Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'hvm' of 10.141.1.101:/var/lib/qubes/git/marmarek/core into hvm

Browse Source
This commit is contained in:
Joanna Rutkowska 2012-07-20 19:46:06 +02:00
commit 1f7e873768
10 changed files with 77 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
dom0/aux-tools/fix_dir_perms.sh Executable file
View File

@ -0,0 +1,20 @@
#!/bin/sh
chgrp qubes /etc/xen
chmod 710 /etc/xen
chgrp qubes /var/run/xenstored/*
chmod 660 /var/run/xenstored/*
chgrp qubes /var/lib/xen
chmod 770 /var/lib/xen
chgrp qubes /var/log/xen
chmod 770 /var/log/xen
chgrp qubes /proc/xen/privcmd
chmod 660 /proc/xen/privcmd
chgrp qubes /dev/xen/evtchn
chmod 660 /dev/xen/evtchn
touch /var/run/qubes/xl-lock
chgrp qubes /var/run/qubes/xl-lock
chmod 660 /var/run/qubes/xl-lock
chgrp -R qubes /var/log/xen
chmod -R g+rX /var/log/xen
chmod g+s /var/log/xen/console
mkdir -p /var/run/xen-hotplug

24
dom0/init.d/qubes_core
View File

@ -21,25 +21,7 @@ start()
{ {
echo -n $"Executing Qubes Core scripts:" echo -n $"Executing Qubes Core scripts:"
modprobe evtchn 2> /dev/null || modprobe xen-evtchn modprobe evtchn 2> /dev/null || modprobe xen-evtchn
chgrp qubes /etc/xen /usr/lib/qubes/fix_dir_perms.sh
chmod 710 /etc/xen
chgrp qubes /var/run/xenstored/*
chmod 660 /var/run/xenstored/*
chgrp qubes /var/lib/xen
chmod 770 /var/lib/xen
chgrp qubes /var/log/xen
chmod 770 /var/log/xen
chgrp qubes /proc/xen/privcmd
chmod 660 /proc/xen/privcmd
chgrp qubes /dev/xen/evtchn
chmod 660 /dev/xen/evtchn
touch /var/run/qubes/xl-lock
chgrp qubes /var/run/qubes/xl-lock
chmod 660 /var/run/qubes/xl-lock
chgrp -R qubes /var/log/xen
chmod -R g+rX /var/log/xen
chmod g+s /var/log/xen/console
mkdir -p /var/run/xen-hotplug
xenstore-write /local/domain/0/name dom0 xenstore-write /local/domain/0/name dom0
DOM0_MAXMEM=`/usr/sbin/xl info | grep total_memory | awk '{ print $3 }'` DOM0_MAXMEM=`/usr/sbin/xl info | grep total_memory | awk '{ print $3 }'`
@ -48,10 +30,10 @@ start()
xl sched-credit -d 0 -w 512 xl sched-credit -d 0 -w 512
cp /var/lib/qubes/qubes.xml /var/lib/qubes/backup/qubes-$(date +%F-%T).xml cp /var/lib/qubes/qubes.xml /var/lib/qubes/backup/qubes-$(date +%F-%T).xml
/usr/lib/qubes/qmemman_daemon.py >/var/log/qubes/qmemman.log 2>/var/log/qubes/qmemman.errs & /usr/lib/qubes/qmemman_daemon.py
MEM_CHANGE_THRESHOLD_KB=30000 MEM_CHANGE_THRESHOLD_KB=30000
MEMINFO_DELAY_USEC=100000 MEMINFO_DELAY_USEC=100000
/usr/lib/qubes/meminfo-writer $MEM_CHANGE_THRESHOLD_KB $MEMINFO_DELAY_USEC & /usr/lib/qubes/meminfo-writer $MEM_CHANGE_THRESHOLD_KB $MEMINFO_DELAY_USEC
/usr/lib/qubes/block_cleaner_daemon.py > /var/log/qubes/block_cleaner.log 2>&1 & /usr/lib/qubes/block_cleaner_daemon.py > /var/log/qubes/block_cleaner.log 2>&1 &

37
dom0/qmemman/qmemman_server.py
View File

@ -12,6 +12,8 @@ from optparse import OptionParser
from qubesutils import parse_size from qubesutils import parse_size
config_path = '/etc/qubes/qmemman.conf' config_path = '/etc/qubes/qmemman.conf'
SOCK_PATH='/var/run/qubes/qmemman.sock'
LOG_PATH='/var/log/qubes/qmemman.log'
system_state = SystemState() system_state = SystemState()
global_lock = thread.allocate_lock() global_lock = thread.allocate_lock()
@ -105,15 +107,7 @@ class QMemmanReqHandler(SocketServer.BaseRequestHandler):
self.request.send(resp) self.request.send(resp)
def start_server(): def start_server(server):
SOCK_PATH='/var/run/qubes/qmemman.sock'
try:
os.unlink(SOCK_PATH)
except:
pass
os.umask(0)
server = SocketServer.UnixStreamServer(SOCK_PATH, QMemmanReqHandler)
os.umask(077)
server.serve_forever() server.serve_forever()
class QMemmanServer: class QMemmanServer:
@ -124,6 +118,19 @@ class QMemmanServer:
parser.add_option("-c", "--config", action="store", dest="config", default=config_path) parser.add_option("-c", "--config", action="store", dest="config", default=config_path)
(options, args) = parser.parse_args() (options, args) = parser.parse_args()
logfd = os.open(LOG_PATH, os.O_WRONLY|os.O_APPEND|os.O_CREAT, 0644)
if logfd < 0:
print sys.stderr, "ERROR: Failed to open log file (%s)" % LOG_PATH
exit(1)
# reinitialize python stdout/err
sys.stdout.flush()
sys.stderr.flush()
os.dup2(logfd, 1)
os.dup2(logfd, 2)
os.close(logfd)
devnull = os.open('/dev/null', os.O_RDONLY)
os.dup2(devnull, 0)
config = SafeConfigParser({ config = SafeConfigParser({
'vm-min-mem': str(qmemman_algo.MIN_PREFMEM), 'vm-min-mem': str(qmemman_algo.MIN_PREFMEM),
'dom0-mem-boost': str(qmemman_algo.DOM0_MEM_BOOST), 'dom0-mem-boost': str(qmemman_algo.DOM0_MEM_BOOST),
@ -137,5 +144,13 @@ class QMemmanServer:
print "values: %s, %s, %s" % (str(qmemman_algo.MIN_PREFMEM), str(qmemman_algo.DOM0_MEM_BOOST), str(qmemman_algo.CACHE_FACTOR)) print "values: %s, %s, %s" % (str(qmemman_algo.MIN_PREFMEM), str(qmemman_algo.DOM0_MEM_BOOST), str(qmemman_algo.CACHE_FACTOR))
thread.start_new_thread(start_server, tuple([])) try:
XS_Watcher().watch_loop() os.unlink(SOCK_PATH)
except:
pass
os.umask(0)
server = SocketServer.UnixStreamServer(SOCK_PATH, QMemmanReqHandler)
os.umask(077)
if os.fork() == 0:
thread.start_new_thread(start_server, tuple([server]))
XS_Watcher().watch_loop()

12
dom0/qvm-core/qubes.py
View File

@ -340,6 +340,10 @@ class QubesVm(object):
if 'meminfo-writer' not in self.services: if 'meminfo-writer' not in self.services:
self.services['meminfo-writer'] = not (len(self.pcidevs) > 0) self.services['meminfo-writer'] = not (len(self.pcidevs) > 0)
# Additionally force meminfo-writer disabled when VM have PCI devices
if len(self.pcidevs) > 0:
self.services['meminfo-writer'] = False
# Some additional checks for template based VM # Some additional checks for template based VM
if self.template is not None: if self.template is not None:
if not self.template.is_template(): if not self.template.is_template():
@ -1411,7 +1415,7 @@ class QubesVm(object):
if verbose: if verbose:
print >> sys.stderr, "--> Waiting for qubes-session..." print >> sys.stderr, "--> Waiting for qubes-session..."
subprocess.call([qrexec_client_path, "-d", str(xid), "user:echo $$ >> /tmp/qubes-session-waiter; [ ! -f /tmp/qubes-session-env ] && exec sleep 365d"]) self.run('echo $$ >> /tmp/qubes-session-waiter; [ ! -f /tmp/qubes-session-env ] && exec sleep 365d', ignore_stderr=True, gui=False, wait=True)
retcode = subprocess.call([qubes_clipd_path]) retcode = subprocess.call([qubes_clipd_path])
if retcode != 0: if retcode != 0:
@ -1454,7 +1458,11 @@ class QubesVm(object):
mem_required = int(self.memory) * 1024 * 1024 mem_required = int(self.memory) * 1024 * 1024
qmemman_client = QMemmanClient() qmemman_client = QMemmanClient()
if not qmemman_client.request_memory(mem_required): try:
got_memory = qmemman_client.request_memory(mem_required)
except IOError as e:
raise IOError("ERROR: Failed to connect to qmemman: %s" % str(e))
if not got_memory:
qmemman_client.close() qmemman_client.close()
raise MemoryError ("ERROR: insufficient memory to start VM '%s'" % self.name) raise MemoryError ("ERROR: insufficient memory to start VM '%s'" % self.name)

1
dom0/qvm-tools/qvm-add-appvm
View File

@ -24,6 +24,7 @@ from qubes.qubes import QubesVmCollection
from qubes.qubes import QubesException from qubes.qubes import QubesException
from optparse import OptionParser; from optparse import OptionParser;
import sys import sys
import os
def main(): def main():
usage = "usage: %prog [options] <appvm-name> <vm-template-name>\n\n"\ usage = "usage: %prog [options] <appvm-name> <vm-template-name>\n\n"\

1
dom0/qvm-tools/qvm-add-template
View File

@ -24,6 +24,7 @@ from qubes.qubes import QubesVmCollection
from qubes.qubes import QubesException from qubes.qubes import QubesException
from optparse import OptionParser; from optparse import OptionParser;
import sys import sys
import os
def main(): def main():
usage = "usage: %prog [options] <vm-template-name>\n"\ usage = "usage: %prog [options] <vm-template-name>\n"\

1
dom0/qvm-tools/qvm-clone
View File

@ -25,6 +25,7 @@ from qubes.qubes import QubesAppVm, QubesTemplateVm, QubesHVm
from qubes.qubes import QubesException from qubes.qubes import QubesException
from optparse import OptionParser; from optparse import OptionParser;
import sys import sys
import os
def main(): def main():
usage = "usage: %prog [options] <src-name> <new-name>\n"\ usage = "usage: %prog [options] <src-name> <new-name>\n"\

1
dom0/qvm-tools/qvm-firewall
View File

@ -25,6 +25,7 @@ from optparse import OptionParser;
import subprocess import subprocess
import sys import sys
import re import re
import os
services = list() services = list()

11
misc/meminfo-writer.c
View File

@ -154,6 +154,17 @@ int main(int argc, char **argv)
perror("xs_domain_open"); perror("xs_domain_open");
exit(1); exit(1);
} }
if (argc == 3) {
/* if not waiting for signal, fork after first info written to xenstore */
n = pread(fd, buf, sizeof(buf), 0);
buf[n] = 0;
meminfo_data = parse(buf);
if (meminfo_data)
send_to_qmemman(xs, meminfo_data);
if (fork() > 0)
exit(0);
}
for (;;) { for (;;) {
n = pread(fd, buf, sizeof(buf), 0); n = pread(fd, buf, sizeof(buf), 0);
buf[n] = 0; buf[n] = 0;

3
rpm_spec/core-dom0.spec
View File

@ -115,6 +115,7 @@ cp ../misc/block_add_change $RPM_BUILD_ROOT/usr/lib/qubes/
cp ../misc/block_remove $RPM_BUILD_ROOT/usr/lib/qubes/ cp ../misc/block_remove $RPM_BUILD_ROOT/usr/lib/qubes/
cp ../misc/block_cleanup $RPM_BUILD_ROOT/usr/lib/qubes/ cp ../misc/block_cleanup $RPM_BUILD_ROOT/usr/lib/qubes/
cp aux-tools/block_cleaner_daemon.py $RPM_BUILD_ROOT/usr/lib/qubes/ cp aux-tools/block_cleaner_daemon.py $RPM_BUILD_ROOT/usr/lib/qubes/
cp aux-tools/fix_dir_perms.sh $RPM_BUILD_ROOT/usr/lib/qubes/
mkdir -p $RPM_BUILD_ROOT/etc/qubes_rpc/policy mkdir -p $RPM_BUILD_ROOT/etc/qubes_rpc/policy
cp ../qubes_rpc/qubes.Filecopy.policy $RPM_BUILD_ROOT/etc/qubes_rpc/policy/qubes.Filecopy cp ../qubes_rpc/qubes.Filecopy.policy $RPM_BUILD_ROOT/etc/qubes_rpc/policy/qubes.Filecopy
@ -295,6 +296,7 @@ fi
%triggerin -- xen-runtime %triggerin -- xen-runtime
sed -i 's/\/block /\/block.qubes /' /etc/udev/rules.d/xen-backend.rules sed -i 's/\/block /\/block.qubes /' /etc/udev/rules.d/xen-backend.rules
/usr/lib/qubes/fix_dir_perms.sh
%triggerin -- xorg-x11-drv-vmmouse %triggerin -- xorg-x11-drv-vmmouse
mv -f /lib/udev/rules.d/69-xorg-vmmouse.rules /var/lib/qubes/removed-udev-scripts/ 2> /dev/null || : mv -f /lib/udev/rules.d/69-xorg-vmmouse.rules /var/lib/qubes/removed-udev-scripts/ 2> /dev/null || :
@ -359,6 +361,7 @@ fi
/usr/lib/qubes/block_remove /usr/lib/qubes/block_remove
/usr/lib/qubes/block_cleanup /usr/lib/qubes/block_cleanup
/usr/lib/qubes/block_cleaner_daemon.py* /usr/lib/qubes/block_cleaner_daemon.py*
/usr/lib/qubes/fix_dir_perms.sh
%attr(4750,root,qubes) /usr/lib/qubes/qfile-dom0-unpacker %attr(4750,root,qubes) /usr/lib/qubes/qfile-dom0-unpacker
%attr(770,root,qubes) %dir /var/lib/qubes %attr(770,root,qubes) %dir /var/lib/qubes
%attr(770,root,qubes) %dir /var/lib/qubes/vm-templates %attr(770,root,qubes) %dir /var/lib/qubes/vm-templates