From c5212ee438cbb2b24aaf3cb48fb599037300c51b Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Mon, 11 Jun 2012 22:33:57 +0200 Subject: [PATCH 1/5] vm: chown /home/user to user if user UID have changed FC16 and FC17 starts normal users at UID 1000, not 500 as in <=FC15. --- vm-systemd/misc-post.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/vm-systemd/misc-post.sh b/vm-systemd/misc-post.sh index dbefd432..b86e6a7f 100755 --- a/vm-systemd/misc-post.sh +++ b/vm-systemd/misc-post.sh @@ -30,6 +30,11 @@ if [ -e /dev/xvdb ] ; then touch /var/lib/qubes/first_boot_completed fi + # Chown home if user UID have changed - can be the case on template switch + HOME_USER_UID=`ls -dn /home/user | awk '{print $3}'` + if [ "`id -u user`" -ne "$HOME_USER_UID" ]; then + find /home/user -uid "$HOME_USER_UID" -print0 | xargs -0 chown user:user + fi fi [ -x /rw/config/rc.local ] && /rw/config/rc.local From 653c056c999d6f7c6f7e4e80c43ee870ce0c8e64 Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Tue, 12 Jun 2012 18:24:34 +0200 Subject: [PATCH 2/5] dom0/core: fix HVM network settings in xen config --- dom0/qvm-core/qubes.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py index f4c882f4..03d2d09d 100755 --- a/dom0/qvm-core/qubes.py +++ b/dom0/qvm-core/qubes.py @@ -882,8 +882,8 @@ class QubesVm(object): args['vcpus'] = str(self.vcpus) args['ip'] = self.ip args['mac'] = self.mac - args['gateway'] = self.gateway - args['dns1'] = self.gateway + args['gateway'] = self.netvm.gateway + args['dns1'] = self.netvm.gateway args['dns2'] = self.secondary_dns args['netmask'] = self.netmask if self.netvm is not None: From 2eb7c5733dc79c8fab4e5a2cc8f640556286d9ff Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Tue, 12 Jun 2012 18:25:04 +0200 Subject: [PATCH 3/5] dom0/core: set network parameters only when VM have network access --- dom0/qvm-core/qubes.py | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/dom0/qvm-core/qubes.py b/dom0/qvm-core/qubes.py index 03d2d09d..09d311aa 100755 --- a/dom0/qvm-core/qubes.py +++ b/dom0/qvm-core/qubes.py @@ -880,18 +880,24 @@ class QubesVm(object): # If dynamic memory management disabled, set maxmem=mem args['maxmem'] = args['mem'] args['vcpus'] = str(self.vcpus) - args['ip'] = self.ip - args['mac'] = self.mac - args['gateway'] = self.netvm.gateway - args['dns1'] = self.netvm.gateway - args['dns2'] = self.secondary_dns - args['netmask'] = self.netmask if self.netvm is not None: + args['ip'] = self.ip + args['mac'] = self.mac + args['gateway'] = self.netvm.gateway + args['dns1'] = self.netvm.gateway + args['dns2'] = self.secondary_dns + args['netmask'] = self.netmask args['netdev'] = "'mac={mac},script=/etc/xen/scripts/vif-route-qubes,ip={ip}".format(ip=self.ip, mac=self.mac) if self.netvm.qid != 0: args['netdev'] += ",backend={0}".format(self.netvm.name) args['netdev'] += "'" else: + args['ip'] = '' + args['mac'] = '' + args['gateway'] = '' + args['dns1'] = '' + args['dns2'] = '' + args['netmask'] = '' args['netdev'] = '' args['rootdev'] = self.get_rootdev(source_template=source_template) args['privatedev'] = "'script:file:{dir}/private.img,xvdb,w',".format(dir=self.dir_path) From f39404cc8aca2ed3af4d39de9cba1824d0a1e619 Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Wed, 13 Jun 2012 01:59:25 +0200 Subject: [PATCH 4/5] vm/qubes-dom0-update: rebuild dom0 rpmdb before touching it with yum Dom0 can have different (older) rpmdb version than VM. Starting from FC17 yum refuses to work without rebuild. --- misc/qubes_download_dom0_updates.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/misc/qubes_download_dom0_updates.sh b/misc/qubes_download_dom0_updates.sh index 33bc46d3..de869c55 100755 --- a/misc/qubes_download_dom0_updates.sh +++ b/misc/qubes_download_dom0_updates.sh @@ -43,6 +43,10 @@ fi mkdir -p $DOM0_UPDATES_DIR/etc sed -i '/^reposdir\s*=/d' $DOM0_UPDATES_DIR/etc/yum.conf +# Rebuild rpm database in case of different rpm version +rm -f $DOM0_UPDATES_DIR/var/lib/rpm/__* +rpm --root=$DOM0_UPDATES_DIR --rebuilddb + if [ "$CLEAN" = "1" ]; then yum $OPTS clean all rm -f $DOM0_UPDATES_DIR/packages/* From dfbf078155424097c4635245eacd45be5b0cc53f Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Wed, 13 Jun 2012 04:08:09 +0200 Subject: [PATCH 5/5] dom0: do not reply all udev events at system boot (#595) This can cause some rules to fail and eg remove dm-* devices. Replace it with what is really needed to hide mounted (and other ignored) devices from qubes-block-devices. --- dom0/init.d/qubes_core | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/dom0/init.d/qubes_core b/dom0/init.d/qubes_core index b491da6d..5d4ac77c 100755 --- a/dom0/init.d/qubes_core +++ b/dom0/init.d/qubes_core @@ -55,8 +55,12 @@ start() /usr/lib/qubes/block_cleaner_daemon.py > /var/log/qubes/block_cleaner.log 2>&1 & - # Reply block events to hide mounted devices from qubes-block list (at first udev run, only / is mounted) - udevadm trigger --subsystem-match=block --action=add + # Hide mounted devices from qubes-block list (at first udev run, only / is mounted) + for dev in `xenstore-list /local/domain/0/qubes-block-devices`; do + ( eval `udevadm info -q property -n $dev|sed -e 's/\([^=]*\)=\(.*\)/export \1="\2"/'`; + /usr/lib/qubes/block_add_change + ) + done touch /var/lock/subsys/qubes_core success