From e2a0c222999390163134eb4ffc46666dc91a92c9 Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Wed, 13 Jun 2012 01:59:25 +0200 Subject: [PATCH 1/5] vm/qubes-dom0-update: rebuild dom0 rpmdb before touching it with yum Dom0 can have different (older) rpmdb version than VM. Starting from FC17 yum refuses to work without rebuild. --- misc/qubes_download_dom0_updates.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/misc/qubes_download_dom0_updates.sh b/misc/qubes_download_dom0_updates.sh index 33bc46d3..de869c55 100755 --- a/misc/qubes_download_dom0_updates.sh +++ b/misc/qubes_download_dom0_updates.sh @@ -43,6 +43,10 @@ fi mkdir -p $DOM0_UPDATES_DIR/etc sed -i '/^reposdir\s*=/d' $DOM0_UPDATES_DIR/etc/yum.conf +# Rebuild rpm database in case of different rpm version +rm -f $DOM0_UPDATES_DIR/var/lib/rpm/__* +rpm --root=$DOM0_UPDATES_DIR --rebuilddb + if [ "$CLEAN" = "1" ]; then yum $OPTS clean all rm -f $DOM0_UPDATES_DIR/packages/* From 3a8427cee57cab2a0f10c00586a8ccd967462aa5 Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Wed, 13 Jun 2012 04:08:09 +0200 Subject: [PATCH 2/5] dom0: do not reply all udev events at system boot (#595) This can cause some rules to fail and eg remove dm-* devices. Replace it with what is really needed to hide mounted (and other ignored) devices from qubes-block-devices. --- dom0/init.d/qubes_core | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/dom0/init.d/qubes_core b/dom0/init.d/qubes_core index 072f0ac2..d4d5b626 100755 --- a/dom0/init.d/qubes_core +++ b/dom0/init.d/qubes_core @@ -53,8 +53,12 @@ start() MEMINFO_DELAY_USEC=100000 /usr/lib/qubes/meminfo-writer $MEM_CHANGE_THRESHOLD_KB $MEMINFO_DELAY_USEC & - # Reply block events to hide mounted devices from qubes-block list (at first udev run, only / is mounted) - udevadm trigger --subsystem-match=block --action=add + # Hide mounted devices from qubes-block list (at first udev run, only / is mounted) + for dev in `xenstore-list /local/domain/0/qubes-block-devices`; do + ( eval `udevadm info -q property -n $dev|sed -e 's/\([^=]*\)=\(.*\)/export \1="\2"/'`; + /usr/lib/qubes/block_add_change + ) + done touch /var/lock/subsys/qubes_core success From c534d5871b04842dc8fa97870dae81f5c20c1c25 Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Wed, 13 Jun 2012 17:01:57 +0200 Subject: [PATCH 3/5] dom0/core: fix order of loading VM attributes Parsing kernelopts depends on uses_default_kernelopts, so set 'order' appropriate. --- dom0/qvm-core/qubes.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py index c3f71e41..b1bb384d 100755 --- a/dom0/qvm-core/qubes.py +++ b/dom0/qvm-core/qubes.py @@ -245,7 +245,7 @@ class QubesVm(object): "kernel": { "default": None, 'order': 30 }, "uses_default_kernel": { "default": True, 'order': 30 }, "uses_default_kernelopts": { "default": True, 'order': 30 }, - "kernelopts": { "default": "", 'order': 30, "eval": \ + "kernelopts": { "default": "", 'order': 31, "eval": \ 'value if not self.uses_default_kernelopts else default_kernelopts_pcidevs if len(self.pcidevs) > 0 else default_kernelopts' }, "mac": { "attr": "_mac", "default": None }, "include_in_backups": { "default": True }, From 844d43b0ef53a0d9338442ccabab6be0f8931995 Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Wed, 13 Jun 2012 17:08:30 +0200 Subject: [PATCH 4/5] dom0/core: introduce is_guid_running() and use it in is_fully_usable() To improve code reuse, especially to remove direct checking for "/var/run/qubes/guid_running.{0}" in many places. --- dom0/qvm-core/qubes.py | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py index b1bb384d..987537ee 100755 --- a/dom0/qvm-core/qubes.py +++ b/dom0/qvm-core/qubes.py @@ -642,12 +642,18 @@ class QubesVm(object): return "NA" - def is_fully_usable(self): + def is_guid_running(self): xid = self.get_xid() if xid < 0: return False if not os.path.exists('/var/run/qubes/guid_running.%d' % xid): return False + return True + + def is_fully_usable(self): + # Running gui-daemon implies also VM running + if not self.is_guid_running(): + return False # currently qrexec daemon doesn't cleanup socket in /var/run/qubes, so # it can be left from some other VM return True @@ -1298,7 +1304,7 @@ class QubesVm(object): raise QubesException("Not enough memory to start '{0}' VM! Close one or more running VMs and try again.".format(self.name)) xid = self.get_xid() - if os.getenv("DISPLAY") is not None and not os.path.isfile("/var/run/qubes/guid_running.{0}".format(xid)): + if os.getenv("DISPLAY") is not None and not self.is_guid_running(): self.start_guid(verbose = verbose, notify_function = notify_function) args = [qrexec_client_path, "-d", str(xid), command] From 8bdc5706f701f58d97656182faad4b68d9b5328d Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Wed, 13 Jun 2012 17:16:12 +0200 Subject: [PATCH 5/5] dom0/core: allow to change default user for qvm-run (#577) This doesn't make all dom0 code VM-username independent, still 'user' is hardcoded in many places. This only change behavior of qvm-run, especially for use in HVM. --- dom0/qvm-core/qubes.py | 6 ++++-- dom0/qvm-tools/qvm-prefs | 11 +++++++++++ dom0/qvm-tools/qvm-run | 12 ++++++------ 3 files changed, 21 insertions(+), 8 deletions(-) diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py index 987537ee..937bbad0 100755 --- a/dom0/qvm-core/qubes.py +++ b/dom0/qvm-core/qubes.py @@ -251,6 +251,7 @@ class QubesVm(object): "include_in_backups": { "default": True }, "services": { "default": {}, "eval": "eval(str(value))" }, "debug": { "default": False }, + "default_user": { "default": "user" }, ##### Internal attributes - will be overriden in __init__ regardless of args "appmenus_templates_dir": { "eval": \ 'self.dir_path + "/" + default_appmenus_templates_subdir if self.updateable else ' + \ @@ -267,7 +268,8 @@ class QubesVm(object): for prop in ['qid', 'name', 'dir_path', 'memory', 'maxmem', 'pcidevs', 'vcpus', 'internal',\ 'uses_default_kernel', 'kernel', 'uses_default_kernelopts',\ 'kernelopts', 'services', 'installed_by_rpm',\ - 'uses_default_netvm', 'include_in_backups', 'debug' ]: + 'uses_default_netvm', 'include_in_backups', 'debug',\ + 'default_user' ]: attrs[prop]['save'] = 'str(self.%s)' % prop # Simple paths for prop in ['conf_file', 'root_img', 'volatile_img', 'private_img']: @@ -2540,7 +2542,7 @@ class QubesVmCollection(dict): "installed_by_rpm", "internal", "uses_default_netvm", "label", "memory", "vcpus", "pcidevs", "maxmem", "kernel", "uses_default_kernel", "kernelopts", "uses_default_kernelopts", - "mac", "services", "include_in_backups", "debug" ) + "mac", "services", "include_in_backups", "debug", "default_user" ) for attribute in common_attr_list: kwargs[attribute] = element.get(attribute) diff --git a/dom0/qvm-tools/qvm-prefs b/dom0/qvm-tools/qvm-prefs index 66664497..98db27ac 100755 --- a/dom0/qvm-tools/qvm-prefs +++ b/dom0/qvm-tools/qvm-prefs @@ -76,6 +76,9 @@ def do_list(vm): if hasattr(vm, 'debug'): print fmt.format("debug", "on" if vm.debug else "off") + if hasattr(vm, 'default_user'): + print fmt.format("default user", str(vm.default_user)) + def set_label(vms, vm, args): if len (args) != 1: print >> sys.stderr, "Missing label name argument!" @@ -283,7 +286,14 @@ def set_debug(vms, vm, args): vm.debug = False else: vm.debug = bool(eval(args[0].capitalize())) + return True +def set_default_user(vms, vm, args): + if len (args) != 1: + print >> sys.stderr, "Missing user name!" + return False + + vm.default_user = args[0] return True def set_include_in_backups(vms, vm, args): @@ -308,6 +318,7 @@ properties = { "name": set_name, "mac": set_mac, "debug": set_debug, + "default_user": set_default_user, } diff --git a/dom0/qvm-tools/qvm-run b/dom0/qvm-tools/qvm-run index 84f7e099..89d53756 100755 --- a/dom0/qvm-tools/qvm-run +++ b/dom0/qvm-tools/qvm-run @@ -98,7 +98,7 @@ def main(): parser.add_option ("-q", "--quiet", action="store_false", dest="verbose", default=True) parser.add_option ("-a", "--auto", action="store_true", dest="auto", default=False, help="Auto start the VM if not running") - parser.add_option ("-u", "--user", action="store", dest="user", default="user", + parser.add_option ("-u", "--user", action="store", dest="user", default=None, help="Run command in a VM as a specified user") parser.add_option ("--tray", action="store_true", dest="tray", default=False, help="Use tray notifications instead of stdout" ) @@ -188,12 +188,12 @@ def main(): exit(1) vms_list.append(vm) - if takes_cmd_argument: - cmd = "{user}:{cmd}".format(user=options.user, cmd=cmdstr) - else: - cmd = None - for vm in vms_list: + if takes_cmd_argument: + cmd = "{user}:{cmd}".format(user=options.user if options.user else vm.default_user, cmd=cmdstr) + else: + cmd = None + vm_run_cmd(vm, cmd, options)