Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core

This commit is contained in:
Joanna Rutkowska 2011-06-30 20:41:57 +02:00
commit 131e4df676
17 changed files with 210 additions and 29 deletions

View File

@ -9,6 +9,7 @@
/dev/mapper/dmroot / ext4 defaults,noatime 1 1
/dev/xvdb /rw ext4 noauto,defaults 0 0
/dev/xvdc1 swap swap defaults 0 0
/dev/xvdd /lib/modules ext3 defaults,ro 0 0
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0

View File

@ -71,6 +71,11 @@ start()
success
echo ""
type=$(/usr/bin/xenstore-read qubes_vm_type)
if [ "$type" == "ProxyVM" ]; then
/sbin/service ntpd start
fi
return 0
}

View File

@ -21,7 +21,26 @@ fi
mkdir -p $DOM0_UPDATES_DIR/etc
cp /etc/yum.conf $DOM0_UPDATES_DIR/etc/
echo "Checking for updates..."
# check also for template updates
echo "Checking for template updates..."
TEMPLATEPKGLIST=`yum check-update -q | cut -f 1 -d ' '`
if [ -n "$TEMPLATEPKGLIST" ] && [ "$GUI" = 1 ]; then
TEMPLATE_UPDATE_COUNT=`echo "$TEMPLATEPKGLIST" | wc -w`
NOTIFY_UPDATE_COUNT=`cat /var/run/qubes/template_update_last_notify_count 2> /dev/null`
if [ "$NOTIFY_UPDATE_COUNT" != "$TEMPLATE_UPDATE_COUNT" ]; then
echo -n $TEMPLATE_UPDATE_COUNT > /var/run/qubes/template_update_last_notify_count
NOTIFY_PID=`cat /var/run/qubes/template_update_notify.pid 2> /dev/null`
if [ -z "$NOTIFY_PID" ] || ! kill -0 $NOTIFY_PID; then
NOTIFY_TITLE="Template update"
NOTIFY_TEXT="There are $TEMPLATE_UPDATE_COUNT updates available for TemplateVM"
NOTIFY_INFO="$NOTIFY_TEXT. Start TemplateVM to update it."
( zenity --notification --text "$NOTIFY_TEXT"; zenity --warning --title "$NOTIFY_TITLE" --text "$NOTIFY_INFO") &
echo $! > /var/run/qubes/template_update_notify.pid
fi
fi
fi
echo "Checking for dom0 updates..."
PKGLIST=`yum --installroot $DOM0_UPDATES_DIR check-update -q | cut -f 1 -d ' '`
if [ -z $PKGLIST ]; then

View File

@ -23,10 +23,6 @@ start()
modprobe evtchn
chgrp qubes /etc/xen
chmod 710 /etc/xen
chgrp qubes /var/run/xend
chmod 710 /var/run/xend
chgrp qubes /var/run/xend/xen-api.sock /var/run/xend/xmlrpc.sock
chmod 660 /var/run/xend/xen-api.sock /var/run/xend/xmlrpc.sock
chgrp qubes /var/run/xenstored/*
chmod 660 /var/run/xenstored/*
chgrp qubes /var/lib/xen

View File

@ -15,6 +15,7 @@ name = "{name}"
disk = [ {rootdev}
{privatedev}
{volatiledev}
{otherdevs}
]
vif = [ {netdev} ]

View File

@ -27,3 +27,5 @@
#
# joanna.
#
Defaults !requiretty

View File

@ -56,6 +56,7 @@ qubes_appvms_dir = qubes_base_dir + "/appvms"
qubes_templates_dir = qubes_base_dir + "/vm-templates"
qubes_servicevms_dir = qubes_base_dir + "/servicevms"
qubes_store_filename = qubes_base_dir + "/qubes.xml"
qubes_kernels_base_dir = qubes_base_dir + "/vm-kernels"
qubes_max_xid = 1024
qubes_max_qid = 254
@ -194,7 +195,9 @@ class QubesVm(object):
volatile_img = None,
pcidevs = None,
internal = False,
vcpus = None):
vcpus = None,
kernel = None,
uses_default_kernel = True):
assert qid < qubes_max_qid, "VM id out of bounds!"
@ -277,11 +280,18 @@ class QubesVm(object):
else:
assert self.root_img is not None, "Missing root_img for standalone VM!"
self.kernel = kernel
if template_vm is not None:
self.kernels_dir = template_vm.kernels_dir
elif self.kernel is not None:
self.kernels_dir = qubes_kernels_base_dir + "/" + self.kernel
else:
# for backward compatibility (or another rare case): kernel=None -> kernel in VM dir
self.kernels_dir = self.dir_path + "/" + default_kernels_subdir
self.uses_default_kernel = uses_default_kernel
if updateable:
self.appmenus_templates_dir = self.dir_path + "/" + default_appmenus_templates_subdir
@ -644,6 +654,7 @@ class QubesVm(object):
args['rootdev'] = self.get_rootdev(source_template=source_template)
args['privatedev'] = "'script:file:{dir}/private.img,xvdb,w',".format(dir=self.dir_path)
args['volatiledev'] = "'script:file:{dir}/volatile.img,xvdc,w',".format(dir=self.dir_path)
args['otherdevs'] = "'script:file:{dir}/modules.img,xvdd,r',".format(dir=self.kernels_dir)
args['kernelopts'] = ''
return args
@ -708,13 +719,6 @@ class QubesVm(object):
raise IOError ("Error while copying {0} to {1}".\
format(template_root, self.root_img))
kernels_dir = self.dir_path + '/' + default_kernels_subdir
if verbose:
print "--> Copying the template's kernel dir: {0}".\
format(source_template.kernels_dir)
shutil.copytree (source_template.kernels_dir, kernels_dir)
# Create volatile.img
self.reset_volatile_storage(source_template = source_template)
@ -749,6 +753,21 @@ class QubesVm(object):
raise QubesException (
"VM private image file doesn't exist: {0}".\
format(self.private_img))
if not os.path.exists (self.kernels_dir + '/vmlinuz'):
raise QubesException (
"VM kernel does not exists: {0}".\
format(self.kernels_dir + '/vmlinuz'))
if not os.path.exists (self.kernels_dir + '/initramfs'):
raise QubesException (
"VM initramfs does not exists: {0}".\
format(self.kernels_dir + '/initramfs'))
if not os.path.exists (self.kernels_dir + '/modules.img'):
raise QubesException (
"VM kernel modules image does not exists: {0}".\
format(self.kernels_dir + '/modules.img'))
return True
def reset_volatile_storage(self, source_template = None):
@ -986,6 +1005,8 @@ class QubesVm(object):
attrs["pcidevs"] = str(self.pcidevs)
attrs["vcpus"] = str(self.vcpus)
attrs["internal"] = str(self.internal)
attrs["uses_default_kernel"] = str(self.uses_default_kernel)
attrs["kernel"] = str(self.kernel)
return attrs
def create_xml_element(self):
@ -1020,7 +1041,7 @@ class QubesTemplateVm(QubesVm):
# Clean image for root-cow and swap (AppVM side)
self.clean_volatile_img = self.dir_path + "/" + default_clean_volatile_img
# Image for template changes
self.rootcow_img = self.dir_path + "/" + default_rootcow_img
@ -1097,11 +1118,6 @@ class QubesTemplateVm(QubesVm):
if retcode != 0:
raise IOError ("Error while copying {0} to {1}".\
format(self.clean_volatile_img, self.volatile_img))
if verbose:
print "--> Copying the template's kernel dir:\n{0} ==>\n{1}".\
format(src_template_vm.kernels_dir, self.kernels_dir)
shutil.copytree (src_template_vm.kernels_dir, self.kernels_dir)
if verbose:
print "--> Copying the template's appmenus templates dir:\n{0} ==>\n{1}".\
format(src_template_vm.appmenus_templates_dir, self.appmenus_templates_dir)
@ -1741,6 +1757,9 @@ class QubesVmCollection(dict):
if self.default_netvm_qid is None:
self.set_default_netvm_vm(vm)
if self.updatevm_qid is None:
self.set_updatevm_vm(vm)
return vm
def set_default_template_vm(self, vm):
@ -1763,6 +1782,13 @@ class QubesVmCollection(dict):
else:
return self[self.default_netvm_qid]
def set_default_kernel(self, kernel):
assert os.path.exists(qubes_kernels_base_dir + '/' + kernel), "Kerel {0} not installed!".format(kernel)
self.default_kernel = kernel
def get_default_kernel(self):
return self.default_kernel
def set_default_fw_netvm_vm(self, vm):
assert vm.is_netvm(), "VM {0} does not provide network!".format(vm.name)
self.default_fw_netvm_qid = vm.qid
@ -1888,7 +1914,10 @@ class QubesVmCollection(dict):
if self.default_fw_netvm_qid is not None else "None",
updatevm=str(self.updatevm_qid) \
if self.updatevm_qid is not None else "None"
if self.updatevm_qid is not None else "None",
default_kernel=str(self.default_kernel) \
if self.default_kernel is not None else "None",
)
for vm in self.values():
@ -1916,7 +1945,7 @@ class QubesVmCollection(dict):
"private_img", "root_img", "template_qid",
"installed_by_rpm", "updateable", "internal",
"uses_default_netvm", "label", "memory", "vcpus", "pcidevs",
"maxmem" )
"maxmem", "kernel", "uses_default_kernel" )
for attribute in common_attr_list:
kwargs[attribute] = element.get(attribute)
@ -1950,6 +1979,20 @@ class QubesVmCollection(dict):
else:
kwargs["label"] = QubesVmLabels[kwargs["label"]]
if "kernel" in kwargs and kwargs["kernel"] == "None":
kwargs["kernel"] = None
if "uses_default_kernel" in kwargs:
kwargs["uses_default_kernel"] = True if kwargs["uses_default_kernel"] == "True" else False
else:
# For backward compatibility
kwargs["uses_default_kernel"] = False
if kwargs["uses_default_kernel"]:
kwargs["kernel"] = self.get_default_kernel()
else:
if "kernel" in kwargs and kwargs["kernel"]=="None":
kwargs["kernel"]=None
# for other cases - generic assigment is ok
return kwargs
def set_netvm_dependency(self, element):
@ -2024,6 +2067,7 @@ class QubesVmCollection(dict):
if updatevm != "None" else None
#assert self.default_netvm_qid is not None
self.default_kernel = element.get("default_kernel")
# Then, read in the TemplateVMs, because a reference to template VM
# is needed to create each AppVM

View File

@ -59,9 +59,9 @@ def netup():
if os.path.isfile('/var/lock/subsys/NetworkManager'):
os.system('/etc/init.d/NetworkManager stop')
if not vif_eth0_exists():
cmd = 'modprobe xennet && xm network-attach 0 ip=10.137.0.1 backend='
cmd = 'modprobe xennet && xl network-attach 0 ip=10.137.0.1 backend='
cmd += netvm.name
cmd += ' script=vif-route-qubes'
cmd += ' script=/etc/xen/scripts/vif-route-qubes'
if os.system(cmd) != 0:
print 'Error creating network device'
sys.exit(1)

View File

@ -22,8 +22,10 @@
from qubes.qubes import QubesVmCollection
from qubes.qubes import QubesVmLabels
from qubes.qubes import qubes_kernels_base_dir
from optparse import OptionParser
import subprocess
import os
def do_list(vm):
label_width = 18
@ -41,7 +43,7 @@ def do_list(vm):
print fmt.format ("dir", vm.dir_path)
print fmt.format ("config", vm.conf_file)
print fmt.format ("pcidevs", vm.pcidevs)
if not vm.is_appvm():
if vm.template_vm is None:
print fmt.format ("root img", vm.root_img)
if vm.is_template():
print fmt.format ("root COW img", vm.rootcow_img)
@ -52,6 +54,10 @@ def do_list(vm):
print fmt.format ("private img", vm.private_img)
print fmt.format ("memory", vm.memory)
print fmt.format ("maxmem", vm.maxmem)
if vm.uses_default_kernel:
print fmt.format ("kernel", "%s (default)" % vm.kernel)
else:
print fmt.format ("kernel", vm.kernel)
def set_label(vms, vm, args):
@ -168,6 +174,33 @@ def set_nonupdateable(vms, vm, args):
vm.set_nonupdateable()
return True
def set_kernel(vms, vm, args):
if len (args) != 1:
print "Missing kernel version argument!"
print "Possible values:"
print "1) default"
print "2) none (kernels subdir in VM)"
print "3) <kernel version>, one of:"
for k in os.listdir(qubes_kernels_base_dir):
print " -", k
return
kernel = args[0]
if kernel == "default":
kernel = vms.get_default_kernel()
vm.uses_default_kernel = True
elif kernel == "none":
kernel = None
vm.uses_default_kernel = False
else:
if not os.path.exists(qubes_kernels_base_dir + '/' + kernel):
print "Kernel version {0} not installed.".format(kernel)
exit(1)
vm.uses_default_kernel = False
vm.kernel = kernel
properties = {
"updateable": set_updateable,
"nonupdateable": set_nonupdateable,
@ -176,6 +209,7 @@ properties = {
"netvm" : set_netvm,
"maxmem" : set_maxmem,
"memory" : set_memory,
"kernel" : set_kernel,
}

View File

@ -0,0 +1,48 @@
#!/usr/bin/python2.6
#
# The Qubes OS Project, http://www.qubes-os.org
#
# Copyright (C) 2011 Marek Marczykowski <marmarek@mimuw.edu.pl>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
#
from qubes.qubes import QubesVmCollection, qubes_kernels_base_dir
from optparse import OptionParser;
import os
def main():
usage = "usage: %prog <kernel>"
parser = OptionParser (usage)
(options, args) = parser.parse_args ()
if (len (args) != 1):
parser.error ("Missing argument!")
kernel = args[0]
if not os.path.exists(qubes_kernels_base_dir + "/" + kernel):
print "Kernel {0} not installed".format(kernel)
exit(1)
qvm_collection = QubesVmCollection()
qvm_collection.lock_db_for_writing()
qvm_collection.load()
qvm_collection.set_default_kernel(kernel)
qvm_collection.save()
qvm_collection.unlock_db()
main()

View File

@ -33,6 +33,10 @@ from qubes.qubes import qrexec_client_path
# fields required to be present (and verified) in retrieved desktop file
required_fields = [ "Name", "Exec" ]
#limits
appmenus_line_size = 1024
appmenus_line_count = 100000
# regexps for sanitization of retrieved values
std_re = re.compile(r"^[/a-zA-Z0-9.,&() -]*$")
fields_regexp = {
@ -44,15 +48,32 @@ fields_regexp = {
}
def get_appmenus(xid):
global appmenus_line_count
global appmenus_line_size
untrusted_appmenulist = []
if xid == -1:
untrusted_appmenulist = sys.stdin.readlines()
while appmenus_line_count > 0:
line = sys.stdin.readline(appmenus_line_size)
if line == "":
break;
untrusted_appmenulist.append(line.strip())
appmenus_line_count -= 1
if appmenus_line_count == 0:
raise QubesException("Line count limit exceeded")
else:
p = subprocess.Popen ([qrexec_client_path, '-d', str(xid),
'user:grep -H = /usr/share/applications/*.desktop'], stdout=subprocess.PIPE)
untrusted_appmenulist = p.communicate()[0].split('\n')
while appmenus_line_count > 0:
line = p.stdout.readline(appmenus_line_size)
if line == "":
break;
untrusted_appmenulist.append(line.strip())
appmenus_line_count -= 1
p.wait()
if p.returncode != 0:
raise QubesException("Error getting application list")
if appmenus_line_count == 0:
raise QubesException("Line count limit exceeded")
row_no = 0
appmenus = {}

View File

@ -127,6 +127,7 @@ def main():
notify_object = dbus.SessionBus().get_object("org.freedesktop.Notifications", "/org/freedesktop/Notifications")
qfile = QfileDaemonDvm(os.getenv("QREXEC_REMOTE_DOMAIN"))
lockf = open("/var/run/qubes/qfile-daemon-dvm.lock", 'a')
fcntl.fcntl(lockf, fcntl.F_SETFD, fcntl.FD_CLOEXEC)
fcntl.flock(lockf, fcntl.LOCK_EX)
dispname = qfile.get_dvm()
lockf.close()

View File

@ -250,7 +250,7 @@ void fill_field(FILE *conf, char *field, int dispid, int netvm_id)
// val - string to replace pattern with
void fix_conffile(FILE *conf, int conf_templ, int dispid, int netvm_id)
{
int buflen, cur_len = 0;
int buflen = 0, cur_len = 0;
char buf[4096];
char *bufpos = buf;
char *pattern, *patternend;

View File

@ -86,6 +86,9 @@ mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes
cp qubes_trigger_sync_appmenus.sh $RPM_BUILD_ROOT/usr/lib/qubes/
mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/dom0-updates
mkdir -p $RPM_BUILD_ROOT/lib/firmware
ln -s /lib/modules/firmware $RPM_BUILD_ROOT/lib/firmware/updates
%triggerin -- initscripts
cp /var/lib/qubes/serial.conf /etc/init/serial.conf
@ -236,3 +239,4 @@ rm -rf $RPM_BUILD_ROOT
/etc/yum/post-actions/qubes_trigger_sync_appmenus.action
/usr/lib/qubes/qubes_trigger_sync_appmenus.sh
/usr/lib/qubes/qubes_download_dom0_updates.sh
/lib/firmware/updates

View File

@ -115,6 +115,7 @@ mkdir -p $RPM_BUILD_ROOT/var/lib/qubes
mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/vm-templates
mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/appvms
mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/servicevms
mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/vm-kernels
mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/backup
mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/dvmdata
@ -176,6 +177,9 @@ echo 'lockfile="/var/run/qubes/xl-lock"' >> /etc/xen/xl.conf
sed '/^reposdir=/d' -i /etc/yum.conf
echo reposdir=/etc/yum.real.repos.d >> /etc/yum.conf
sed '/^installonlypkgs=/d' -i /etc/yum.conf
echo 'installonlypkgs += kernel-qubes-vm' >> /etc/yum.conf
chkconfig --add qubes_core || echo "WARNING: Cannot add service qubes_core!"
chkconfig --add qubes_netvm || echo "WARNING: Cannot add service qubes_netvm!"
chkconfig --add qubes_setupdvm || echo "WARNING: Cannot add service qubes_setupdvm!"
@ -295,6 +299,7 @@ fi
%attr(770,root,qubes) %dir /var/lib/qubes/backup
%attr(770,root,qubes) %dir /var/lib/qubes/dvmdata
%attr(770,root,qubes) %dir /var/lib/qubes/updates
%attr(770,root,qubes) %dir /var/lib/qubes/vm-kernels
%dir /usr/share/qubes/icons/*.png
/usr/share/qubes/qubes-vm.directory.template
/usr/share/qubes/qubes-templatevm.directory.template

View File

@ -1 +1 @@
1.6.3
1.6.4

View File

@ -1 +1 @@
1.6.2
1.6.4