-10-08 16:59:55 +02:00
Marek Marczykowski-Górecki
98e39ca63b
vm: drop suspend and resume methods - not part of the Admin API 2017-10-04 15:26:57 +02:00
Marek Marczykowski-Górecki
559cc9b0d6
tools/qvm-start: fix starting a VM with cdrom image
1. Output of `losetup` command contains `\n` - strip it.
2. Provide read-only option - if device info hasn't propagated to qubesd
yet, it will not be set automatically.

Fixes QubesOS/qubes-issues#3146
2017-10-04 15:18:28 +02:00
Marek Marczykowski-Górecki
8476afc306
tools: finish 'qvm-volume revert' implementation, add tests
It wasn't aware of snapshot identifier, fix that. Also update to use
VM:VOLUME syntax, not POOL:VID.
2017-10-02 21:12:17 +02:00
Marek Marczykowski-Górecki
c87820fba8
Drop individual VM classes as python types completely
Since those are unused now, remove them from the source, so it is easier
to debug the code (avoid never matching isinstance(...)).
2017-10-02 21:12:16 +02:00
Marek Marczykowski-Górecki
b55f615942
Move vm.appvms to QubesVM
First, TemplateVM is not used anymore (see previous commit). Second,
don't harcode on client side that "only TemplateVM can be a template for
any VM" (which actually isn't true: AppVM can be a template for DispVM).
2017-10-02 21:12:16 +02:00
Marek Marczykowski-Górecki
edcaed537a
Always use QubesVM objects, instead of AppVM/TemplateVM etc
Very few calls at client side really needs VM class name. So, even in
non-blind mode use just QubesVM class, to avoid strange cases depending
on blind mode being enabled or not. Then, have VM class name in 'klass'
property. If known at object creation time, cache it, otherwise query
qubesd at first access.
2017-10-02 21:12:16 +02:00
Mindy Preston
76c4a6421b qvm-start: exit if domain running and no --skip-if-running 2017-09-27 17:15:52 -05:00
Marek Marczykowski-Górecki
ab9a57a544
tools: fix qvm-run --help
QubesOS/qubes-issues#
2017-09-20 22:53:30 +02:00
Marek Marczykowski-Górecki
0a06ad9152
events: ignore events from non-existing domains
It may happen that when client handle the event, domain no longer
exists. This is for example common for DispVMs, which get removed just
after shutdown.
This will cause some events to be dropped, but one can enable blind
mode, to get them anyway (because it will not cause KeyError, even if
domain is already removed).

QubesOS/qubes-issues#3100
2017-09-20 20:19:38 +02:00
Marek Marczykowski-Górecki
b28ddb6621
Implement "blind mode" to avoid listing objects
This allows to perform actions on objects (VM, storage etc), without
listing them. This is useful when calling VM have minimal permissions
and only selected actions are allowed.

This means that app.domains['some-name'] will not raise KeyError, even
when domain do not exists. But performing actual action (like
vm.start()) will fail in that case.
2017-09-20 20:18:59 +02:00
Marek Marczykowski-Górecki
0eec5cb8c9
version 4.0.6 2017-09-14 02:47:48 +02:00
Marek Marczykowski-Górecki
5e2638ab5e
tools: restore qvm-start --cdrom and similar options
Booting a VM from cdrom require attaching the device before VM startup,
which is possible only in persistent mode. But for qvm-start --cdrom
adding a cdrom only temporarily, use new update_persistence() function
to convert the assignment to temporary one.

Fixes QubesOS/qubes-issues#3055
2017-09-05 08:33:47 +02:00
Marek Marczykowski-Górecki
1481dc4fb8
devices: client stub for DeviceCollection.update_persistent
QubesOS/qubes-issues#3055
2017-09-05 03:59:01 +02:00
Marek Marczykowski-Górecki
b895015274
tools: cleanup temporary files after qvm-template-postprocess 2017-09-05 03:57:55 +02:00
Marek Marczykowski-Górecki
336807e8da
tools: fix too long lines
QubesOS/qubes-issues#2983
2017-09-04 03:07:03 +02:00
Marek Marczykowski-Górecki
533fccfc10
Merge remote-tracking branch 'qubesos/pr/24'
* qubesos/pr/24:
  Fixed https://github.com/QubesOS/qubes-issues/issues/2983
2017-09-04 03:02:49 +02:00
Marek Marczykowski-Górecki
3c9e5f6630
Merge branch 'bug2986' 2017-08-30 17:33:32 +02:00
Marek Marczykowski-Górecki
0fa374264f
tools: add qvm-create --help-classes
List available VM classes

QubesOS/qubes-issues#3017
2017-08-30 16:54:24 +02:00
Marek Marczykowski-Górecki
0464a3ebfc
tools: implement qvm-create --root-move-from/--root-copy-from 2017-08-30 16:54:23 +02:00
Marek Marczykowski-Górecki
f98ea4a520
backup/restore: do not fail the whole restore when qvm-appmenus is missing
Fixes QubesOS/qubes-issues#2991
2017-08-30 16:00:00 +02:00
Marek Marczykowski-Górecki
6568d624cc
backup/restore: make backup header extraction faster
Abort tar process after extracting requested files - do not parse the
archive until the end (possibly tens of GB later).

Fixes QubesOS/qubes-issues#2986
2017-08-30 15:51:44 +02:00
Marek Marczykowski-Górecki
10f6d96e0f
doc: add short description of VM classes to qvm-create man page 2017-08-14 09:25:09 +02:00
Marek Marczykowski-Górecki
f7b31a005e
doc: update list of properties in qvm-prefs/qubes-prefs man pages
Fixes QubesOS/qubes-issues#3011
2017-08-12 22:37:59 +02:00
Marek Marczykowski-Górecki
a260685bd1
tools: drop --delete and --unset aliases for --default option
This may be confiusing, for example one may think that
`qvm-prefs --unset vmname netvm` will make vmname network-disconnected.
This type of mistakes may have severe security consequence, so better
drop those option names.

QubesOS/qubes-issues#3002

cc @rootkovska
2017-08-12 22:33:36 +02:00
Marek Marczykowski-Górecki
5b7947b51a
Improve QubesDaemonNoResponseError error message
Include hint to look into dom0 logs

QubesOS/qubes-issues#3016
2017-08-12 15:15:52 +02:00
Marek Marczykowski-Górecki
188bc2799b
tests: add DispVM tests
Especially for one service call wrapper

QubesOS/qubes-issues#3016
2017-08-12 15:15:19 +02:00
Marek Marczykowski-Górecki
3d2d3a2974
vm/dispvm: fix dispvm.cleanup() when no service was called
In such a case (especially when running in dom0) there is nothing to
cleanup.

Fixes QubesOS/qubes-issues#3016
2017-08-12 15:15:06 +02:00
Marek Marczykowski-Górecki
596eb3d96c
tools/qvm-run: ignore --filter-esc/--no-filter-esc unless --pass-io is given
If no VM output is printed on terminal, those options doesn't make sense
anyway.

Fixes QubesOS/qubes-issues#3013
2017-08-12 14:19:41 +02:00
Marek Marczykowski-Górecki
e64bd839a5
version 4.0.5 2017-08-10 16:10:40 +02:00
Marek Marczykowski-Górecki
51a7b4493b
doc: add default values to qvm-features man page
QubesOS/qubes-issues#
2017-08-10 15:26:55 +02:00
blackpit
6534f8c191 Fixed https://github.com/QubesOS/qubes-issues/issues/2983
qvm-create -l yellow backuptest-1-vm
qvm-create -l yellow backuptest-2-vm
echo -n passphrase >test.passphrase

qvm-backup --passphrase-file test.passphrase --yes `pwd` backuptest-1-vm backuptest-2-vm

qvm-remove backuptest-1-vm1 || true
qvm-remove backuptest-2-vm1 || true
qvm-backup-restore --rename-conflicting --passphrase-file test.passphrase qubes-2017-08-09T165253 backuptest-1-vm

qvm-remove backuptest-1-vm1 || true
qvm-remove backuptest-2-vm1 || true
qvm-backup-restore --rename-conflicting --passphrase-file test.passphrase qubes-2017-08-09T165253 backuptest-2-vm
2017-08-09 19:43:53 +02:00
Marek Marczykowski-Górecki
414be0945d
tools/qvm-device: list attach options 2017-08-09 04:04:27 +02:00
Marek Marczykowski-Górecki
430ff342d4
tools/qvm-run: do not use os.set_blocking
It's available only in python >= 3.5, but we do support tools on python
3.4 (Debian jessie).
2017-08-09 04:04:26 +02:00
Marek Marczykowski-Górecki
7d25f1bf2b
app: add VMCollection.values()
Let it behave more like a dict()
2017-08-09 04:04:26 +02:00
Marek Marczykowski-Górecki
7d476f8ba2
doc: list known features in qvm-features manual page
Fixes QubesOS/qubes-issues#2410
2017-08-08 21:31:34 +02:00
Marek Marczykowski-Górecki
37ae76823b
tools: add qvm-run --dispvm option
Add option to uniformly start new DispVM from either VM or Dom0. This
use DispVMWrapper, which translate it to either qrexec call to $dispvm,
or (in dom0) to appropriate Admin API call to create fresh DispVM
first.
This require abandoning registering --all and --exclude by
QubesArgumentParser, because we need to add --dispvm mutually exclusive
with those two. But actually handling those two options is still done by
QubesArgumentParser.

This also updates man page and tests.

Fixes QubesOS/qubes-issues#2974
2017-08-06 20:44:55 +02:00
Marek Marczykowski-Górecki
9bb59cdd20
vm: add DispVMWrapper for calling a single service in new DispVM
This is a wrapper to use `$dispvm` target of qrexec call, just like any
other service call in qubesadmin module - using vm.run_service().
When running in dom0, qrexec-client-vm is not available, so DispVM needs
to be created "manually", using appropriate Admin API call
(admin.vm.CreateDisposable).

QubesOS/qubes-issues#2974
2017-08-06 12:22:47 +02:00
Marek Marczykowski-Górecki
50bd9f5fab
tools/qvm-run: fix handling small data blocks
When data block is smaller than 4096 (and no EOF is reached), python's
io.read() will call read(2) again to get more data. This may deadlock if
the other end of connection will write anything only after receiveing
data (which is the case for qubes.Filecopy).
Disable this buffering by using syscall wrappers directly. To not affect
performance that much, increase buffer size to 64k.

Fixes QubesOS/qubes-issues#2948
2017-08-02 02:43:03 +02:00
Marek Marczykowski-Górecki
1d29929ae1
version 4.0.4 2017-07-30 19:20:07 +02:00
Marek Marczykowski-Górecki
c4460751a9
tools/qvm-start-gui: do not start stubdomain GUI for VMs with gui-agent 2017-07-30 18:54:08 +02:00
Marek Marczykowski-Górecki
02ddbb32c9
version 4.0.3 2017-07-29 06:16:07 +02:00