Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
412 Commits 1 Branch 0 Tags 20 MiB
04a6b01b1b
Commit Graph

412 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tomasz Sterna
04a6b01b1b Do not allow NEW connection to VM through ProxyVM. #136 2011-03-27 17:24:17 +02:00
Tomasz Sterna
dab24a2090 Propagate qubes_netvm_external_ip up in ProxyVM. #116 2011-03-26 11:33:04 +01:00
Tomasz Sterna
01b7d9aafc Create needed NetworkManager.conf in netvm. #94 
Also fixed qubes_fix_nm_conf.sh script.
 2011-03-26 11:33:04 +01:00
Tomasz Sterna
efcff5cc3a Added plymouth progress handling to qubes_setupdvm init script. 2011-03-26 11:33:04 +01:00
Tomasz Sterna
5efee35654 Fix ownership and rights when creating DVM during boot. 2011-03-26 11:33:04 +01:00
Tomasz Sterna
e2d9673713 Fixed qubes_setupdvm whitespace. 2011-03-26 11:33:04 +01:00
Rafal Wojtczuk
5c10812e36 qrexec_agent: When running as root, make the socket accessible 
... world-rw. Perms on /var/run/qubes still limit access to group qubes.
 2011-03-25 13:47:01 +01:00
Rafal Wojtczuk
57fd6c49bb Removed obsolete code, dom0 side 
Just like the previous commit, it is related to switch to
qrexec-based file copy.
 2011-03-24 17:18:10 +01:00
Rafal Wojtczuk
769213e019 Removed obsolete code, in appvm. 2011-03-24 17:13:21 +01:00
Rafal Wojtczuk
fcfc1c498d Change permissions on Dispvm template files only if we are root 
Otherwise, it makes no sense, and thus we do not unnecessarily
warn.
 2011-03-24 16:57:43 +01:00
Rafal Wojtczuk
4401c5a2cb Limit Dispvm to 1 vcpu 
Because a restored domain with multiple cpus, ehrrm, hardly works,
at least with current Xen+kernel combination.
 2011-03-24 16:53:40 +01:00
Rafal Wojtczuk
68ebe12cb1 dvm_file_editor: correctly nuke children's stdin/out/err 2011-03-24 14:33:43 +01:00
Rafal Wojtczuk
2d37b3e508 Create a separate package with libraries. 2011-03-24 11:39:44 +01:00
Rafal Wojtczuk
fac1b78ec0 One more build order fix. 2011-03-24 10:03:39 +01:00
Rafal Wojtczuk
01b75b5987 Enable build on non-appvm. 2011-03-23 17:47:35 +01:00
Rafal Wojtczuk
25f49bca18 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core into spring-merge 2011-03-23 16:47:05 +01:00
Rafal Wojtczuk
f9b9b1ade6 qvm-create-default-dvm: fix permissions after creating savefile 
So, savefile.img and netvm_id.txt are correctly owned as well.
 2011-03-23 13:40:28 +01:00
Rafal Wojtczuk
a1f8cd9071 When creating disposablevm object, pass non-None dirpath 
QubesVm constructor does not like it.
 2011-03-23 13:26:39 +01:00
Rafal Wojtczuk
0b208e8664 Move libs and /var/run/qubes out of qubes-netvm 
They are already in core-appvm package.
 2011-03-23 11:48:06 +01:00
Rafal Wojtczuk
5350e5cc5b move qrexec_agent out of core-netvm.spec 
It is already in core-appvm.
 2011-03-23 11:46:53 +01:00
Rafal Wojtczuk
dd9f1a6f7f Move execution of qrexec_agent to qubes_core 
Previously it was in both qubes_core_appvm and qubes_core_netvm;
somehow counterintuitively, qubes_core_netvm executes on appvm, too. So
move it to a common place.
 2011-03-23 11:34:01 +01:00
Marek Marczykowski
46190b9d82 Copy kernel for standalone VM 2011-03-23 09:59:59 +01:00
Rafal Wojtczuk
a814b522b9 Fix permissions on the dvm template directory. 
Needed in case default_template-dvm VM was created in init
scripts, and files are not writeble by group qubes.
 2011-03-23 09:36:30 +01:00
Rafal Wojtczuk
4e78284e4f block.qubes: pass arguments correctly to other scripts 2011-03-23 09:31:44 +01:00
Rafal Wojtczuk
105486135b Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/smoku/core into spring-merge 2011-03-23 09:23:38 +01:00
Tomasz Sterna
481e9871c4 Implemented implicit rule to allow ICMP traffic in firewall 2011-03-21 22:06:53 +01:00
Rafal Wojtczuk
488eda21d9 Merge branch 'blockless' into spring-merge 
Conflicts:
	appvm/Makefile
	appvm/qubes_core
	netvm/qubes_core
	rpm_spec/core-appvm.spec
	rpm_spec/core-netvm.spec
 2011-03-21 13:54:35 +01:00
Marek Marczykowski
a5a43cdbc7 Fix missing arg to reset_volatile_storage (#118) 
And do not call it twice...
 2011-03-19 17:05:53 -04:00
Marek Marczykowski
bc383b692d Use clean-volatile.img.tar instead of unpacked one (#118) 
"tar x" is much faster than cp on sparse file
 2011-03-19 17:05:00 -04:00
Marek Marczykowski
a6ee9d66f5 qvm-backup-{,restore} - support for standalone VMs 
Backup root.img instead of (non-existing) root-cow.img
 2011-03-18 22:24:08 -04:00
Marek Marczykowski
c461835ea7 Dont allow to change disable 'updateable' flag of standalone VM 2011-03-18 22:19:03 -04:00
Marek Marczykowski
ee28ca10d4 Indent, blank lines 2011-03-18 22:18:31 -04:00
Marek Marczykowski
823bd1ce0f Use common image for swap and root-cow - volatile.img (#118) 
This reduces xvd* devices count, so speeds up VM start.
Also swap-cow is no longer needed, so remove this additional dm-snapshot layer.
 2011-03-18 22:15:32 -04:00
Marek Marczykowski
74d61e7f9a Autocommit template changes after template shutdown (#96) 2011-03-18 18:54:14 -04:00
Marek Marczykowski
55780b8c15 Indent fix 2011-03-18 18:24:55 -04:00
Tomasz Sterna
aa58bec1d9 Fixed default policy handling in firewall rules 2011-03-18 14:12:19 +01:00
Rafal Wojtczuk
7f6a06c354 qrexec: in write_stdin, remove dependency on write size 
Previous code could barf when write was partial; probably can happen
only if we increase vchan buffer size, but it is better isolated now.
 2011-03-18 11:16:05 +01:00
Rafal Wojtczuk
1d24ef9d1a qrexec: when forgetting about a client/process, flush buffered data 
We need to spawn a child to take care of buffered data flushing, if there
is any. Expensive, but should be needed rarely.
 2011-03-17 18:15:04 +01:00
Rafal Wojtczuk
53b517f6a5 qrexec: move set_nonblock function to write_stdin 
It will be needed there.
 2011-03-17 17:53:33 +01:00
Rafal Wojtczuk
fb71bf968c qrexec_agent: when receiving close from daemon, check buffered data 
We need to wait for buffer flush, so that buffered data is not lost,
and only then close pipe to the child.
 2011-03-17 17:37:35 +01:00
Rafal Wojtczuk
af7fefa73f qrexec: handle buffered writes correctly 
In case when we have a buffered write, always append to the
buffer, even if the pipe happens to be writable now. If not,
in case of certain tight race we might end up writing buffered data in
wrong order.
 2011-03-17 16:53:29 +01:00
Marek Marczykowski
33e7ee3623 Reduce duplicated code in qubes.xml load 
Parse common attrs in separate function.
Side effect: possibility to set custom TemplateVM label
 2011-03-16 20:40:15 -04:00
Marek Marczykowski
bef1ea4c92 Reduce duplicated code in create_xml_entries 2011-03-16 19:42:01 -04:00
Marek Marczykowski
4e68c4cde9 Standalone VM (#98) 
'updateable' property is now read-onlyr; updateable=True means that VM has own
root.img, not persistent root-cow.img.
 2011-03-16 18:45:02 -04:00
Marek Marczykowski
ef6a3e576b Parse tags %MEM% and %VCPUS% in {app,net}vm-template.conf (#115) 2011-03-16 13:39:54 -04:00
Marek Marczykowski
379a5620c8 Fix netvm creation from template 
Missing netvms_conf_file parameter in template
 2011-03-16 13:38:16 -04:00
Rafal Wojtczuk
4087b1d052 Package qvm-copy-to-vm2*, too. 2011-03-16 16:47:32 +01:00
Marek Marczykowski
1892bef66f Require xen 3.4.3-6 with fixed /etc/xen/scripts/block 2011-03-16 11:32:51 -04:00
Marek Marczykowski
2b78538376 Merge git://git.qubes-os.org/joanna/core 2011-03-16 11:29:55 -04:00
Rafal Wojtczuk
e410ad52ba Bloody perror messes with errno; need to save errno. 2011-03-16 16:24:54 +01:00