Commit Graph

98 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
769f8a5ee8
Merge remote-tracking branch 'origin/pr/98'
* origin/pr/98:
  qvm-check: fix from Marek's comment
  qvm-check: refactor check mechanism and add filter for checking netvm
2019-08-08 15:35:34 +02:00
Frédéric Pierret (fepitre)
7d93377b78
qvm-check: refactor check mechanism and add filter for checking netvm
Fix QubesOS/qubes-issues#3496
2019-08-08 14:26:05 +02:00
Marek Marczykowski-Górecki
e700af9eb2
tools/qvm-volume: add 'import' action
Add support for importing volume data with qvm-volume tool.
This could be also used to clear volume by issuing:

    qvm-volume import --no-resize some-vm:private /dev/null

QubesOS/qubes-issues#5192
2019-07-29 22:20:06 +02:00
Marek Marczykowski-Górecki
fdc632c959
tools: reset private volume when importing template over existing one
Reinstalling template is a recommended way to get it back to a clean
state after potential compromise. In that case it is essential to
discard any persistent storage of old template, as it could be used by
the attacker to re-compromise it after reinstall.
Do this similar as root volume is overridden - via volume import
function.

Fixes QubesOS/qubes-issues#5192
2019-07-29 22:20:06 +02:00
Malte Leip
32538fa5ec
qvm-prefs: add --hide-default option 2019-05-29 20:32:13 +02:00
Marek Marczykowski-Górecki
c1be4cd062
Merge remote-tracking branch 'qubesos/pr/92'
* qubesos/pr/92:
  Adds docs for clone ignore_errors, feeds linter
  Adds support for `--ignore-errors` to qvm-clone CLI
2019-04-17 00:30:10 +02:00
Marek Marczykowski-Górecki
37e4e4c6ca
tests: update yaml syntax in qvm-backup tests
yaml.safe_dump() finally produces canonical yaml output, not a
one-liner.
2019-04-16 23:10:38 +02:00
Conor Schaefer
40eeddbfc8
Adds docs for clone ignore_errors, feeds linter
Addresses review comments, specifically:

  * updates qvm-clone tests to handle ignore_errors option
  * adds manpage reference to new --ignore-errors option
  * trims line length in qvm-clone changes

All tests should now be passing, including the new qvm-clone
functionality.
2019-04-16 10:44:47 -07:00
Marek Marczykowski-Górecki
a2629b1239
tools/qvm-start: use vm.run_with_args to call losetup in the VM
This will fix handling filenames with spaces and shell special
characters.

Reported by @v6ak

Fixes QubesOS/qubes-issues#4860
2019-03-07 02:53:45 +01:00
Marek Marczykowski-Górecki
1145f70334
tools/qvm-backup: allow to disable compression
Specify compression explicitly in the backup profile, not only when
requested with --compress or --compress-filter.
This will allow to disable compression with --no-compress option, as the
default if no compression is specified in the profile is to use gzip.

Fixes QubesOS/qubes-issues#4803
2019-02-24 05:32:46 +01:00
Marek Marczykowski-Górecki
9061169f90
Merge branch 'devel-20181206' 2018-12-09 18:08:25 +01:00
GammaSQ
b848625428
added tests for shortcuts 2018-12-08 12:38:26 +01:00
Marek Marczykowski-Górecki
5fe6ffc04c
tools/qvm-create: reject --root-{move,copy}-from with template-based qubes
Fixes QubesOS/qubes-issues#4424
2018-12-08 00:44:18 +01:00
Marek Marczykowski-Górecki
bee55a3bce
tools/qvm-device: allow detaching all devices
QubesOS/qubes-issues#4530
2018-12-08 00:44:18 +01:00
Marek Marczykowski-Górecki
4b00ef7ec7
tools/qvm-run: fix error reporting on qvm-run -n on halted qube
Fixes QubesOS/qubes-issues#4476
2018-12-08 00:44:18 +01:00
Marek Marczykowski-Górecki
9acce13a35
tools: fix qvm-run --pass-io --localcmd=... vmname command
qubes.VMShell service, used by qvm-run, expects the command on the first
input line. Previously, when --localcmd was used, the command wasn't
written anywhere and the local command was connected directly to
qubes.VMShell service. And the first line of its output was interpreted
as a command.

Fix this by starting the local command separately, after sending the
command to qubes.VMShell service.

While at it, unify handling shell command and service calls in the process.
vm.run_service(..., localcmd= ) isn't that useful in general case,
because for qubes.VMShell the caller first need to send the command
before starting local process. Since the qvm-run tool needs to implement
manual starting localcmd anyway, don't use localcmd= run_service's
argument at all to unify calling methods.

There is slight behavior change: previously localcmd was started only
after establishing service connection (for example only if qrexec policy
allows), now it is started in all the cases.

Fixes QubesOS/qubes-issues#4040
2018-12-08 00:44:02 +01:00
Marek Marczykowski-Górecki
e6202d496d
tests/tools: improve qvm-run tests
Fix most FD/process leaks, make qvm-run --passio tests working (as much
as possible).
2018-12-07 23:55:03 +01:00
Marek Marczykowski-Górecki
67897e3f9f
Copy application menu on VM clone
The qubesd daemon have no information about clone source - from that
side it looks like a new VM.  This means application menu is created as
for a new VM.
To fix this re-initialize menu with --source option as part of the clone
operation. It will copy both list of available applications (if
applicable) and selected applications.

This fixes both qvm-clone case and rename.

Fixes QubesOS/qubes-issues#3902
Fixes QubesOS/qubes-issues#4124
2018-10-29 05:27:05 +01:00
Marek Marczykowski-Górecki
5078d75aa3
tools/qvm-create: fix handling invalid label 2018-10-18 03:24:24 +02:00
Marek Marczykowski-Górecki
759fafea63
tools/qvm-create: properly create template-based StandaloneVM
By definition StandaloneVM is not linked to the template. Creating one
from a template is a clone operation. It's already possible using
qvm-clone tool, but it's logical to do that using qvm-create tool too.
This was the case in R3.2 too.

While adding this special case, skip cloning private volume, to preserve
behaviour of TemplateBaseVMs which do not inherit private volume either.

Fixes QubesOS/qubes-issues#3793
2018-10-18 03:24:15 +02:00
Patrik Hagara
4cd513757b
qvm-ls: add filtering by domain power state 2018-10-10 20:06:35 +02:00
Marek Marczykowski-Górecki
045bad13e7
tools/qvm-create: resize root volume if needed before imporing data
If file to be imported is larger than the default root volume, resize
the volume first. It might be also a good idea to shrink it when needed,
but currently the backend refuse it.

Fixes QubesOS/qubes-issues#3422
2018-09-05 04:29:36 +02:00
Patrik Hagara
cd4424235b
qvm-ls: add filtering by tags 2018-08-26 22:08:32 +02:00
Marek Marczykowski-Górecki
584bd052ed
Adjust shell input for Windows shell, for qvm-run tool
Windows shell (cmd.exe) use '&' as a separator for multiple commands in
the same line.

Fixes QubesOS/qubes-issues#4165
2018-07-30 18:31:04 +02:00
Marta Marczykowska-Górecka
47b4e86736
Added test for qvm-remove dependency reporting 2018-07-20 01:35:00 +02:00
Marek Marczykowski-Górecki
4d61407f5d
Add 'gui-emulated' feature
Add an explicit method for forcing emulated VGA output. Previously it
was possible only by removing `gui` feature (setting it to false had a
different effect), or enabling debug mode.
Using lack of a feature as a third state was a bad idea.

QubesOS/qubes-issues#3585
2018-07-16 04:25:56 +02:00
Marek Marczykowski-Górecki
95ce30a9e3
qvm-start-gui: fix handlign rpc-clipboard feature
Pass -Q option to both stubdoman's gui daemon and actual VM's gui
daemon.

QubesOS/qubes-issues#3585
2018-07-11 23:39:37 +02:00
jimtahu
d1455ce6c3
Add test of qvm_prefs for specal case "None" 2018-06-13 23:38:25 -05:00
Peter Gerber
00fbfdd77a
tools/qvm-firewall: add dst4 and dst6 as synonyms for dsthost 2018-05-03 00:49:43 +02:00
Peter Gerber
ed9b42d5b4
tools/qvm-firewall: Show EXPIRE column in list output 2018-04-30 21:30:52 +02:00
Marek Marczykowski-Górecki
ab79bd2a44
tools/qvm-firewall: make 'list' a default action 2018-04-30 04:16:23 +02:00
Marek Marczykowski-Górecki
7f79075088
tools/qvm-firewall: add 'expire' rule support 2018-04-30 04:13:45 +02:00
Marek Marczykowski-Górecki
90df051f4f
tools/qvm-pool: add --set to modify pool properties
Fixes QubesOS/qubes-issues#3256
2018-04-13 00:26:25 +02:00
Marek Marczykowski-Górecki
efae2dfd38
Merge branch 'template-postprocess-fail'
* template-postprocess-fail:
  qvm-template-postprocess: do not remove VM on failed reinstall
  qvm-template-postprocess: resize volume only when needed
2018-03-20 19:22:33 +01:00
Marek Marczykowski-Górecki
70b15c2eae
qvm-volume: refuse to shrink volume unless --force option is used
Right now Admin API backend will refuse to shrink volume anyway, but
we're planning to relax this restriction. Make sure the client side
(qvm-volume tool here, GUI VM settings already have this in place) will
employ appropriate safety check.

QubesOS/qubes-issues#3725
2018-03-20 17:53:36 +01:00
Marek Marczykowski-Górecki
562137c36d
qvm-template-postprocess: resize volume only when needed
If needs to be extended - do it before import. If needs to be reduced -
after. This way, if data import fails for any reason, previous data
won't be destroyed (truncated).
Also, convert error on shrinking volume to a warning, as it doesn't break
the template (just leave it with bigger disk than needed). Currently all
storage pool implementations refuse to shrink a volume (but it may
change in the future).

QubesOS/qubes-issues#3169
2018-03-19 20:47:15 +01:00
Marek Marczykowski-Górecki
034e9b3a24
qvm-volume: add 'info' and 'config' actions
This allows to get and set volumes properties.

Fixes QubesOS/qubes-issues#3256
2018-03-18 23:38:10 +01:00
Marek Marczykowski-Górecki
b1237bfe1f
tests: add tests for various 'qvm-prefs vm pref' cases 2018-03-04 03:43:07 +01:00
Rusty Bird
78571898da
qvm-backup: let backup core handle default VM selection
This takes the include_in_backups property into account, and does not
omit dom0.
2018-02-23 02:09:06 +00:00
Rusty Bird
2d8bade8b2
qvm-backup-restore: really pass options 2018-02-23 02:09:04 +00:00
Marek Marczykowski-Górecki
3d4f626515
Merge remote-tracking branch 'qubesos/pr/51'
* qubesos/pr/51:
  qvm-run: wait for X11 in --dispvm --gui case
  vm/DispVM: use 'qrexec_timeout' also for call connection timeout
2018-01-15 03:23:54 +01:00
Rusty Bird
c83deccdd3
qvm-run: wait for X11 in --dispvm --gui case
'qvm-run --dispvm' cannot easily make a separate qubes.WaitForSession
call. Instead, if --gui is active, pass the new WaitForSession argument
to qubes.VMShell, which will do the equivalent.

The unit tests have been copied (in slightly adapted form) from commit
a620f02e2a

Fixes QubesOS/qubes-issues#3012
Closes QubesOS/qubes-core-admin-client#49
2018-01-14 18:36:46 +00:00
Marek Marczykowski-Górecki
c98b33bcd6
vm/DispVM: use 'qrexec_timeout' also for call connection timeout
When calling a service in DispVM, the connection is established only
after session is ready (if required for given service). qrexec-client by
default use 5s here, which is too low depending on hardware. Use
'qrexec_timeout' property here for DispVM case.

Fixes QubesOS/qubes-issues#3012
2018-01-14 18:36:24 +00:00
Marek Marczykowski-Górecki
080b563ae2
tools/qvm-ls: add --raw-list option for compatibility with R3.2
There was an option to list just VM names, useful for scripting.
Preserve that for compatibility.
2018-01-12 05:29:39 +01:00
Marek Marczykowski-Górecki
0533703ddf
tools/qvm-ls: allow list only selected VMs
Restore possibility to list only some VMs, by naming them on command
line.
2018-01-12 05:29:39 +01:00
Marek Marczykowski-Górecki
51a89a9e77
Merge remote-tracking branch 'qubesos/pr/44'
* qubesos/pr/44:
  Fix style else-return
  tests: update qvm-template-process and qvm-remove tests
  Add --force to manpage.
  Avoid cloning installed_by_rpm
  Print vm list before prompt
  Use --force instead of --yes
  Toggle installed_by_rpm in template tool
  Fix error message grammar
  Add --yes option and confirm prompt.
2018-01-06 14:54:32 +01:00
Marek Marczykowski-Górecki
75a433f07a
tests: update qvm-template-process and qvm-remove tests 2018-01-06 03:40:51 +01:00
Marek Marczykowski-Górecki
917df5a8c5
tools/qvm-ls: fix handling columns with underscore
Mangling column type was inconsistent, resulting in
KeyError('VIRT_MODE').
2017-12-29 03:24:22 +01:00
Marek Marczykowski-Górecki
8ebcb438dd
tests: update tests for fixed verify_only handling 2017-12-10 22:39:19 +01:00
Marek Marczykowski-Górecki
01114e828b
tests: fix tests after dropping unnecessary admin.label.List call 2017-12-05 22:56:37 +01:00