Commit Graph

85 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
bda9264e19
Add qubes.GetDate proxy service
This enable two things:
1. Follow global clockvm setting, without adjusting qrexec policy.
2. Avoid starting clockvm by arbitrary VM.

Fixes QubesOS/qubes-issues#3588
2018-03-03 03:50:58 +01:00
Marek Marczykowski-Górecki
5840dd76f9
Add default policy for qubes.StartApp service
Fixes QubesOS/qubes-issues#3044
2018-02-28 04:41:45 +01:00
Marek Marczykowski-Górecki
be7b278032
doc: link qvm-device man page for qvm-block, qvm-pci, qvm-usb
Those three are special cases of qvm-device tool, so lets use its
documentation too.
2018-01-11 03:44:53 +01:00
Marek Marczykowski-Górecki
bf59b00f1d
features: add check_with_netvm, similar to check_with_template
Allow using default feature value from netvm, not template. This makes
sense for network-related features like using tor, supporting ipv6 etc.

Similarly to check_with_template, expose it also on Admin API.
2017-12-07 01:40:30 +01:00
Wojtek Porczyk
61c164e1c3 qubes-rpc: policy.RegisterArgument
This qrexec is meant for services, which require some kind of
"registering" before use. After registering, the backend should invoke
this call with frontend as the intended destination, with the actual
service in argument of this call and the argument as the payload.

By default this qrexec is disabled by policy.

Signed-off-by: Wojtek Porczyk <woju@invisiblethingslab.com>
2017-11-30 00:26:21 +01:00
Marek Marczykowski-Górecki
c3afdde3ef
api/admin: add API for changing revisions_to_keep dynamically
This one pool/volume property makes sense to change dynamically. There
may be more such properties, but lets be on the safe side and take
whitelist approach - allow only selected (just one for now), instead of
blacklisting any harmful ones.

QubesOS/qubes-issues#3256
2017-11-07 02:57:59 +01:00
Marek Marczykowski-Górecki
4809c16e08
admin-api: add admin.*.property.GetDefault
Fixes QubesOS/qubes-issues#3197
2017-10-21 04:05:15 +02:00
Marek Marczykowski-Górecki
cea70748a6
api/admin: implement admin.vm.device....Set.persistent
This will allow converting persistent device (used to boot VM for
example) to non-persistent.

QubesOS/qubes-issues#3055
2017-09-05 01:33:47 +02:00
Marek Marczykowski-Górecki
a32bb4ecb2
Install qubes-hcl-report and qubes-bug-report
Fixes QubesOS/qubes-issues#3023
2017-08-14 02:26:34 +02:00
Marek Marczykowski-Górecki
5d0a2fe463
Add default policy for qubes.VMRootShell service 2017-08-06 20:54:11 +02:00
Marek Marczykowski-Górecki
971c7d4ac9
api/admin: add admin.vm.CreateDisposable in place of internal.vm.Create.DispVM
Add public Admin API call to create Disposable VM that would be
automatically destroyed after shutdown. Do not keep this functionality
for qrexec-policy tool only.
Also, use admin.vm.Start there, instead of internal.vm.Start and
admin.vm.Kill instead of internal.vm.CleanupDispVM (this is enough,
because DispVM now have auto_cleanup property).

QubesOS/qubes-issues#2974
2017-08-06 20:54:10 +02:00
Marek Marczykowski-Górecki
c8c32d4956
Merge branch 'stats'
* stats:
  tests: admin.vm.Stats
  api: fix handling interrupted calls
  api/admin: implement admin.vm.Stats
  app: refresh getting VM statistics, rename to QubesHost.get_vm_stats
  api: use str(subject) instead of explicit subject.name
2017-07-29 05:05:32 +02:00
Marek Marczykowski-Górecki
147bca1648
api/admin: implement admin.vm.Stats
QubesOS/qubes-issues#853
2017-07-28 03:02:32 +02:00
Marek Marczykowski-Górecki
6dbce8259f
api/admin: plug backup into Admin API
Fixes QubesOS/qubes-issues#2931
2017-07-20 12:19:01 +02:00
Marta Marczykowska-Górecka
6da06d424e
clock synchronization rewrite
clock synchronization mechanism rewritten to use systemd-timesync instead of NtpDate; at the moment, requires:
- modifying /etc/qubes-rpc/policy/qubes.GetDate to redirect GetDate to designated clockvm
- enabling clocksync service in clockvm ( qvm-features clockvm-name service/clocksync true )

Works as specified in issue listed below, except for:
- each VM synces with clockvm after boot and every 6h
- clockvm synces time with the Internet using systemd-timesync
- dom0 synces itself with clockvm every 1h (using cron)

fixes QubesOS/qubes-issues#1230
2017-07-06 23:37:26 +02:00
Marek Marczykowski-Górecki
6db39345fb
Merge remote-tracking branch 'origin/core3-quick-fixes-20170703' 2017-07-04 16:11:18 +02:00
Marek Marczykowski-Górecki
51022cada5
Merge remote-tracking branch 'origin/policy-adminvm' 2017-07-04 15:51:30 +02:00
Marek Marczykowski-Górecki
3d803acfde
Generate policy for Admin API calls based on annotations on actual methods
This ease Admin API administration, and also adds checking if qrexec
policy + scripts matches actual Admin API methods implementation.
The idea is to classify every Admin API method as either local
read-only, local read-write, global read-only or global read-write.
Where local/global means affecting a single VM, or the whole system.

See QubesOS/qubes-issues#2871 for details.

Fixes QubesOS/qubes-issues#2871
2017-07-04 04:27:34 +02:00
Marek Marczykowski-Górecki
77e84b9ce4
Add qvm-block symlink 2017-07-04 04:09:27 +02:00
Marek Marczykowski-Górecki
3dcd29afea
api/admin: remove admin.vm.Clone operation
The same can be achieved with Create+volume.Clone

QubesOS/qubes-issues#2622
2017-06-26 13:10:00 +02:00
Marek Marczykowski-Górecki
28737d16ce
Migrate qubes.NotifyTools, qubes.FeaturesRequest, qubes.NotifyUpdates
Make them call into qubesd. Create separate socket for "misc" calls - VM
accessible, but not part of Admin API.
2017-06-06 03:33:30 +02:00
Marek Marczykowski-Górecki
2c01504a50
Add default policy for qubes.UpdatesProxy service
QubesOS/qubes-issues#1854
2017-05-26 15:08:19 +02:00
Marek Marczykowski-Górecki
3cacf290bb
admin: implement admin.vm.volume.Import
Implement this in two parts:
1. Permissions checks, getting a path from appropriate storage pool
2. Actual data import

The first part is done by qubesd in a standard way, but then, instead of
accepting all the data (which may be several GB), return a path to which
a shell script (in practice: `dd` command) will write the data.
Then the script call back to qubesd again to report success/failure and
qubesd response from that call is actually returned to the user.

This way we do not pass all the data through qubesd, but still can
control the process from there in a meaningful way. Note that the last
part (second call to qubesd) may perform all kind of verification (like
a signature check on the data, or so) and can also prevent VM from
starting (hooking also domain-pre-start event) from not verified image.

QubesOS/qubes-issues#2622
2017-05-26 15:08:14 +02:00
Marek Marczykowski-Górecki
f42cd28901
admin-api: create and install actual Admin API RPC endpoints
Install files in /etc/qubes-rpc for all methods defined in API
documentation, even if not yet implemented (qubesd will handle it
raising appropriate exception).
Use minimal program written in C (qubesd-query-fast), instead of
qubesd-query in python for performance reasons:
 - a single qubesd-query run: ~300ms
 - equivalent in shell (echo | nc -U): ~40ms
 - qubesd-query-fast: ~20ms

Many tools makes multiple API calls, so performance here do matter. For
example qvm-ls (from VM) currently takes about 60s on a system with 24
VMs.

Also make use of `$include:` directive in policy file, to make it easier
defining a VM with full Admin API access.

QubesOS/qubes-issues#853
2017-05-23 03:24:15 +02:00
Marek Marczykowski-Górecki
8992e71f85
Remove core2 code
This all either have been migrated to core3, or is not needed anymore.

There is still qvm-tools directory with a few tools that needs to be
migrated, or installed as is.
2017-05-12 18:36:29 +02:00
Wojtek Porczyk
9f7ba53eec fix Makefile, setup.py, spec and travis
QubesOS/qubes-issues#2074
2017-01-20 18:31:09 +01:00
Marek Marczykowski-Górecki
4d327fbc95
qubes/tools: allow calling qvm-device as qvm-devclass (like qvm-pci)
Tool can be symlinked to `qvm-class` for particular device class (for
example `qvm-pci`) - then device class can be omitted.

QubesOS/qubes-issues#2257
2016-09-03 20:41:05 +02:00
Wojtek Porczyk
6a10daf7be Merge branch 'master' into core3-devel
Remains to be fixed:
  88cb62fc
  d2640b51
  958c2926
2016-06-13 19:03:46 +02:00
Wojtek Porczyk
e757444c35 qubes/tools/qvm-features: add tool for managing qvm-features
QubesOS/qubes-issues#1637
2016-05-19 03:02:24 +02:00
Marek Marczykowski-Górecki
405fd40aaa
Add policy for qubes.OpenURL service
For now the same as for qubes.OpenInVM.

Fixes QubesOS/qubes-issues#1487
2016-05-18 02:03:48 +02:00
Bahtiar `kalkin-` Gadimov
36470310a2 Replace pool config parsing logic
- Move add_pool/remove_pool to Qubes class
- Add Qubes.get_pool
- Remove storage.conf
2016-04-25 07:16:37 +02:00
Marek Marczykowski-Górecki
8c6fe7ed90
Merge remote-tracking branch 'origin/master' into core3-devel-mm 2016-04-11 13:03:12 +02:00
Wojtek Porczyk
5eaf03c4a2 HVM part 1 2016-03-21 11:44:46 +01:00
Patrick Schleizer
2a46ebb205
fixed wrong target filename 2016-03-14 22:47:46 +01:00
Patrick Schleizer
e33b958bdd
implemented dom0 qubes.GetRandomizedTime
Required for fixing 'sys-whonix doesn't connect to Tor after system suspend'.

https://github.com/QubesOS/qubes-issues/issues/1764
2016-03-13 01:15:46 +00:00
Wojtek Porczyk
9eafa57539 Merge remote-tracking branch 'marmarek/master' into core3-devel
The following list is bollocks. There were many, many more.

Conflicts:
    core-modules/003QubesTemplateVm.py
    core-modules/005QubesNetVm.py
    core/qubes.py
    core/storage/__init__.py
    core/storage/xen.py
    doc/qvm-tools/qvm-pci.rst
    doc/qvm-tools/qvm-prefs.rst
    qubes/tools/qmemmand.py
    qvm-tools/qvm-create
    qvm-tools/qvm-prefs
    qvm-tools/qvm-start
    tests/__init__.py
    vm-config/xen-vm-template-hvm.xml

This commit took 2 days (26-27.01.2016) and put our friendship to test.
    --Wojtek and Marek
2016-03-03 01:13:51 +01:00
Wojtek Porczyk
c538d536c8 core3: move qmemman
This is part of fixing qvm-start.

qmemman was moved with minimal touching, mainly module names.

Moved function parsing human-readable sizes from core2. This function is
wrong, because it treats k/M/G as 1024-based, but leave it for now.
2015-10-05 12:46:14 +02:00
Wojtek Porczyk
6f4951d08a install python package with setuptools 2015-10-05 12:46:14 +02:00
Wojtek Porczyk
5f92afc013 rpm: install RelaxNG specfiles 2015-06-29 17:39:26 +02:00
Wojtek Porczyk
7e12d0485d add core3 to Makefiles and spec 2015-06-29 17:39:26 +02:00
Marek Marczykowski-Górecki
64755b2d98 dispvm: do not treat DispVMs as Xen-specific
Theoretically it should work (with some minor modifications) on any
hypervisor.
2015-03-30 05:30:52 +02:00
Marek Marczykowski-Górecki
4bd14f5011 windows: installer 2014-11-19 12:50:30 +01:00
Marek Marczykowski-Górecki
ec37a4e681 Rename vm-configs directory to be more generic 2014-11-19 12:50:27 +01:00
Marek Marczykowski-Górecki
675a164e7d makefile/windows: use c:\qubes as default data dir 2014-11-19 12:50:26 +01:00
Marek Marczykowski-Górecki
aad945e01b makefile: install only relevant stuff according to OS/VMM 2014-11-19 12:50:25 +01:00
Marek Marczykowski-Górecki
72e415a807 move qubes-notify-* to libexec 2014-11-19 12:50:25 +01:00
Marek Marczykowski-Górecki
0009805041 rpm+makefile: move build/install code to Makefile files
This makes build "scripts" not tied to Fedora-specific files. Especially
ease porting to other platforms.
2014-11-19 12:50:24 +01:00
Marek Marczykowski
340b62d4d4 Update make clean target 2013-03-20 16:40:01 +01:00
Marek Marczykowski
b72fdb35ee Remove support for old builder API 2013-03-19 19:02:15 +01:00
Marek Marczykowski
9db68897c7 Remove other Linux-specific stuff
Move remaining files to linux/ subdirectory.
2013-03-16 19:54:22 +01:00