Commit Graph

759 Commits

Author SHA1 Message Date
Marek Marczykowski
6219c1b7ed dom0/qvm-shutdown: catch QubesException 2011-10-17 23:13:21 +02:00
Marek Marczykowski
3063ef35b7 dom0: move NetVM shutdown sanity check code to qvm-core 2011-10-17 22:45:04 +02:00
Marek Marczykowski
097c5331d6 dom0: remove obsolete xenfreepages 2011-10-14 12:29:03 +02:00
Marek Marczykowski
9b3b72cc74 dom0: introduce qvm-shutdown 2011-10-14 12:01:09 +02:00
Marek Marczykowski
abcd6416fc dom0: move shutdown to qvm-core 2011-10-14 11:59:33 +02:00
Marek Marczykowski
ede96353af dom0/qrexec: Add always allow option in qrexec confirmation dialog (#278) 2011-10-12 00:08:28 +02:00
Marek Marczykowski
810a59b6ce dom0/qvm-backup-restore: Allow to exclude some VMs while restoring backup (#296) 2011-10-11 01:52:11 +02:00
Marek Marczykowski
65bc4f6e95 dom0/qvm-backup/restore: backup and restore also dom0 home dir (#362)
To keep desktop environment settings (like theme, wallpaper, screensaver etc).
2011-10-11 01:48:47 +02:00
Marek Marczykowski
20522d04ec dom0: typo fix in comment 2011-10-11 01:41:53 +02:00
Marek Marczykowski
bc47334d21 dom0: fix cleanup_vif 2011-10-10 17:11:00 +02:00
Marek Marczykowski
7cf4abb04e dom0/dom0-updates: typo fix 2011-10-10 15:34:24 +02:00
Marek Marczykowski
e1ccda362c dom0/qvm-core: release lock in VM.start() right before starting qrexec (#344) 2011-10-10 11:23:14 +02:00
Marek Marczykowski
57aec48050 dom0/qmemman: alloc at least 100MB for domain
If domain has less than 100MB it will cause OOM very soon - this isn't enough
for non-swappable data...
2011-10-10 11:23:13 +02:00
Marek Marczykowski
ed23b0d6a2 dom0/qvm-tools: output diagnostics to stderr instead of stdout (#276) 2011-10-10 11:23:04 +02:00
Marek Marczykowski
05605f1394 dom0/qvm-core: ignore template_vm=None when loading qubes.xml
This should result in more elegant error message in case of error in qubes.xml.
2011-10-07 21:46:27 +02:00
Marek Marczykowski
98827c7020 dom0/qvm-core: output messages to stderr (#276) 2011-10-07 21:40:29 +02:00
Marek Marczykowski
3876cf4070 dom0/dom0-updates: check for dom0 updates from cron (#354) 2011-10-07 21:28:16 +02:00
Marek Marczykowski
b3a125076b dom0/dom0-updates: add --gui and --check-only options (#354)
Will be needed for automatically checking for updates
2011-10-07 21:25:38 +02:00
Marek Marczykowski
684578ba16 dom0/pm-utils: after suspend start qubes_core_netvm instead of NetworkManager directly
Actually this is run for every VM with PCI device, so it can be AppVM, not
NetVM. qubes_core_netvm will check if it is NetVM before starting
NetworkManager.
2011-10-07 21:11:08 +02:00
Marek Marczykowski
218dd2c50c dom0/pm-utils: remove both uhci and ehci NetVM modules before sleep 2011-10-07 21:07:25 +02:00
Marek Marczykowski
d576b9855c dom0/qvm-create: do not add PCI devs to new NetVM (#282)
This makes sense only in firstboot - so move it there.
2011-10-03 23:01:55 +02:00
Marek Marczykowski
053944470c dom0: improve vif cleanup
Just remove dead devices from xenstore, there is no point in waiting for its
shutdown (which 'xl' does) as backend domain is dead.
2011-10-03 22:54:45 +02:00
Marek Marczykowski
600877b830 dom0: use default values for values not present in qubes.xml
Do not set them to None. This should improve compatibility with older versions of qubes.xml
2011-10-01 10:33:25 +02:00
Marek Marczykowski
56f3d7ba75 dom0+vm/qvm-block: convert device size to bytes 2011-10-01 10:33:18 +02:00
Marek Marczykowski
f0038d2ec7 dom0: typo fix in default_fw_netvm saving 2011-10-01 02:55:22 +02:00
Marek Marczykowski
3c7f8b97cd dom0: return datatime value in get_start_time (#315) 2011-10-01 02:54:18 +02:00
Marek Marczykowski
7ae0c52e6d dom0: introduce ClockVM - timesource for dom0 (#361) 2011-10-01 02:54:00 +02:00
Marek Marczykowski
287da572e9 dom0+vm: introduce 'qubes-service' xenstore dir - enable/disable VM services from dom0
This allows control which services are started in VM by dom0. For some
situation vm_type was used, but it isn't enough - i.e. ntpd should be started
in one, selected NetVM.
2011-10-01 02:49:25 +02:00
Marek Marczykowski
d456ec4575 dom0/qmemman: call do_balance after each domain list change notification (#246)
For unknown reason watch '@releaseDomain' is called twice: first when domain
disappeared from xenstore, second when resources (including memory) are freed.
So call do_balance after each of this event to redistribute freed memory.
2011-09-30 15:23:57 +02:00
Marek Marczykowski
aa08f555c3 dom0+vm: minor fixes in qvm-block scripts 2011-09-30 11:20:03 +02:00
Marek Marczykowski
5fc5301cee Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core 2011-09-30 10:46:04 +02:00
Marek Marczykowski
e3993ca5f9 dom0: qvm-block tool, new qubesutils python module (#226) 2011-09-29 13:56:22 +02:00
Marek Marczykowski
64be313847 dom0: change Domain-0 name to "dom0" to match qubes tools 2011-09-29 13:56:22 +02:00
Marek Marczykowski
6b885bd361 dom0+vm: expose block devices info in xenstore (#226) 2011-09-29 13:56:06 +02:00
Joanna Rutkowska
59f71f634a dom0: Fix xenstore permissions qubes_netvm_external_ip
We should ensure that the first expression in the permisions list
is nX, where X is the owning domain, and not rX or wX, as otherwise
we would be granting all other VMs read access to the key.

This is explained in more detail here:

http://wiki.xensource.com/xenwiki/XenBus

In practice the perms problem applied only to the qubes_netvm_external_ip key
that is exposed by each NetVM to corresponding Proxy VMs. Before this fix,
the key was readable by any VM in the system, which might not be desired in some
more advanced networking setups, such as with Tor Proxy VM.
2011-09-26 17:24:11 +02:00
Rafal Wojtczuk
2950ee7170 Make qubes-receive-updates more defensive (#356) 2011-09-16 17:05:41 +02:00
Marek Marczykowski
5f702e9a8a dom0/clock-sync: fix test type (socket vs file) 2011-09-15 14:54:35 +02:00
Marek Marczykowski
9f14be6eed dom0: sync dom0 clock more frequent; start it from init.d script 2011-09-15 14:43:02 +02:00
Marek Marczykowski
633b21bb26 dom0: do not sync rpmdb with UpdateVM after each pkg installation
This doesn't make sense sice at every qvm-dom0-update we begin with sync rpmdb.
Also this allow embedding sync_rpmdb_updatevm.sh into qvm-dom0-update.
2011-09-15 13:37:34 +02:00
Marek Marczykowski
e4e661ac51 dom0: reduce watching tool to dom0 clock sync only
Do not watch for updates for now, it will be implemented later.
2011-09-15 13:32:06 +02:00
Marek Marczykowski
59ab2a0e91 dom0/watch-updates: get rid for pkgcount from dom0 update notify
This is useless information...
2011-09-15 01:09:11 +02:00
Marek Marczykowski
c6b3a13b49 dom0/watch-updates: typo fix (dom0 notify condition) 2011-09-15 01:08:02 +02:00
Marek Marczykowski
855664e6e5 dom0+vm: use qubes_download_dom0_updates.sh instead of qubes_check_for_updates.sh
Remove code duplication. Implemented required --check-only option to
qubes_download_dom0_updates.sh.
2011-09-15 00:18:56 +02:00
Marek Marczykowski
3dd6d654ea dom0/qvm-dom0-update: Check if running as root at the beginning 2011-09-14 16:44:43 +02:00
Marek Marczykowski
93832b29db Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core 2011-09-14 16:43:23 +02:00
Marek Marczykowski
558d1ee582 dom+vm: Copy dom0 yum.conf to UpdateVM
At least to use dom0 'exclude' options, not VM one. Especially to not exlude
kernel and xorg updates...
2011-09-14 00:47:13 +02:00
Joanna Rutkowska
d5576ce77f Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2011-09-13 19:22:16 +02:00
Marek Marczykowski
0ce7336cad dom0: Distinguish 'Halting','Crashed' state from simple 'Halted' (#314) 2011-09-13 18:39:09 +02:00
Marek Marczykowski
dbf8c11ad6 dom0/qvm-backup-restore: Distinguish ProxyVM from NetVM (#345) 2011-09-13 15:50:14 +02:00
Marek Marczykowski
5d6ac01111 dom0/qvm-backup: Don't backup internal VMs (instead of *-dvm) (#352) 2011-09-13 11:30:04 +02:00
Joanna Rutkowska
099e8a47a9 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core
Conflicts:
	dom0/qvm-tools/qvm-backup-restore
2011-09-13 10:33:42 +02:00
Marek Marczykowski
813b626d27 dom0/qvm-backup: include icon only for AppVM (#345) 2011-09-12 16:40:17 +02:00
Marek Marczykowski
ade25b8c8d dom0/qvm-backup: exclude dom0 from backup 2011-09-12 16:38:33 +02:00
Marek Marczykowski
029e3fc098 dom0/qvm-dom0-update: Filter yum options in dom0
Eg. don't pass --enablerepo to yum install.
2011-09-12 16:35:44 +02:00
Marek Marczykowski
fde8bc35fa dom0/qvm-backup: Support for NetVMs backup (#345) 2011-09-12 15:25:31 +02:00
Marek Marczykowski
2107191ca9 dom0/qvm-dom0-update: do not use GUI when called from cmdline 2011-09-12 15:05:26 +02:00
Marek Marczykowski
2bbdb93594 dom0/qvm-dom0-update: replace gpk-update-viewer with yum update (#347) 2011-09-12 15:04:27 +02:00
Marek Marczykowski
9395ea239c dom0: qvm-dom0-update --help (#349) 2011-09-12 14:57:38 +02:00
Marek Marczykowski
972ab21d5f dom0: rename qvm-dom0-upgrade tool (#350) 2011-09-12 14:37:52 +02:00
Joanna Rutkowska
0863244561 dom0: qvm-backup-restore: also restore appmenus for template VMs 2011-09-12 14:28:44 +02:00
Joanna Rutkowska
f2770e2d03 dom0: Fix create_xenstore_entries in other classes to not require xid argument 2011-09-09 18:49:15 +02:00
Marek Marczykowski
2319083631 dom0: use default kernel opts when custom opts isn't set
This can happen after rpm upgrade.
2011-09-09 14:24:17 +02:00
Joanna Rutkowska
583720c676 dom0: qvm-dom0-upgrade: actually check if running as root only when used 'manually' 2011-09-08 14:12:56 +02:00
Joanna Rutkowska
89d532ef11 dom0: qubes.py: do not use pci=nomsi as a default argument for passthrough VM kernels anymore 2011-09-08 14:09:03 +02:00
Joanna Rutkowska
b2a3515f4f dom0: qvm-dom0-upgrade: fail when run as non-root user 2011-09-08 13:55:33 +02:00
Marek Marczykowski
f9fcd3393e dom0: set static-max for dom0
To make 'xl mem-set 0 <size>' happy.
2011-09-08 01:19:59 +02:00
Marek Marczykowski
5e09af2b46 dom0: limit default swiotlb size for NetVM (#342) 2011-09-08 01:19:25 +02:00
Marek Marczykowski
6b4cf305d8 dom0/qvm-backup: include custom kernel of StandaloneVM 2011-09-06 01:52:48 +02:00
Marek Marczykowski
320847de91 dom0: correctly remove appmenus for ServiceVM (if any) 2011-09-06 01:17:09 +02:00
Marek Marczykowski
77ec31d164 dom0: appmenus templates handling for StandaloneVM (#317)
StandaloneVM also needs apps.templates dir in order to qubes-appmenu-select
works. Also can be helpful for backup/restore.
2011-09-06 01:15:35 +02:00
Marek Marczykowski
c1f0296e66 dom0: automatically determine domain xid in create_xenstore_entries 2011-09-06 01:14:49 +02:00
Marek Marczykowski
2d97c3399e dom0/qvm-dom0-upgrade: Run yum after downloading new packages
yum will ask for confirmation.
2011-09-03 16:43:22 +02:00
Marek Marczykowski
f85fcc06aa dom0: replace obsolete swiotlb=force with iommu=soft 2011-09-03 16:15:02 +02:00
Marek Marczykowski
5cb6cd2aa7 dom0: fix uses_default_kernelopts typo 2011-09-03 16:14:51 +02:00
Marek Marczykowski
07dc5d1430 dom0: detach vif at qvm-dom0-network-via-netvm down 2011-09-03 16:14:12 +02:00
Marek Marczykowski
2b26350cb2 dom0/qvm-prefs: remove message duplication 2011-09-03 16:13:35 +02:00
Marek Marczykowski
58985193e7 dom0: move network-attach logic to qubes.py
Main reason is to remove code duplication.
Also fixes #260 and workaround (by sleep...) some race at NetVM restart
(fronted driver does not noticed vif-detach+vif-attach).
2011-09-03 16:13:14 +02:00
Marek Marczykowski
5fe147729d dom0: copy only selected files for StandaloneVM kernel
Especially ignore modules dir - already included in modules.img
2011-09-03 16:04:25 +02:00
Marek Marczykowski
7f24727b2b dom0: fix waiting for vif detach 2011-09-03 16:01:22 +02:00
Marek Marczykowski
73fc87efa2 dom0: replace obsolete xencons=hvc with console=hvc0 2011-09-03 16:00:21 +02:00
Joanna Rutkowska
16a46f9a9c Use proper dracut module and conf files...
... instead of the ugly and incompatible /usr/share/qubes/regenerate_initramfs.sh script
2011-09-02 16:55:39 +02:00
Marek Marczykowski
11da1633d3 dom0: Copy default template kernel to StandaloneVM dir (#333)
Just prepare kernel for qvm-set -s <vmname> kernel none
2011-09-01 15:01:37 +02:00
Marek Marczykowski
ac917ef1d8 dom0: Set modules.img device R/W for StandaloneVM (#333) 2011-09-01 14:56:23 +02:00
Marek Marczykowski
577dd2b076 dom0: when cleaning up network devices, wait for actual device destroy
Otherwise subsequent network-attach will not be noticed by frontend driver.
2011-09-01 00:01:53 +02:00
Marek Marczykowski
951b2b0b69 dom0: fix clock problems which caused VM hangs during boot (~#253)
The source of problem was clockevent_program_event returns -ETIME:
------------ kernel/time/clockevents.c:
/**
 * clockevents_program_event - Reprogram the clock event device.
 * @expires:    absolute expiry time (monotonic clock)
 *
 * Returns 0 on success, -ETIME when the event is in the past.
 */
int clockevents_program_event(struct clock_event_device *dev, ktime_t
expires,
                  ktime_t now)
-------------

xen_vcpuop_set_next_event schedules event by getting current time
(xen_clocksource_read()) (*1) adding delta (expires-now) and programming
event with VCPUOP_set_singleshot_timer hypercall. Then xen gets current
time (*2) and in some rare cases this time is after expected timer
expiration... Even after VCPUOP_set_singleshot_timer hypercal,
xen_clocksource_read() reports time slightly in the past comparing to
xen time (reported by NOW() macro).

I think this is because "current" time is calculated different way in *1
and *2. The *1 way is controlled by tsc_mode, which is described here:
http://lxr.xensource.com/lxr/source/docs/misc/tscmode.txt. Default
tsc_mode=0 is "smart" and I think because of that can be slightly before
NOW() time. tsc_mode=2 is almost the same as NOW() macro works.

After all tsc_mode=2 was default in xen-3.4.
2011-08-31 22:08:24 +02:00
Marek Marczykowski
be5e5a98a1 dom0: use full patch for network script
xl (apart from xm) doesn't prefix script with dir.
2011-08-31 22:01:08 +02:00
Marek Marczykowski
f5f69c904e dom0/qvm-run: Add -p as alias for --pass_io 2011-08-31 21:01:24 +02:00
Marek Marczykowski
3cf1af0321 dom0: implement custom kernelopts (#323) 2011-08-31 20:39:26 +02:00
Marek Marczykowski
691545c492 dom0/qvm-prefs: support for vcpus count 2011-08-31 19:41:36 +02:00
Marek Marczykowski
fbce32ae1f dom0/qvm-prefs: info when kernel setting is from template 2011-08-31 18:32:37 +02:00
Joanna Rutkowska
ccda3d6642 dom0: make qvm-sync-dom0-clock executable 2011-08-02 14:24:43 +02:00
Joanna Rutkowska
9c58c97571 dom0: qubes-watch-updates & qvm-dom0-upgrade: use qvm-sync-dom0-clock 2011-08-02 14:14:50 +02:00
Joanna Rutkowska
49bfe8921c dom0: qvm-sync-dom0-clock 2011-08-02 14:12:03 +02:00
Joanna Rutkowska
708263bec4 Revert "Dom0: use kpackagekit for updates GUI"
This reverts commit 94c0f6c9d3.

Kpackagekit is not so nice-behaving as gpk-update-viewer is,
e.g. it complains there are is no network connectivity, and, perhaps
as a result, doesn't display the list of avilable updates.
2011-08-02 13:01:42 +02:00
Joanna Rutkowska
94c0f6c9d3 Dom0: use kpackagekit for updates GUI 2011-08-01 16:07:53 +02:00
Joanna Rutkowska
7309cc2f04 Merge branch 'prebeta2' of git.qubes-os.org:/var/lib/qubes/git/rafal/core 2011-08-01 15:41:56 +02:00
Rafal Wojtczuk
d2301ab125 qvm-prefs: allow on the fly netvm switch (#302)
When changing netvm of a running vm, detach/attach eth0.
Some functionality of qubes_core_netvm thus is duplicated in setup_ip.
REQUIRES http://git.qubes-os.org/?p=rafal/xen.git;a=commit;h=42c72e6173586a807f8f153391e2e57352d362b1
2011-08-01 15:06:01 +02:00
Rafal Wojtczuk
f264b76a61 qvm-backup: handle standaloneVM properly
Do not attempt to copy apps.templates; copy apps/ instead.
2011-08-01 11:14:35 +02:00
Joanna Rutkowska
7a6ccae638 Dom0: set metadata_expiry=0 for qubes-dom0-cached repo
This way the list of dowloaded packages (via qvm-dom0-upgrade) will be immediately seen by yum.
2011-07-30 14:07:35 +02:00
Joanna Rutkowska
7a12cbd0e8 Dom0: restart ehci_hcd module on resume for all netvms (#299) 2011-07-30 11:20:11 +02:00
Joanna Rutkowska
71209b5b39 Merge branch 'prebeta2' of git.qubes-os.org:/var/lib/qubes/git/rafal/core 2011-07-30 11:01:23 +02:00
Rafal Wojtczuk
8ecd6134d9 firewall: call iptables-restore once per domain (#311)
qubes.py now places rules for each domain in a separate key under
/local/domain/fw_XID/qubes_iptables_domainrules/
plus the header in /local/domain/fw_XID/qubes_iptables_header.
/local/domain/fw_XID/qubes_iptables is now just a trigger.
So, if iptables-restore fails dues to e.g. error resolving a domain name
in a rules for a domain, then only this domain will not get connectivity,
others will work fine.
2011-07-29 16:50:12 +02:00
Rafal Wojtczuk
4ad919bf6d Correct usage of "date -s" when syncing clock in dom0
Apparently, "date -s" does not like the output of "date +%s.%N".
While at it, add basic date format sanitization.
2011-07-29 12:12:15 +02:00
Rafal Wojtczuk
6fc358bd20 dispvm: honour current choice of template for dispvm
... when auto-refreshing the dispvm savefile.
While at it, also copy dispvm-prerun.sh script in qvm-clone.
2011-07-26 17:09:59 +02:00
Rafal Wojtczuk
3df2e9783d dispvm: when updating savefile on demand, present zenity progress bar 2011-07-26 16:36:59 +02:00
Marek Marczykowski
002fad72c4 dom0+vm: Polishing qvm-dom0-upgrade (#287)
Do not print error message when no package downloaded. Also some more covenient
usage when dowloading new packages (implied --resolve --nogui).
2011-07-25 13:45:36 +02:00
Joanna Rutkowska
5e95380db9 dom0: qvm-prefs: allow to change template for a VM 2011-07-24 23:24:45 +02:00
Joanna Rutkowska
2b2cae61ee Merge branch 'prebeta2' of git.qubes-os.org:/var/lib/qubes/git/rafal/core 2011-07-24 17:20:33 +02:00
Rafal Wojtczuk
dc4d9b32f1 Add comments to policy files. 2011-07-22 16:11:03 +02:00
Rafal Wojtczuk
c23cc480b8 qrexec: use $anyvm and $dispvm symbols 2011-07-22 16:07:06 +02:00
Rafal Wojtczuk
7cfbe1c7d8 qubes.py: postpone qmmeman.close()
There are indications that when parent "xl" process exits, the domain is not
booted completely; and xl actions may interfere with qmemman memory balancing.
Thus, in VM.start(), we delay releasing of qmemman handle until qrexec_daemon
connects successfully.
2011-07-22 15:07:04 +02:00
Rafal Wojtczuk
9192a42b91 qmemman: when balooning, make sure that past mem-set will not steal memory 2011-07-22 13:40:21 +02:00
Rafal Wojtczuk
2fc5d190fd qmemman: calculate dom0 maxmem properly
In fact, set to ALL_PHYS_MEM (and the same for other domains that do not
have static-max key, although there should not be any). Previous method
of using maxmem_kb was broken, as qmemman sets maxmem_kb to the memory target
(which I do not like btw).
2011-07-22 11:33:11 +02:00
Marek Marczykowski
1b1073d1ff dom0: Force NetVM shutdown (#304)
Just allow to shut down netvm and firewallvm at the same time.
2011-07-21 01:01:31 +02:00
Marek Marczykowski
342261ff10 dom0: Do not clone config file with template
Not needed any more
2011-07-21 00:49:03 +02:00
Marek Marczykowski
1b093d5cc4 dom0/qvm-clone-template: *_xen_storage call once again... (#291) 2011-07-21 00:48:57 +02:00
Marek Marczykowski
6fc8d1b811 dom0/qvm-backup: ignore *-dvm VMs (#292) 2011-07-21 00:14:25 +02:00
Marek Marczykowski
fd4821a1ff dom0/qvm-backup: update list of backed up files (#294)
Config and kernel not needed any more, but added appmenus list.
2011-07-21 00:12:54 +02:00
Marek Marczykowski
1dc226aba1 dom0/qvm-backup-restore: remove --recreate-conf-files option (#295)
Now useless, as config files are regenerated at each VM start
2011-07-21 00:04:57 +02:00
Marek Marczykowski
c9ad2314ea dom0: variable names conflict (#290)
uuid is also name of (used here) python module...
2011-07-20 16:12:28 +02:00
Marek Marczykowski
f1153a5413 dom0: initialize vmtype in create_appmenus (#212) 2011-07-20 16:06:22 +02:00
Marek Marczykowski
c1f4fcc172 dom0: qvm-backup-restore change restore loop logic (#212) 2011-07-20 16:02:57 +02:00
Joanna Rutkowska
2c2b7111eb sony-vaio-fixes v1.6.1
* display quirks no longer needed for 2.6.38 kernel
* i8042.nopnp no longer needed for 2.6.38 kernel
2011-07-17 14:15:14 +02:00
Joanna Rutkowska
4044c2da8b dom0: qvm-run: Disable verbose mode when using --pass_io
We should really fix all the qvm-rools to use stderr for diagnastic output instead...
2011-07-17 13:56:09 +02:00
Marek Marczykowski
99dfdd70c3 dom0: Hide some messages from 'xl' tool (#265) 2011-07-17 01:54:27 +02:00
Marek Marczykowski
700aff406f dom0: create link also for dvm.conf (#262) 2011-07-17 01:30:44 +02:00
Marek Marczykowski
e5a0fc4d05 dom0: force permissions on qubes-dom0-cache repo dirs 2011-07-17 01:30:44 +02:00
Marek Marczykowski
906741c361 dom0: do not use os.getlogin()
It doesn't work when VM started from init.d script
2011-07-17 01:30:44 +02:00
Marek Marczykowski
059ecb3224 dom0: run netvm+firewallvm daemons as group qubes
To give them access to X server.
2011-07-17 01:30:44 +02:00
Marek Marczykowski
79d593e191 dom0: Allow UID as parameter to qfile-dom0-unpacker 2011-07-17 01:28:14 +02:00
Marek Marczykowski
4f10835d83 dom0: create directory for rpm updates (#198) 2011-07-17 01:20:13 +02:00
Marek Marczykowski
7c5aa0d3ea dom0: Place DispVM savefile in shm only when exists (#262) 2011-07-17 01:20:13 +02:00
Marek Marczykowski
182e1ccf2b dom0: watch for updates from dom0 (#198)
Additionally synchronize clock every 6h. This is started by xdg-autostart (not
qvm-core) to have running Xorg - needed to prompt user for updates download.
2011-07-17 01:20:13 +02:00
Marek Marczykowski
02ae961bf0 dom0: hide warnings from tar (#265)
Unfortunately tar in Fedora 13 is to old to support --warning option, which
disables only particular kind of warnings..
2011-07-17 01:20:13 +02:00
Marek Marczykowski
4607428c38 dom0: validate downloaded packages names (#198) 2011-07-17 01:20:13 +02:00
Marek Marczykowski
49257d488b dom0+vm: download updates as normal user (#198) 2011-07-17 01:20:13 +02:00
Marek Marczykowski
977b058395 dom0: implement size/file-count limit of downloaded updates (#198)
Currently limit is 2GB and 2048 files, but can be adjusted by env variables
(UPDATES_MAX_BYTES, UPDATES_MAX_FILES).
2011-07-17 01:20:13 +02:00
Marek Marczykowski
60d14758d6 dom0: create xen-hotplug state dir 2011-07-17 01:20:06 +02:00
Marek Marczykowski
8121e80db0 dom0: script for initrd regeneration (#7) 2011-07-15 12:52:01 +02:00
Marek Marczykowski
a68faecc35 dom0: initialize default_kernel parameter 2011-07-15 12:24:27 +02:00
Marek Marczykowski
a5429c31fa dom0: provide explicit config path to xl save
The default behaviour is to take it from /var/lib/xen, where files are created
with mode 600, so unable to read it as normal user.
2011-07-14 02:11:51 +02:00
Marek Marczykowski
7bf51a71e7 dom0: Set correct qubes_vm_type for DispVM (#271) 2011-07-13 01:21:55 +02:00
Marek Marczykowski
8a933a76ec dom0: Fix appmenu-select desktop file name (#266) 2011-07-12 19:46:00 +02:00
Marek Marczykowski
9f67e5de9d dom0: Regenerate appmenus also for TemplateVM in create_appmenus() 2011-07-10 23:39:48 +02:00
Marek Marczykowski
0813f49186 dom0: Clone whitelisted-apps.list with template clone 2011-07-10 23:37:35 +02:00
Marek Marczykowski
817735fc92 dom0: Do not copy obsolete apps-template.templates dir on template clone 2011-07-10 23:36:50 +02:00
Marek Marczykowski
4bab5e8834 dom0: Use appmenu directory template directly from /usr/share/qubes
This allows to use common apps.templates for both AppVM and TemplateVM menu
items.
2011-07-10 23:33:21 +02:00
Marek Marczykowski
1d2680944c dom0: qvm-pci verify PCI device before adding 2011-07-09 23:48:55 +02:00
Marek Marczykowski
87ebdeefd4 dom0: use qrexec_client instead of qvm-run to not start guid
guid doesn't makes sense in /etc/init.d/qubes_netvm
2011-07-09 21:20:36 +02:00
Marek Marczykowski
f6609cb1c4 dom0: minor #252 fix 2011-07-09 20:43:57 +02:00
Marek Marczykowski
7f940cefde dom0: load pciback module (#252) 2011-07-09 20:43:27 +02:00
Marek Marczykowski
3543b0271e dom0: Fix QfileDaemonDvm error message 2011-07-09 17:56:40 +02:00
Marek Marczykowski
973d79e932 dom0: remove calls to not existing *_xen_storage methods in qvm-* 2011-07-09 17:56:06 +02:00
Marek Marczykowski
aa77d13170 dom0: reload firewall rules after DispVM start (#247) 2011-07-09 17:54:23 +02:00
Marek Marczykowski
7e234a4a8d dom0: store dispid in QubesDisposableVm object and generate proper IP (#247) 2011-07-09 17:52:47 +02:00
Marek Marczykowski
ff70ded003 dom0: fix typo in qfile-daemon-dvm 2011-07-09 16:52:55 +02:00
Marek Marczykowski
371fdf5884 Merge branch 'qrexec2' of git://git.qubes-os.org/rafal/core 2011-07-09 16:52:54 +02:00
Marek Marczykowski
202fb0c676 dom0: fix syntax 2011-07-09 00:36:00 +02:00
Marek Marczykowski
3e6bd65b73 Revert "[REMOVEME] Dom0: Add UGLY sleeps hoping they will temporarily prevent the race condition"
This reverts commit 3bd1c700f6.

Conflicts:

	dom0/qvm-core/qubes.py
2011-07-08 21:38:24 +02:00
Marek Marczykowski
3b3929b6a2 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core
Conflicts:
	dom0/qvm-core/qubes.py
2011-07-08 21:37:43 +02:00
Marek Marczykowski
bfe28d5ee6 dom0: Wrap hotplug scripts with flock (#253)
Apparently locking mechanism in xen hotplug scripts isn't working. This is
workaround before it will be fixed in xen...
2011-07-06 23:11:51 +02:00
Rafal Wojtczuk
c80ee3b231 qrexec: allow for more options in the policy files 2011-07-06 18:34:00 +02:00
Rafal Wojtczuk
6366db0ab6 qrexec: adjust updates fetching to the new qrexec api 2011-07-06 14:44:40 +02:00
Rafal Wojtczuk
d46150b8d3 qrexec: adjust appmenu syncing to the new qrexec api 2011-07-06 14:09:36 +02:00
Rafal Wojtczuk
2fdf9761c7 qrexec: adjust DispVM code to the new qrexec API
Note, we have qvm-open-in-vm totally for free.
2011-07-06 12:32:20 +02:00
Rafal Wojtczuk
b7e8c2708c qrexec: adjust intervm file copy code to the new qrexec API 2011-07-06 10:17:58 +02:00
Marek Marczykowski
0de378dafc dom0: automatically bind PCI devices to pciback at VM start (#252) 2011-07-05 22:10:45 +02:00
Marek Marczykowski
5f10e408e0 dom0: stores QubesVm.pcidevs as list (#252)
To easier manage pci devices attached to VM
2011-07-05 22:01:28 +02:00
Marek Marczykowski
82bc4bad0b dom0: always set appmenus_templates_dir for QubesVm
If possible - to reasonable value (vm dir for UpdateableVM or template - for
template-based VM).
2011-07-05 21:26:39 +02:00
Marek Marczykowski
b9e00b2189 dom0: Include default whitelisted-appmenus.list in template (#266) 2011-07-05 21:20:43 +02:00
Marek Marczykowski
d16b6f24f9 dom0: fix cmdline of DispVM guid (#248) 2011-07-02 22:44:49 +02:00
Joanna Rutkowska
3bd1c700f6 [REMOVEME] Dom0: Add UGLY sleeps hoping they will temporarily prevent the race condition 2011-07-02 22:15:43 +02:00
Joanna Rutkowska
fc31161361 Dom0: Fix calling syntax for qrexec_client for updatevm 2011-07-02 22:12:43 +02:00
Marek Marczykowski
4c69dbb7d9 dom0: remove support for netvm=dom0 from init.d/qubes_netvm 2011-07-02 19:22:29 +02:00
Marek Marczykowski
cd7024cad1 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core 2011-07-02 18:49:18 +02:00
Marek Marczykowski
35e18029c1 dom0: use default kernel for new VMs 2011-07-02 18:48:17 +02:00
Joanna Rutkowska
1ef800414a Dom0: qubes.py: honor the verbose flag when printing debuging messages 2011-07-02 13:35:59 +02:00
Joanna Rutkowska
8d926960f5 Dom0: Do not try to load non-existent xen-pciback module...
Load just the pciback, which is how it is named on our kernels, and do not scare the user with weired error messages.
2011-07-02 13:18:11 +02:00
Marek Marczykowski
a1ef7d01ea dom0: Disallow directly setting kernel version for template-based VM 2011-07-02 00:24:37 +02:00
Marek Marczykowski
f447a458f2 dom0+vm: Update VM kernel mechanism (#242)
Get kernel from global kernels dir (/var/lib/qubes/vm-kernels), not per-VM. Can
be configured by qvm-prefs (kernel parameter).
New tool: qvm-set-default-kernel

For backward compatibility kernel=None means kernel in VM dir (kernels subdir).
(possibly empty) modules.img should be created in it.
2011-06-30 01:07:47 +02:00
Marek Marczykowski
f3d908a23b dom0: qvm-sync-appmenus: limit size of retrieved data 2011-06-30 00:56:25 +02:00
Marek Marczykowski
aa18fd2175 dom0: do not require tty in sudo (for /etc/init.d/qubes_netvm start) 2011-06-29 21:22:56 +02:00
Marek Marczykowski
49ac5aa17e dom0: fix leaked file descriptor from qfile-daemon-dvm 2011-06-29 19:32:49 +02:00
Marek Marczykowski
acbc6534bc dom0: Fix uninitialized variable in qubes_restore 2011-06-29 19:24:32 +02:00
Marek Marczykowski
70e73ed710 dom0: qvm-prefs: display VM own root.img path only for non-template based VMs 2011-06-27 21:14:34 +02:00
Marek Marczykowski
9d778d6870 dom0: Use xl tool in qvm-dom0-network-via-netvm 2011-06-27 21:14:34 +02:00
Marek Marczykowski
40c7e32fe9 dom0: Use first FirewallVM as UpdateVM 2011-06-27 21:14:34 +02:00
Marek Marczykowski
c41b60340b dom0: cleanup of qubes_core startup script from xend code 2011-06-27 21:14:24 +02:00
Marek Marczykowski
a0b60af3d6 dom0: Do not use transactions to access xenstore
Unfortunately they aren't reliable... at least for writing ~10 keys at once
from python.
2011-06-25 22:31:22 +02:00
Marek Marczykowski
0f28db380e dom0: QubesVm has no add_to_xen_storage() 2011-06-23 22:03:09 +02:00
Marek Marczykowski
151b15bb8c dom0: Edit xl.conf in %post instead of overriding file (rpm file conflict) 2011-06-23 14:39:17 +02:00
Marek Marczykowski
d9d7a69c27 dom0+vm: Tools for downloading dom0 update by VM (#198)
Mainly 4 parts:
 - scripts for providing rpmdb and yum repos to VM (choosen by qvm-set-updatevm)
 - VM script for downloading updates (qubes_download_dom0_updates.sh)
 - qfile-dom0-unpacker which receive updates, check signatures and place its in dom0 local yum repo
 - qvm-dom0-upgrade which calls all of above and after all yum gpk-update-viewer

Besides qvm-dom0-upgrade, updates are checked every 6h and user is prompted if
want to download it. At dom0 side gpk-update-icon (disabled yet) should notice
new updates in "local" repo.
2011-06-22 00:44:48 +02:00
Marek Marczykowski
6d9fdf4729 dom0: Add shortcut qubes-appmenu-select ("Add more shortcuts...") for each VM (#45) 2011-06-12 01:47:15 +02:00
Marek Marczykowski
b75f89038b dom0: qvm-sync-appmenus output error messages to stderr 2011-06-12 01:47:15 +02:00
Marek Marczykowski
4634a6897c dom0: qvm-sync-appmenus: support for calling by qrexec_client 2011-06-12 00:56:47 +02:00
Marek Marczykowski
a4d1a21b46 dom0: qvm-sync-appmenus - copy *directory.template when needed 2011-06-11 23:09:55 +02:00
Marek Marczykowski
9375b8d6ff dom0: qvm-sync-appmenus: add missing object name to vars 2011-06-11 22:58:00 +02:00
Marek Marczykowski
5714410724 dom0: qvm-sync-appmenus: create appmenus dir if needed 2011-06-11 22:55:53 +02:00
Marek Marczykowski
454b678284 dom0: cpu load calculation when VM rebooted fix 2011-06-11 20:44:26 +02:00
Marek Marczykowski
7ced90832b dom0: Support for pcidevs in qvm-prefs
Can be used to e.g. have two NetVMs, eatch with one network interface assigned.
2011-06-10 19:08:47 +02:00
Marek Marczykowski
4cb5838f5b dom0: qvm-revert-template-changes message fix 2011-06-10 18:44:53 +02:00
Marek Marczykowski
5cce87c7d2 dom0: Introduce qvm-revert-template-changes tool 2011-06-10 18:36:20 +02:00
Marek Marczykowski
63dda4de34 dom0: qvm-create: remove obsolete add_to_xen_storage call 2011-06-10 18:27:16 +02:00
Marek Marczykowski
925647c7d7 dom0: run xl create through sudo
This finally solve problem with RLIMIT_MEMLOCK (less important) and is required
to attach PCI devices (eg netvm restart) - more important.
2011-06-10 18:19:19 +02:00
Marek Marczykowski
891653a413 dom0: create lockfile for libxl and set dom0 name in xenstore
Create lockfile to set it proper permissions. Without it the first use
(qvm-start netvm) will create it with root:root and 600.
Without xend, no one sets dom0 name...
2011-06-10 12:02:32 +02:00
Marek Marczykowski
3571a34010 dom0: preserve old root-cow - for qvm-revert-template-changes 2011-06-09 14:22:22 +02:00
Marek Marczykowski
f1f98d47df dom0: Use /var/run/xen-hotplug to store information needed for block devices cleanup.
Libxl removes xenstore entries before udev (+scripts) have chance to read it.
2011-06-09 14:06:24 +02:00
Marek Marczykowski
197ccb2e2c dom0: remove obsolete code from qubes_restore 2011-06-08 03:42:51 +02:00
Marek Marczykowski
ea69b51a97 dom0: use /bin/bash as interpreter of qubes_prepare_saved_domain.sh
Required for ex $(( )) construction. /bin/sh may not handle it (when linked to
some other shell than bash).
2011-06-08 03:41:22 +02:00
Marek Marczykowski
e5df78fe92 dom0: Migrate qubes_restore (and all DispVM logic) to libxl
Detailed changes:
 - use domain config in separate file (not embeded in savefile)
 - DispVM domain config generated from dvm.conf (introduced by previous patches) by qubes_restore
 - use call 'xl restore' to restore domain (instead of command to xend)
 - additional parameter to qubes_restore - config template
 - minor changes (xenstore perms, block-detach without /dev/ prefix, etc)
2011-06-08 03:36:02 +02:00
Marek Marczykowski
81ae4fafcf dom0: Use 10.138.x.y for DispVMs and fix gateway/DNS addresses 2011-06-08 03:33:45 +02:00
Marek Marczykowski
fcd4cd44eb dom0: create config template for DispVM
Introduction for later patches.
2011-06-08 03:30:42 +02:00
Marek Marczykowski
1647d03f74 dom0: use path given in argument to store VM configuration 2011-06-08 03:29:52 +02:00
Marek Marczykowski
f5e4cf58aa dom0: include vif in domain config (no need for network-attach) 2011-06-08 03:28:08 +02:00
Marek Marczykowski
c444ebc5f8 dom0/qmemman: different approach of mem-set and maxmem (libxl way)
Libxl stores maxmem in xenstore (/local/domain/X/memory/static-max) and sets
maxmem and target_mem to actual memory. So qmemman should use xenstore entry as
memory_maximum (when exists) and also adjust maxmem when changing domain memory.
2011-06-07 16:19:52 +02:00
Marek Marczykowski
50a910362d dom0/qmemman: Fix distribution memory left because of memory_maximum 2011-06-07 15:58:55 +02:00
Marek Marczykowski
9ed6b94d63 dom0/qmemman: Check for memory_maximum also for dom0 2011-06-07 15:58:55 +02:00
Marek Marczykowski
bd447308fe dom0/qmemman: distribute memory freed by deleted domain
Also wait a moment after domain list change for domain cleanup. Even if this
time is not sufficient, memory will be balanced when some domain need it.
2011-06-07 15:58:55 +02:00
Marek Marczykowski
429c685f1d dom0: write firewall rules only for running proxyvms 2011-06-07 15:58:55 +02:00
Marek Marczykowski
ae6d2ac70c dom0: include xl.conf in qubes-core-dom0 package
Disable autoballoon (qmemman will handle it) and specify lock file location
writable by user.
2011-06-07 15:58:55 +02:00
Marek Marczykowski
645132f043 dom0: Explicitly set maxmem=mem for NetVM 2011-06-07 15:58:54 +02:00
Marek Marczykowski
6dd0870ca6 dom0: Generate Xen VM config file from common template, on each VM start
Do not use many different config templates for different types of VMs. Also
regenerate config on each VM start to keep in synchronized with qubes.xml
2011-06-07 15:58:54 +02:00
Marek Marczykowski
62111845ea dom0: set memlock limit to unlimited for qubes users
Needed to 'xl create' work
2011-06-07 15:58:54 +02:00
Marek Marczykowski
5ebd163fd3 dom0: check RLIMIT_MEMLOCK before starting VM (and fix if possible) 2011-06-07 15:58:54 +02:00
Marek Marczykowski
d3e6e3dec0 dom0: use xen.lowlevel.xs instead of call xenstore-* 2011-06-05 23:35:53 +02:00
Marek Marczykowski
9ce2f440c3 dom0: remove import of old xend libraries 2011-06-05 22:58:20 +02:00
Marek Marczykowski
7b2ac4b279 dom0: catch error when no VM found by libxc (assume not running) 2011-06-04 02:46:12 +02:00
Marek Marczykowski
f5751bfea7 dom0: prevent division by zero on calculating cpu usage
When VM is starting online_vcpus=0 for short time.
2011-06-04 02:44:27 +02:00
Marek Marczykowski
cc4df5089d dom0: XC/XL infos for dom0 2011-06-02 01:20:23 +02:00
Marek Marczykowski
fac1f7f107 dom0: Set xid=0 for QubesDom0NetVm 2011-06-02 01:20:01 +02:00
Marek Marczykowski
cb1fbfc145 dom0: store xid in QubesVm on get_xid() 2011-06-02 00:07:22 +02:00
Marek Marczykowski
c789121f84 dom0: migrate from xend to libxl stack - qvm-core
This is core part of migration. Things not migrated yet:
 - DispVM (qubes_restore needs to be almost rewritten)
 - VM xen config files should be fixed (use "script:" prefix in block device description, perhaps generate this files on VM start)

Huge, slow xend not needed any more, now it conflicts with libxl
2011-06-01 23:59:53 +02:00
Marek Marczykowski
086c41cb9f dom0 qmemman: watch /local/domain xenstore tree for new/deleted domains
This is the place where _running_ domains are placed.
2011-06-01 23:31:56 +02:00
Marek Marczykowski
4f33e17e69 Set appmenus_templates_dir also for StandaloneVM (#45)
StandaloneVM also have appmenus templates - retrieved from VM. User can choose
some of them to real menu.
2011-05-24 00:14:03 +02:00
Marek Marczykowski
df0240c218 Remove desktop files after uninstalling it (#45) 2011-05-24 00:10:17 +02:00
Marek Marczykowski
dee7c69156 Create appmenus only for whitelisted apps (if set) (#45) 2011-05-24 00:09:44 +02:00
Marek Marczykowski
e1cea1f50b dom0: tool for sync desktop file templates (#45) 2011-05-20 16:38:00 +02:00
Marek Marczykowski
773f0f7b7a dom0: Fix qvm-prefs for standalone VM 2011-05-17 23:05:55 +02:00
Marek Marczykowski
ee87fff0d7 dom0: implement QubesVm.get_start_time() (#231)
Needed to check if VM was just started again
2011-05-12 18:15:09 +02:00
Marek Marczykowski
dccc528144 dom0: qmemman: distribute memory only if there are VMs which can accept it
This prevent potential inifinite loop in qmemman when free memory cannot be
assigned to any VM (because of static max). Practically this will never happen,
because dom0 can always accept memory.
2011-05-12 17:36:47 +02:00
Marek Marczykowski
b57b41aafa dom0: qmemman: Support for maxmem != physical memory (#235) 2011-05-12 15:20:26 +02:00
Marek Marczykowski
3d92e50792 Merge branch 'sane-and-pretty' of ssh://git.qubes-os.org/var/lib/qubes/git/rafal/core 2011-05-09 12:25:14 +02:00
Rafal Wojtczuk
6067be29df qmemman: add comments, make some identifiers more verbose 2011-05-04 17:58:28 +02:00
Rafal Wojtczuk
18e207cbc5 qmemman: prefix variables read from xenstore with "untrusted_"
Additionally move all already existing checks to an already
existing is_meminfo_suspicious procedure.
2011-05-04 17:10:01 +02:00
Marek Marczykowski
4a76bf2981 Call xm to set maxmem, instead of direct call to xend.
Previous one hangs sometimes with 100% occupied by xend.
This will also be simpler to port to xl/libxl interface.
2011-05-01 12:02:27 +02:00
Marek Marczykowski
f49c3a4224 Reduce dom0 priority bonus
To not kill AppVMs performance with ex kcryptd
2011-05-01 00:32:04 +02:00
Marek Marczykowski
aa7df98b7e Use half of host memory as maxmem by default. Allow to configure it per VM. 2011-04-29 01:43:41 +02:00
Marek Marczykowski
ac84bbe621 Remove correct lockfile on qubes_setupdvm stop 2011-04-27 23:07:38 +02:00
Marek Marczykowski
98f4028142 Connect vif's to already running VMs on NetVM/ProxyVM startup (#190)
Also cleanup stale vifs using "xm network-detach ... -f"
Fix iptables rules to support not only first vif of VM
2011-04-23 03:05:27 +02:00
Marek Marczykowski
0b66804a7b Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/smoku/core 2011-04-21 23:56:41 +02:00