From c1f4fcc17254e14886e00cde2304da90bc71e3d5 Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@mimuw.edu.pl>
Date: Wed, 20 Jul 2011 16:02:57 +0200
Subject: [PATCH 01/16] dom0: qvm-backup-restore change restore loop logic
 (#212)

---
 dom0/qvm-tools/qvm-backup-restore | 42 +++++++++++--------------------
 1 file changed, 15 insertions(+), 27 deletions(-)

diff --git a/dom0/qvm-tools/qvm-backup-restore b/dom0/qvm-tools/qvm-backup-restore
index 8e3e2123..ed7ef8c9 100755
--- a/dom0/qvm-tools/qvm-backup-restore
+++ b/dom0/qvm-tools/qvm-backup-restore
@@ -298,25 +298,16 @@ def main():
     if not (prompt == "y" or prompt == "Y"):
         exit (0)
 
-    for vm in vms_to_restore:
-        print "-> Restoring: {0} ...".format(vm.name)
-
+    # Add templates...
+    for vm in [ vm for vm in vms_to_restore if vm.is_template()]:
+        print "-> Restoring Template VM {0}...".format(vm.name)
         retcode = subprocess.call (["mkdir", "-p", vm.dir_path])
         if retcode != 0:
             print ("*** Cannot create directory: {0}?!".format(dest_dir))
             print ("Skiping...")
             continue
 
-        if vm.is_appvm():
-            restore_vm_dir (backup_dir, vm.dir_path, qubes_appvms_dir);
-        elif vm.is_template():
-            restore_vm_dir (backup_dir, vm.dir_path, qubes_templates_dir);
-        else:
-            print "ERROR: VM '{0}', type='{1}': unsupported VM type!".format(vm.name, vm.type)
-
-    # Add templates...
-    for vm in [ vm for vm in vms_to_restore if vm.is_template()]:
-        print "-> Adding Template VM {0}...".format(vm.name)
+        restore_vm_dir (backup_dir, vm.dir_path, qubes_templates_dir);
         updateable = vm.updateable
         try:
             vm = host_collection.add_new_templatevm(vm.name, 
@@ -336,14 +327,19 @@ def main():
     # ... then appvms...
     for vm in [ vm for vm in vms_to_restore if vm.is_appvm()]:
 
-        print "-> Adding AppVM {0}...".format(vm.name)
+        print "-> Restoring AppVM {0}...".format(vm.name)
+        retcode = subprocess.call (["mkdir", "-p", vm.dir_path])
+        if retcode != 0:
+            print ("*** Cannot create directory: {0}?!".format(dest_dir))
+            print ("Skiping...")
+            continue
+
+        restore_vm_dir (backup_dir, vm.dir_path, qubes_appvms_dir);
+
         template_vm = None
-        recreate_conf = options.recreate_conf
         if vm.template_vm is not None:
             template_name = find_template_name(vm.template_vm.name, options.replace_template)
             template_vm = host_collection.get_vm_by_name(template_name)
-            if template_name != vm.template_vm.name:
-                recreate_conf = True
 
         if not vm.uses_default_netvm:
             uses_default_netvm = False
@@ -370,23 +366,15 @@ def main():
             vm.uses_default_netvm = False
             vm.netvm_vm = netvm_vm
 
-        try:
-            if template_vm is not None and recreate_conf:
-                print "--> Recreating config file..."
-                vm.create_config_file()
-        except QubesException as err:
-            print "ERROR xen config restore: {0}".format(err)
-            print "*** VM '{0}' will not boot until you manually fix it (or correctly restore this VM)!".format(vm.name)
-
         try:
             vm.create_appmenus(verbose=True)
-        except QubesException as err:
+        except Exception as err:
             print "ERROR during appmenu restore: {0}".format(err)
             print "*** VM '{0}' will not have appmenus".format(vm.name)
 
         try:
             vm.verify_files()
-        except QubesException as err:
+        except Exception as err:
             print "ERROR: {0}".format(err)
             print "*** Skiping VM: {0}".format(vm.name)
             host_collection.pop(vm.qid)

From f1153a5413a2bdcce021d0c2962a511a79cb6af1 Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@mimuw.edu.pl>
Date: Wed, 20 Jul 2011 16:06:22 +0200
Subject: [PATCH 02/16] dom0: initialize vmtype in create_appmenus (#212)

---
 dom0/qvm-core/qubes.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py
index 1e540fa6..8b3330e4 100755
--- a/dom0/qvm-core/qubes.py
+++ b/dom0/qvm-core/qubes.py
@@ -742,6 +742,12 @@ class QubesVm(object):
         if source_template is None:
             source_template = self.template_vm
 
+        vmtype = None
+        if self.is_netvm():
+            vmtype = 'servicevms'
+        else:
+            vmtype = 'appvms'
+
         try:
             if source_template is not None:
                 subprocess.check_call ([qubes_appmenu_create_cmd, source_template.appmenus_templates_dir, self.name])

From c9ad2314ea439f917d85b10a9cf8cb8f49555adc Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@mimuw.edu.pl>
Date: Wed, 20 Jul 2011 16:12:28 +0200
Subject: [PATCH 03/16] dom0: variable names conflict (#290)

uuid is also name of (used here) python module...
---
 dom0/qvm-core/qubes.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py
index 8b3330e4..af16b767 100755
--- a/dom0/qvm-core/qubes.py
+++ b/dom0/qvm-core/qubes.py
@@ -432,8 +432,8 @@ class QubesVm(object):
 
         dominfo = self.get_xl_dominfo()
         if dominfo:
-            uuid = uuid.UUID(''.join('%02x' % b for b in dominfo.uuid))
-            return uuid
+            vmuuid = uuid.UUID(''.join('%02x' % b for b in dominfo.uuid))
+            return vmuuid
         else:
             return None
 

From 1dc226aba17ff861758c3f99f758552280696220 Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@mimuw.edu.pl>
Date: Thu, 21 Jul 2011 00:04:57 +0200
Subject: [PATCH 04/16] dom0/qvm-backup-restore: remove --recreate-conf-files
 option (#295)

Now useless, as config files are regenerated at each VM start
---
 dom0/qvm-tools/qvm-backup-restore | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/dom0/qvm-tools/qvm-backup-restore b/dom0/qvm-tools/qvm-backup-restore
index ed7ef8c9..da8101c7 100755
--- a/dom0/qvm-tools/qvm-backup-restore
+++ b/dom0/qvm-tools/qvm-backup-restore
@@ -130,9 +130,6 @@ def main():
     parser.add_option ("--force-root", action="store_true", dest="force_root", default=False,
                        help="Force to run, even with root privileges")
 
-    parser.add_option ("--recreate-conf-files", action="store_true", dest="recreate_conf", default=False,
-                       help="Recreate conf files after restore")
-
     parser.add_option ("--replace-template", action="append", dest="replace_template", default=[],
                        help="Restore VMs using another template, syntax: old-template-name:new-template-name (might be repeated)")
 

From fd4821a1ffa4404cb2ce752395e4c50addec8ab3 Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@mimuw.edu.pl>
Date: Thu, 21 Jul 2011 00:10:19 +0200
Subject: [PATCH 05/16] dom0/qvm-backup: update list of backed up files (#294)

Config and kernel not needed any more, but added appmenus list.
---
 dom0/qvm-tools/qvm-backup | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/dom0/qvm-tools/qvm-backup b/dom0/qvm-tools/qvm-backup
index 8c8126ae..cac9f4dc 100755
--- a/dom0/qvm-tools/qvm-backup
+++ b/dom0/qvm-tools/qvm-backup
@@ -120,12 +120,12 @@ def main():
             files_to_backup += file_to_backup(vm.private_img, vm_sz )
 
             files_to_backup += file_to_backup(vm.icon_path)
-            files_to_backup += file_to_backup(vm.conf_file)
             if vm.is_updateable():
-                files_to_backup += file_to_backup(vm.dir_path + "/apps")
-                files_to_backup += file_to_backup(vm.dir_path + "/kernels")
+                files_to_backup += file_to_backup(vm.dir_path + "/apps.templates")
             if os.path.exists (vm.firewall_conf):
                 files_to_backup += file_to_backup(vm.firewall_conf)
+            if os.path.exists(vm.dir_path + '/whitelisted-appmenus.list'):
+                files_to_backup += file_to_backup(vm.dir_path + '/whitelisted-appmenus.list')
 
             if vm.is_updateable():
                 sz = vm.get_disk_usage(vm.root_img)

From 6fc8d1b8111ece7be9fddbe5ce535754cf34e97a Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@mimuw.edu.pl>
Date: Thu, 21 Jul 2011 00:14:25 +0200
Subject: [PATCH 06/16] dom0/qvm-backup: ignore *-dvm VMs (#292)

---
 dom0/qvm-tools/qvm-backup | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dom0/qvm-tools/qvm-backup b/dom0/qvm-tools/qvm-backup
index cac9f4dc..c855a537 100755
--- a/dom0/qvm-tools/qvm-backup
+++ b/dom0/qvm-tools/qvm-backup
@@ -87,7 +87,7 @@ def main():
 
     files_to_backup = file_to_backup (qubes_store_filename)
 
-    appvms_to_backup = [vm for vm in vms_list if vm.is_appvm()]
+    appvms_to_backup = [vm for vm in vms_list if vm.is_appvm() and not vm.name.endswith('-dvm')]
     there_are_running_vms = False
 
     fields_to_display = [ 

From 1b093d5cc4bd626af0e0bffaf3ad6ffc4dbd6e28 Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@mimuw.edu.pl>
Date: Thu, 21 Jul 2011 00:44:34 +0200
Subject: [PATCH 07/16] dom0/qvm-clone-template: *_xen_storage call once
 again... (#291)

---
 dom0/qvm-tools/qvm-clone-template | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/dom0/qvm-tools/qvm-clone-template b/dom0/qvm-tools/qvm-clone-template
index b346012a..c5ea9446 100755
--- a/dom0/qvm-tools/qvm-clone-template
+++ b/dom0/qvm-tools/qvm-clone-template
@@ -58,12 +58,6 @@ def main():
 
     try:
         dst_tvm.clone_disk_files (src_template_vm=src_tvm, verbose=options.verbose)
-
-        if options.verbose:
-            print "--> Adding to Xen Storage..."
- 
-        dst_tvm.add_to_xen_storage()
-
     except (IOError, OSError) as err:
         print "ERROR: {0}".format(err)
         qvm_collection.pop(dst_tvm.qid)

From 342261ff10a77c8e50583bd6de8588c841160ac0 Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@mimuw.edu.pl>
Date: Thu, 21 Jul 2011 00:49:03 +0200
Subject: [PATCH 08/16] dom0: Do not clone config file with template

Not needed any more
---
 dom0/qvm-core/qubes.py | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py
index af16b767..2180407e 100755
--- a/dom0/qvm-core/qubes.py
+++ b/dom0/qvm-core/qubes.py
@@ -1099,11 +1099,6 @@ class QubesTemplateVm(QubesVm):
             print "--> Creating directory: {0}".format(self.dir_path)
         os.mkdir (self.dir_path)
 
-        if verbose:
-            print "--> Creating VM config file: {0}".\
-                    format(self.conf_file)
-        self.create_config_file(source_template=src_template_vm)
-
         if verbose:
             print "--> Copying the template's private image:\n{0} ==>\n{1}".\
                     format(src_template_vm.private_img, self.private_img)

From 1b1073d1ff8e9e9c3961014d93e71454f5fedcbf Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@mimuw.edu.pl>
Date: Thu, 21 Jul 2011 01:01:31 +0200
Subject: [PATCH 09/16] dom0: Force NetVM shutdown (#304)

Just allow to shut down netvm and firewallvm at the same time.
---
 dom0/init.d/qubes_netvm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dom0/init.d/qubes_netvm b/dom0/init.d/qubes_netvm
index 145be99d..c77a4307 100755
--- a/dom0/init.d/qubes_netvm
+++ b/dom0/init.d/qubes_netvm
@@ -61,7 +61,7 @@ stop()
 
         echo -n $"Stopping NetVMs:"
         for VM in `get_running_netvms`; do
-            qvm-run -q --shutdown --wait $VM
+            qvm-run -q --force --shutdown --wait $VM
         done
 
     fi

From 87d24247d156a0e37e3a774f0b9d92ca25ded93d Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@mimuw.edu.pl>
Date: Thu, 21 Jul 2011 02:18:18 +0200
Subject: [PATCH 10/16] version 1.6.10-dom0

---
 version_dom0 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/version_dom0 b/version_dom0
index 15d45d4b..1df3b822 100644
--- a/version_dom0
+++ b/version_dom0
@@ -1 +1 @@
-1.6.9
+1.6.10

From 2fc5d190fdab8ee9b76b7f6f453f24e4b9f01f63 Mon Sep 17 00:00:00 2001
From: Rafal Wojtczuk <rafal@invisiblethingslab.com>
Date: Fri, 22 Jul 2011 11:33:11 +0200
Subject: [PATCH 11/16] qmemman: calculate dom0 maxmem properly

In fact, set to ALL_PHYS_MEM (and the same for other domains that do not
have static-max key, although there should not be any). Previous method
of using maxmem_kb was broken, as qmemman sets maxmem_kb to the memory target
(which I do not like btw).
---
 dom0/qmemman/qmemman.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/dom0/qmemman/qmemman.py b/dom0/qmemman/qmemman.py
index 2c30ebb7..41685978 100755
--- a/dom0/qmemman/qmemman.py
+++ b/dom0/qmemman/qmemman.py
@@ -22,6 +22,7 @@ class SystemState:
         self.BALOON_DELAY = 0.1
         self.XEN_FREE_MEM_LEFT = 50*1024*1024
         self.XEN_FREE_MEM_MIN = 25*1024*1024
+        self.ALL_PHYS_MEM = self.xc.physinfo()['total_memory']*1024
 
     def add_domain(self, id):
         self.domdict[id] = DomainState(id)
@@ -46,7 +47,13 @@ class SystemState:
                 self.domdict[id].memory_actual = domain['mem_kb']*1024
                 self.domdict[id].memory_maximum = self.xs.read('', '/local/domain/%s/memory/static-max' % str(id))
                 if not self.domdict[id].memory_maximum:
-                    self.domdict[id].memory_maximum = domain['maxmem_kb']*1024
+                    self.domdict[id].memory_maximum = self.ALL_PHYS_MEM
+# the previous line used to be                                   
+#                    self.domdict[id].memory_maximum = domain['maxmem_kb']*1024
+# but domain['maxmem_kb'] changes in self.mem_set as well, and this results in
+# the memory never increasing
+# in fact, the only possible case of nonexisting memory/static-max is dom0
+# see #307
 
 #the below works (and is fast), but then 'xm list' shows unchanged memory value
     def mem_set(self, id, val):

From 9192a42b919e7d1a7ef3b8aa50c5934ce08cee37 Mon Sep 17 00:00:00 2001
From: Rafal Wojtczuk <rafal@invisiblethingslab.com>
Date: Fri, 22 Jul 2011 13:40:21 +0200
Subject: [PATCH 12/16] qmemman: when balooning, make sure that past mem-set
 will not steal memory

---
 dom0/qmemman/qmemman.py | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/dom0/qmemman/qmemman.py b/dom0/qmemman/qmemman.py
index 41685978..66a33207 100755
--- a/dom0/qmemman/qmemman.py
+++ b/dom0/qmemman/qmemman.py
@@ -81,6 +81,15 @@ class SystemState:
         except XenAPI.Failure:
             pass
 
+# this is called at the end of ballooning, when we have Xen free mem already
+# make sure that past mem_set will not decrease Xen free mem
+    def inhibit_balloon_up(self):
+        for i in self.domdict.keys():
+            dom = self.domdict[i]
+            if dom.memory_actual is not None and dom.memory_actual + 200*1024 < dom.last_target:
+                print "Preventing balloon up to", dom.last_target 
+                self.mem_set(i, dom.memory_actual)
+
 #perform memory ballooning, across all domains, to add "memsize" to Xen free memory
     def do_balloon(self, memsize):
         MAX_TRIES = 20
@@ -88,12 +97,14 @@ class SystemState:
         prev_memory_actual = None
         for i in self.domdict.keys():
             self.domdict[i].no_progress = False
+        print "do_balloon start"
         while True:
+            self.refresh_memactual()
             xenfree = self.get_free_xen_memory()
             print 'got xenfree=', xenfree
             if xenfree >= memsize + self.XEN_FREE_MEM_MIN:
+                self.inhibit_balloon_up()
                 return True
-            self.refresh_memactual()
             if prev_memory_actual is not None:
                 for i in prev_memory_actual.keys():
                     if prev_memory_actual[i] == self.domdict[i].memory_actual:

From acbb77762613737ffdc6d819f363a456efe6a94f Mon Sep 17 00:00:00 2001
From: Rafal Wojtczuk <rafal@invisiblethingslab.com>
Date: Fri, 22 Jul 2011 13:47:34 +0200
Subject: [PATCH 13/16] qrexec: impose startup time limit for qrexec_daemon

---
 qrexec/qrexec_daemon.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/qrexec/qrexec_daemon.c b/qrexec/qrexec_daemon.c
index d2a777b4..c0733cc6 100644
--- a/qrexec/qrexec_daemon.c
+++ b/qrexec/qrexec_daemon.c
@@ -82,12 +82,14 @@ int create_qrexec_socket(int domid, char *domname)
 	return get_server_socket(socket_address);
 }
 
+#define MAX_STARTUP_TIME 120
 
 /* do the preparatory tasks, needed before entering the main event loop */
 void init(int xid)
 {
 	char qrexec_error_log_name[256];
 	int logfd;
+	int i;
 
 	if (xid <= 0) {
 		fprintf(stderr, "domain id=0?\n");
@@ -102,11 +104,12 @@ void init(int xid)
 		break;
 	default:
 		fprintf(stderr, "Waiting for VM's qrexec agent.");
-		for (;;) {
+		for (i=0;i<MAX_STARTUP_TIME;i++) {
 			sleep(1);
 			fprintf(stderr, ".");
 		}
-		exit(0);
+		fprintf(stderr, "Cannot connect to qrexec agent for %d seconds, giving up\n", MAX_STARTUP_TIME);
+		exit(1);
 	}
 	close(0);
 	snprintf(qrexec_error_log_name, sizeof(qrexec_error_log_name),

From 7cfbe1c7d8decada7257c9f9927d4523696e1a8b Mon Sep 17 00:00:00 2001
From: Rafal Wojtczuk <rafal@invisiblethingslab.com>
Date: Fri, 22 Jul 2011 15:07:04 +0200
Subject: [PATCH 14/16] qubes.py: postpone qmmeman.close()

There are indications that when parent "xl" process exits, the domain is not
booted completely; and xl actions may interfere with qmemman memory balancing.
Thus, in VM.start(), we delay releasing of qmemman handle until qrexec_daemon
connects successfully.
---
 dom0/qvm-core/qubes.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py
index 2180407e..ab4c594e 100755
--- a/dom0/qvm-core/qubes.py
+++ b/dom0/qvm-core/qubes.py
@@ -943,8 +943,6 @@ class QubesVm(object):
             subprocess.check_call(xl_cmdline)
         except:
             raise QubesException("Failed to load VM config")
-        finally:
-            qmemman_client.close() # let qmemman_daemon resume balancing
 
         xid = self.get_xid()
         self.xid = xid
@@ -976,6 +974,13 @@ class QubesVm(object):
                 self.force_shutdown()
                 raise OSError ("ERROR: Cannot execute qrexec_daemon!")
 
+# close() is not really needed, because the descriptor is close-on-exec
+# anyway, the reason to postpone close() is that possibly xl is not done
+# constructing the domain after its main process exits 
+# so we close() when we know the domain is up
+# the successful qrexec connect is a good indicator of it
+        qmemman_client.close()
+
         if preparing_dvm:
             if verbose:
                 print "--> Preparing config template for DispVM"

From c23cc480b8cbc6877fdc0973d3213e464d6b4ac4 Mon Sep 17 00:00:00 2001
From: Rafal Wojtczuk <rafal@invisiblethingslab.com>
Date: Fri, 22 Jul 2011 16:07:06 +0200
Subject: [PATCH 15/16] qrexec: use $anyvm and $dispvm symbols

---
 appvm/qubes.Filecopy.policy                | 2 +-
 appvm/qubes.OpenInVM.policy                | 4 ++--
 appvm/qvm-open-in-dvm2                     | 2 +-
 dom0/aux-tools/qubes.ReceiveUpdates.policy | 2 +-
 dom0/qubes.SyncAppMenus.policy             | 2 +-
 qrexec/qrexec_daemon.c                     | 2 +-
 qrexec/qrexec_policy                       | 4 ++--
 7 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/appvm/qubes.Filecopy.policy b/appvm/qubes.Filecopy.policy
index 39296a11..6ecc534d 100644
--- a/appvm/qubes.Filecopy.policy
+++ b/appvm/qubes.Filecopy.policy
@@ -1 +1 @@
-anyvm	anyvm	ask,user=root
+$anyvm	$anyvm	ask,user=root
diff --git a/appvm/qubes.OpenInVM.policy b/appvm/qubes.OpenInVM.policy
index e103d394..7c9ccb41 100644
--- a/appvm/qubes.OpenInVM.policy
+++ b/appvm/qubes.OpenInVM.policy
@@ -1,2 +1,2 @@
-anyvm	dispvm	allow
-anyvm	anyvm	ask
+$anyvm	$dispvm	allow
+$anyvm	$anyvm	ask
diff --git a/appvm/qvm-open-in-dvm2 b/appvm/qvm-open-in-dvm2
index dcc7195e..25e8904c 100755
--- a/appvm/qvm-open-in-dvm2
+++ b/appvm/qvm-open-in-dvm2
@@ -25,4 +25,4 @@ if ! [ $# = 1 ] ; then
 	exit 1
 fi
 
-exec /usr/lib/qubes/qrexec_client_vm dispvm qubes.OpenInVM "/usr/lib/qubes/qopen-in-vm" "$1"
+exec /usr/lib/qubes/qrexec_client_vm '$dispvm' qubes.OpenInVM "/usr/lib/qubes/qopen-in-vm" "$1"
diff --git a/dom0/aux-tools/qubes.ReceiveUpdates.policy b/dom0/aux-tools/qubes.ReceiveUpdates.policy
index 74f80450..611f006d 100644
--- a/dom0/aux-tools/qubes.ReceiveUpdates.policy
+++ b/dom0/aux-tools/qubes.ReceiveUpdates.policy
@@ -1 +1 @@
-anyvm	dom0	allow
+$anyvm	dom0	allow
diff --git a/dom0/qubes.SyncAppMenus.policy b/dom0/qubes.SyncAppMenus.policy
index 74f80450..611f006d 100644
--- a/dom0/qubes.SyncAppMenus.policy
+++ b/dom0/qubes.SyncAppMenus.policy
@@ -1 +1 @@
-anyvm	dom0	allow
+$anyvm	dom0	allow
diff --git a/qrexec/qrexec_daemon.c b/qrexec/qrexec_daemon.c
index c0733cc6..b4a3b53a 100644
--- a/qrexec/qrexec_daemon.c
+++ b/qrexec/qrexec_daemon.c
@@ -372,7 +372,7 @@ void sanitize_name(char * untrusted_s_signed)
                         continue;
                 if (*untrusted_s >= '0' && *untrusted_s <= '9')
                         continue;
-                if (*untrusted_s == '_' || *untrusted_s == '-' || *untrusted_s == '.' || *untrusted_s == ' ')
+                if (*untrusted_s == '$' || *untrusted_s == '_' || *untrusted_s == '-' || *untrusted_s == '.' || *untrusted_s == ' ')
                         continue;
                 *untrusted_s = '_';
         }
diff --git a/qrexec/qrexec_policy b/qrexec/qrexec_policy
index 8d66630d..c44ca258 100755
--- a/qrexec/qrexec_policy
+++ b/qrexec/qrexec_policy
@@ -40,7 +40,7 @@ def read_policy_file(exec_index):
     return policy_list
 
 def is_match(item, config_term):
-    return (item is not "dom0" and config_term == "anyvm") or item == config_term
+    return (item is not "dom0" and config_term == "$anyvm") or item == config_term
 
 def get_default_policy():
     dict={}
@@ -76,7 +76,7 @@ def spawn_target_if_necessary(target):
 def do_execute(domain, target, user, exec_index, process_ident):
     if target == "dom0":
         cmd="/usr/lib/qubes/qubes_rpc_multiplexer "+exec_index + " " + domain
-    elif target == "dispvm":
+    elif target == "$dispvm":
         cmd = "/usr/lib/qubes/qfile-daemon-dvm " + exec_index + " " + domain + " " +user
     else:
     # see the previous commit why "qvm-run -a" is broken and dangerous

From dc4d9b32f199f12c763c5c790090f6b396869884 Mon Sep 17 00:00:00 2001
From: Rafal Wojtczuk <rafal@invisiblethingslab.com>
Date: Fri, 22 Jul 2011 16:11:03 +0200
Subject: [PATCH 16/16] Add comments to policy files.

---
 appvm/qubes.Filecopy.policy                | 5 +++++
 appvm/qubes.OpenInVM.policy                | 5 +++++
 dom0/aux-tools/qubes.ReceiveUpdates.policy | 5 +++++
 dom0/qubes.SyncAppMenus.policy             | 5 +++++
 qrexec/qrexec_policy                       | 4 ++++
 5 files changed, 24 insertions(+)

diff --git a/appvm/qubes.Filecopy.policy b/appvm/qubes.Filecopy.policy
index 6ecc534d..0a0d7352 100644
--- a/appvm/qubes.Filecopy.policy
+++ b/appvm/qubes.Filecopy.policy
@@ -1 +1,6 @@
+## Note that policy parsing stops at the first match,
+## so adding anything below "$anyvm $anyvm action" line will have no effect
+
+## Please use a single # to start your custom comments
+
 $anyvm	$anyvm	ask,user=root
diff --git a/appvm/qubes.OpenInVM.policy b/appvm/qubes.OpenInVM.policy
index 7c9ccb41..41217337 100644
--- a/appvm/qubes.OpenInVM.policy
+++ b/appvm/qubes.OpenInVM.policy
@@ -1,2 +1,7 @@
+## Note that policy parsing stops at the first match,
+## so adding anything below "$anyvm $anyvm action" line will have no effect
+
+## Please use a single # to start your custom comments
+
 $anyvm	$dispvm	allow
 $anyvm	$anyvm	ask
diff --git a/dom0/aux-tools/qubes.ReceiveUpdates.policy b/dom0/aux-tools/qubes.ReceiveUpdates.policy
index 611f006d..0f00b0b6 100644
--- a/dom0/aux-tools/qubes.ReceiveUpdates.policy
+++ b/dom0/aux-tools/qubes.ReceiveUpdates.policy
@@ -1 +1,6 @@
+## Note that policy parsing stops at the first match,
+## so adding anything below "$anyvm $anyvm action" line will have no effect
+
+## Please use a single # to start your custom comments
+
 $anyvm	dom0	allow
diff --git a/dom0/qubes.SyncAppMenus.policy b/dom0/qubes.SyncAppMenus.policy
index 611f006d..0f00b0b6 100644
--- a/dom0/qubes.SyncAppMenus.policy
+++ b/dom0/qubes.SyncAppMenus.policy
@@ -1 +1,6 @@
+## Note that policy parsing stops at the first match,
+## so adding anything below "$anyvm $anyvm action" line will have no effect
+
+## Please use a single # to start your custom comments
+
 $anyvm	dom0	allow
diff --git a/qrexec/qrexec_policy b/qrexec/qrexec_policy
index c44ca258..52632abf 100755
--- a/qrexec/qrexec_policy
+++ b/qrexec/qrexec_policy
@@ -12,6 +12,10 @@ def line_to_dict(line):
     tokens=line.split()
     if len(tokens) < 3:
         return None
+
+    if tokens[0][0] == '#':
+        return None  
+
     dict={}
     dict['source']=tokens[0]
     dict['dest']=tokens[1]