Marek Marczykowski
817735fc92
dom0: Do not copy obsolete apps-template.templates dir on template clone
2011-07-10 23:36:50 +02:00
Marek Marczykowski
4bab5e8834
dom0: Use appmenu directory template directly from /usr/share/qubes
...
This allows to use common apps.templates for both AppVM and TemplateVM menu
items.
2011-07-10 23:33:21 +02:00
Marek Marczykowski
1d2680944c
dom0: qvm-pci verify PCI device before adding
2011-07-09 23:48:55 +02:00
Marek Marczykowski
87ebdeefd4
dom0: use qrexec_client instead of qvm-run to not start guid
...
guid doesn't makes sense in /etc/init.d/qubes_netvm
2011-07-09 21:20:36 +02:00
Marek Marczykowski
f6609cb1c4
dom0: minor #252 fix
2011-07-09 20:43:57 +02:00
Marek Marczykowski
7f940cefde
dom0: load pciback module ( #252 )
2011-07-09 20:43:27 +02:00
Marek Marczykowski
3543b0271e
dom0: Fix QfileDaemonDvm error message
2011-07-09 17:56:40 +02:00
Marek Marczykowski
973d79e932
dom0: remove calls to not existing *_xen_storage methods in qvm-*
2011-07-09 17:56:06 +02:00
Marek Marczykowski
aa77d13170
dom0: reload firewall rules after DispVM start ( #247 )
2011-07-09 17:54:23 +02:00
Marek Marczykowski
7e234a4a8d
dom0: store dispid in QubesDisposableVm object and generate proper IP ( #247 )
2011-07-09 17:52:47 +02:00
Marek Marczykowski
ff70ded003
dom0: fix typo in qfile-daemon-dvm
2011-07-09 16:52:55 +02:00
Marek Marczykowski
371fdf5884
Merge branch 'qrexec2' of git://git.qubes-os.org/rafal/core
2011-07-09 16:52:54 +02:00
Marek Marczykowski
202fb0c676
dom0: fix syntax
2011-07-09 00:36:00 +02:00
Marek Marczykowski
3e6bd65b73
Revert "[REMOVEME] Dom0: Add UGLY sleeps hoping they will temporarily prevent the race condition"
...
This reverts commit 3bd1c700f6
.
Conflicts:
dom0/qvm-core/qubes.py
2011-07-08 21:38:24 +02:00
Marek Marczykowski
3b3929b6a2
Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core
...
Conflicts:
dom0/qvm-core/qubes.py
2011-07-08 21:37:43 +02:00
Marek Marczykowski
bfe28d5ee6
dom0: Wrap hotplug scripts with flock ( #253 )
...
Apparently locking mechanism in xen hotplug scripts isn't working. This is
workaround before it will be fixed in xen...
2011-07-06 23:11:51 +02:00
Rafal Wojtczuk
c80ee3b231
qrexec: allow for more options in the policy files
2011-07-06 18:34:00 +02:00
Rafal Wojtczuk
6366db0ab6
qrexec: adjust updates fetching to the new qrexec api
2011-07-06 14:44:40 +02:00
Rafal Wojtczuk
d46150b8d3
qrexec: adjust appmenu syncing to the new qrexec api
2011-07-06 14:09:36 +02:00
Rafal Wojtczuk
2fdf9761c7
qrexec: adjust DispVM code to the new qrexec API
...
Note, we have qvm-open-in-vm totally for free.
2011-07-06 12:32:20 +02:00
Rafal Wojtczuk
b7e8c2708c
qrexec: adjust intervm file copy code to the new qrexec API
2011-07-06 10:17:58 +02:00
Marek Marczykowski
0de378dafc
dom0: automatically bind PCI devices to pciback at VM start ( #252 )
2011-07-05 22:10:45 +02:00
Marek Marczykowski
5f10e408e0
dom0: stores QubesVm.pcidevs as list ( #252 )
...
To easier manage pci devices attached to VM
2011-07-05 22:01:28 +02:00
Marek Marczykowski
82bc4bad0b
dom0: always set appmenus_templates_dir for QubesVm
...
If possible - to reasonable value (vm dir for UpdateableVM or template - for
template-based VM).
2011-07-05 21:26:39 +02:00
Marek Marczykowski
b9e00b2189
dom0: Include default whitelisted-appmenus.list in template ( #266 )
2011-07-05 21:20:43 +02:00
Marek Marczykowski
d16b6f24f9
dom0: fix cmdline of DispVM guid ( #248 )
2011-07-02 22:44:49 +02:00
Joanna Rutkowska
3bd1c700f6
[REMOVEME] Dom0: Add UGLY sleeps hoping they will temporarily prevent the race condition
2011-07-02 22:15:43 +02:00
Joanna Rutkowska
fc31161361
Dom0: Fix calling syntax for qrexec_client for updatevm
2011-07-02 22:12:43 +02:00
Marek Marczykowski
4c69dbb7d9
dom0: remove support for netvm=dom0 from init.d/qubes_netvm
2011-07-02 19:22:29 +02:00
Marek Marczykowski
cd7024cad1
Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core
2011-07-02 18:49:18 +02:00
Marek Marczykowski
35e18029c1
dom0: use default kernel for new VMs
2011-07-02 18:48:17 +02:00
Joanna Rutkowska
1ef800414a
Dom0: qubes.py: honor the verbose flag when printing debuging messages
2011-07-02 13:35:59 +02:00
Joanna Rutkowska
8d926960f5
Dom0: Do not try to load non-existent xen-pciback module...
...
Load just the pciback, which is how it is named on our kernels, and do not scare the user with weired error messages.
2011-07-02 13:18:11 +02:00
Marek Marczykowski
a1ef7d01ea
dom0: Disallow directly setting kernel version for template-based VM
2011-07-02 00:24:37 +02:00
Marek Marczykowski
f447a458f2
dom0+vm: Update VM kernel mechanism ( #242 )
...
Get kernel from global kernels dir (/var/lib/qubes/vm-kernels), not per-VM. Can
be configured by qvm-prefs (kernel parameter).
New tool: qvm-set-default-kernel
For backward compatibility kernel=None means kernel in VM dir (kernels subdir).
(possibly empty) modules.img should be created in it.
2011-06-30 01:07:47 +02:00
Marek Marczykowski
f3d908a23b
dom0: qvm-sync-appmenus: limit size of retrieved data
2011-06-30 00:56:25 +02:00
Marek Marczykowski
aa18fd2175
dom0: do not require tty in sudo (for /etc/init.d/qubes_netvm start)
2011-06-29 21:22:56 +02:00
Marek Marczykowski
49ac5aa17e
dom0: fix leaked file descriptor from qfile-daemon-dvm
2011-06-29 19:32:49 +02:00
Marek Marczykowski
acbc6534bc
dom0: Fix uninitialized variable in qubes_restore
2011-06-29 19:24:32 +02:00
Marek Marczykowski
70e73ed710
dom0: qvm-prefs: display VM own root.img path only for non-template based VMs
2011-06-27 21:14:34 +02:00
Marek Marczykowski
9d778d6870
dom0: Use xl tool in qvm-dom0-network-via-netvm
2011-06-27 21:14:34 +02:00
Marek Marczykowski
40c7e32fe9
dom0: Use first FirewallVM as UpdateVM
2011-06-27 21:14:34 +02:00
Marek Marczykowski
c41b60340b
dom0: cleanup of qubes_core startup script from xend code
2011-06-27 21:14:24 +02:00
Marek Marczykowski
a0b60af3d6
dom0: Do not use transactions to access xenstore
...
Unfortunately they aren't reliable... at least for writing ~10 keys at once
from python.
2011-06-25 22:31:22 +02:00
Marek Marczykowski
0f28db380e
dom0: QubesVm has no add_to_xen_storage()
2011-06-23 22:03:09 +02:00
Marek Marczykowski
151b15bb8c
dom0: Edit xl.conf in %post instead of overriding file (rpm file conflict)
2011-06-23 14:39:17 +02:00
Marek Marczykowski
d9d7a69c27
dom0+vm: Tools for downloading dom0 update by VM ( #198 )
...
Mainly 4 parts:
- scripts for providing rpmdb and yum repos to VM (choosen by qvm-set-updatevm)
- VM script for downloading updates (qubes_download_dom0_updates.sh)
- qfile-dom0-unpacker which receive updates, check signatures and place its in dom0 local yum repo
- qvm-dom0-upgrade which calls all of above and after all yum gpk-update-viewer
Besides qvm-dom0-upgrade, updates are checked every 6h and user is prompted if
want to download it. At dom0 side gpk-update-icon (disabled yet) should notice
new updates in "local" repo.
2011-06-22 00:44:48 +02:00
Marek Marczykowski
6d9fdf4729
dom0: Add shortcut qubes-appmenu-select ("Add more shortcuts...") for each VM ( #45 )
2011-06-12 01:47:15 +02:00
Marek Marczykowski
b75f89038b
dom0: qvm-sync-appmenus output error messages to stderr
2011-06-12 01:47:15 +02:00
Marek Marczykowski
4634a6897c
dom0: qvm-sync-appmenus: support for calling by qrexec_client
2011-06-12 00:56:47 +02:00
Marek Marczykowski
a4d1a21b46
dom0: qvm-sync-appmenus - copy *directory.template when needed
2011-06-11 23:09:55 +02:00
Marek Marczykowski
9375b8d6ff
dom0: qvm-sync-appmenus: add missing object name to vars
2011-06-11 22:58:00 +02:00
Marek Marczykowski
5714410724
dom0: qvm-sync-appmenus: create appmenus dir if needed
2011-06-11 22:55:53 +02:00
Marek Marczykowski
454b678284
dom0: cpu load calculation when VM rebooted fix
2011-06-11 20:44:26 +02:00
Marek Marczykowski
7ced90832b
dom0: Support for pcidevs in qvm-prefs
...
Can be used to e.g. have two NetVMs, eatch with one network interface assigned.
2011-06-10 19:08:47 +02:00
Marek Marczykowski
4cb5838f5b
dom0: qvm-revert-template-changes message fix
2011-06-10 18:44:53 +02:00
Marek Marczykowski
5cce87c7d2
dom0: Introduce qvm-revert-template-changes tool
2011-06-10 18:36:20 +02:00
Marek Marczykowski
63dda4de34
dom0: qvm-create: remove obsolete add_to_xen_storage call
2011-06-10 18:27:16 +02:00
Marek Marczykowski
925647c7d7
dom0: run xl create through sudo
...
This finally solve problem with RLIMIT_MEMLOCK (less important) and is required
to attach PCI devices (eg netvm restart) - more important.
2011-06-10 18:19:19 +02:00
Marek Marczykowski
891653a413
dom0: create lockfile for libxl and set dom0 name in xenstore
...
Create lockfile to set it proper permissions. Without it the first use
(qvm-start netvm) will create it with root:root and 600.
Without xend, no one sets dom0 name...
2011-06-10 12:02:32 +02:00
Marek Marczykowski
3571a34010
dom0: preserve old root-cow - for qvm-revert-template-changes
2011-06-09 14:22:22 +02:00
Marek Marczykowski
f1f98d47df
dom0: Use /var/run/xen-hotplug to store information needed for block devices cleanup.
...
Libxl removes xenstore entries before udev (+scripts) have chance to read it.
2011-06-09 14:06:24 +02:00
Marek Marczykowski
197ccb2e2c
dom0: remove obsolete code from qubes_restore
2011-06-08 03:42:51 +02:00
Marek Marczykowski
ea69b51a97
dom0: use /bin/bash as interpreter of qubes_prepare_saved_domain.sh
...
Required for ex $(( )) construction. /bin/sh may not handle it (when linked to
some other shell than bash).
2011-06-08 03:41:22 +02:00
Marek Marczykowski
e5df78fe92
dom0: Migrate qubes_restore (and all DispVM logic) to libxl
...
Detailed changes:
- use domain config in separate file (not embeded in savefile)
- DispVM domain config generated from dvm.conf (introduced by previous patches) by qubes_restore
- use call 'xl restore' to restore domain (instead of command to xend)
- additional parameter to qubes_restore - config template
- minor changes (xenstore perms, block-detach without /dev/ prefix, etc)
2011-06-08 03:36:02 +02:00
Marek Marczykowski
81ae4fafcf
dom0: Use 10.138.x.y for DispVMs and fix gateway/DNS addresses
2011-06-08 03:33:45 +02:00
Marek Marczykowski
fcd4cd44eb
dom0: create config template for DispVM
...
Introduction for later patches.
2011-06-08 03:30:42 +02:00
Marek Marczykowski
1647d03f74
dom0: use path given in argument to store VM configuration
2011-06-08 03:29:52 +02:00
Marek Marczykowski
f5e4cf58aa
dom0: include vif in domain config (no need for network-attach)
2011-06-08 03:28:08 +02:00
Marek Marczykowski
c444ebc5f8
dom0/qmemman: different approach of mem-set and maxmem (libxl way)
...
Libxl stores maxmem in xenstore (/local/domain/X/memory/static-max) and sets
maxmem and target_mem to actual memory. So qmemman should use xenstore entry as
memory_maximum (when exists) and also adjust maxmem when changing domain memory.
2011-06-07 16:19:52 +02:00
Marek Marczykowski
50a910362d
dom0/qmemman: Fix distribution memory left because of memory_maximum
2011-06-07 15:58:55 +02:00
Marek Marczykowski
9ed6b94d63
dom0/qmemman: Check for memory_maximum also for dom0
2011-06-07 15:58:55 +02:00
Marek Marczykowski
bd447308fe
dom0/qmemman: distribute memory freed by deleted domain
...
Also wait a moment after domain list change for domain cleanup. Even if this
time is not sufficient, memory will be balanced when some domain need it.
2011-06-07 15:58:55 +02:00
Marek Marczykowski
429c685f1d
dom0: write firewall rules only for running proxyvms
2011-06-07 15:58:55 +02:00
Marek Marczykowski
ae6d2ac70c
dom0: include xl.conf in qubes-core-dom0 package
...
Disable autoballoon (qmemman will handle it) and specify lock file location
writable by user.
2011-06-07 15:58:55 +02:00
Marek Marczykowski
645132f043
dom0: Explicitly set maxmem=mem for NetVM
2011-06-07 15:58:54 +02:00
Marek Marczykowski
6dd0870ca6
dom0: Generate Xen VM config file from common template, on each VM start
...
Do not use many different config templates for different types of VMs. Also
regenerate config on each VM start to keep in synchronized with qubes.xml
2011-06-07 15:58:54 +02:00
Marek Marczykowski
62111845ea
dom0: set memlock limit to unlimited for qubes users
...
Needed to 'xl create' work
2011-06-07 15:58:54 +02:00
Marek Marczykowski
5ebd163fd3
dom0: check RLIMIT_MEMLOCK before starting VM (and fix if possible)
2011-06-07 15:58:54 +02:00
Marek Marczykowski
d3e6e3dec0
dom0: use xen.lowlevel.xs instead of call xenstore-*
2011-06-05 23:35:53 +02:00
Marek Marczykowski
9ce2f440c3
dom0: remove import of old xend libraries
2011-06-05 22:58:20 +02:00
Marek Marczykowski
7b2ac4b279
dom0: catch error when no VM found by libxc (assume not running)
2011-06-04 02:46:12 +02:00
Marek Marczykowski
f5751bfea7
dom0: prevent division by zero on calculating cpu usage
...
When VM is starting online_vcpus=0 for short time.
2011-06-04 02:44:27 +02:00
Marek Marczykowski
cc4df5089d
dom0: XC/XL infos for dom0
2011-06-02 01:20:23 +02:00
Marek Marczykowski
fac1f7f107
dom0: Set xid=0 for QubesDom0NetVm
2011-06-02 01:20:01 +02:00
Marek Marczykowski
cb1fbfc145
dom0: store xid in QubesVm on get_xid()
2011-06-02 00:07:22 +02:00
Marek Marczykowski
c789121f84
dom0: migrate from xend to libxl stack - qvm-core
...
This is core part of migration. Things not migrated yet:
- DispVM (qubes_restore needs to be almost rewritten)
- VM xen config files should be fixed (use "script:" prefix in block device description, perhaps generate this files on VM start)
Huge, slow xend not needed any more, now it conflicts with libxl
2011-06-01 23:59:53 +02:00
Marek Marczykowski
086c41cb9f
dom0 qmemman: watch /local/domain xenstore tree for new/deleted domains
...
This is the place where _running_ domains are placed.
2011-06-01 23:31:56 +02:00
Marek Marczykowski
4f33e17e69
Set appmenus_templates_dir also for StandaloneVM ( #45 )
...
StandaloneVM also have appmenus templates - retrieved from VM. User can choose
some of them to real menu.
2011-05-24 00:14:03 +02:00
Marek Marczykowski
df0240c218
Remove desktop files after uninstalling it ( #45 )
2011-05-24 00:10:17 +02:00
Marek Marczykowski
dee7c69156
Create appmenus only for whitelisted apps (if set) ( #45 )
2011-05-24 00:09:44 +02:00
Marek Marczykowski
e1cea1f50b
dom0: tool for sync desktop file templates ( #45 )
2011-05-20 16:38:00 +02:00
Marek Marczykowski
773f0f7b7a
dom0: Fix qvm-prefs for standalone VM
2011-05-17 23:05:55 +02:00
Marek Marczykowski
ee87fff0d7
dom0: implement QubesVm.get_start_time() ( #231 )
...
Needed to check if VM was just started again
2011-05-12 18:15:09 +02:00
Marek Marczykowski
dccc528144
dom0: qmemman: distribute memory only if there are VMs which can accept it
...
This prevent potential inifinite loop in qmemman when free memory cannot be
assigned to any VM (because of static max). Practically this will never happen,
because dom0 can always accept memory.
2011-05-12 17:36:47 +02:00
Marek Marczykowski
b57b41aafa
dom0: qmemman: Support for maxmem != physical memory ( #235 )
2011-05-12 15:20:26 +02:00
Marek Marczykowski
3d92e50792
Merge branch 'sane-and-pretty' of ssh://git.qubes-os.org/var/lib/qubes/git/rafal/core
2011-05-09 12:25:14 +02:00
Rafal Wojtczuk
6067be29df
qmemman: add comments, make some identifiers more verbose
2011-05-04 17:58:28 +02:00
Rafal Wojtczuk
18e207cbc5
qmemman: prefix variables read from xenstore with "untrusted_"
...
Additionally move all already existing checks to an already
existing is_meminfo_suspicious procedure.
2011-05-04 17:10:01 +02:00
Marek Marczykowski
4a76bf2981
Call xm to set maxmem, instead of direct call to xend.
...
Previous one hangs sometimes with 100% occupied by xend.
This will also be simpler to port to xl/libxl interface.
2011-05-01 12:02:27 +02:00
Marek Marczykowski
f49c3a4224
Reduce dom0 priority bonus
...
To not kill AppVMs performance with ex kcryptd
2011-05-01 00:32:04 +02:00
Marek Marczykowski
aa7df98b7e
Use half of host memory as maxmem by default. Allow to configure it per VM.
2011-04-29 01:43:41 +02:00
Marek Marczykowski
ac84bbe621
Remove correct lockfile on qubes_setupdvm stop
2011-04-27 23:07:38 +02:00
Marek Marczykowski
98f4028142
Connect vif's to already running VMs on NetVM/ProxyVM startup ( #190 )
...
Also cleanup stale vifs using "xm network-detach ... -f"
Fix iptables rules to support not only first vif of VM
2011-04-23 03:05:27 +02:00
Marek Marczykowski
0b66804a7b
Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/smoku/core
2011-04-21 23:56:41 +02:00
Marek Marczykowski
50af1d15b3
Catch more exceptions during VM restore ( #212 )
2011-04-20 20:05:58 +02:00
Tomasz Sterna
5001b7c9d7
Save VM updatable state in qubes_vm_updateable
2011-04-20 01:01:38 +02:00
Marek Marczykowski
8a9bbbfc98
Fix usage info (and args check) for remove_appvm_appmenus.sh ( #225 )
2011-04-19 18:06:01 +02:00
Marek Marczykowski
e7190d0239
Clean appmenus on template remove ( #225 )
2011-04-19 17:55:06 +02:00
Marek Marczykowski
ccecb27b5b
Use any directory template when creating appmenus ( #225 )
2011-04-19 16:52:31 +02:00
Marek Marczykowski
6eb39106bb
Include appmenus template for TemplateVM when clonning template files ( #225 )
2011-04-19 16:09:11 +02:00
Marek Marczykowski
067165e030
Link to icon on template clone ( #225 )
2011-04-19 15:56:00 +02:00
Marek Marczykowski
1e53115eab
Create appmenus not only for AppVM ( #225 )
...
Needed also by TemplateVM, and maybe others (service VMs)
For TemplateVM uses separate appmenus template (apps-template.templates).
2011-04-19 15:54:36 +02:00
Marek Marczykowski
ae661a6148
Down net ifaces on suspend ( #146 )
...
NetworkManager stop isn't enough
2011-04-19 12:53:57 +02:00
Marek Marczykowski
1e923e3cb5
Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core
2011-04-19 09:32:45 +02:00
Marek Marczykowski
860bab5662
Rename xenstore-watch to xenstore-watch-qubes
...
Xen 4.1.0 provides own xenstore-watch with diffrent args. We can't use it by
default, because we still support xen 3.4.
2011-04-19 01:38:07 +02:00
Marek Marczykowski
3f310e5f3e
Adopt vchan to xen-libs-4.1.0 API.
...
Add #ifdefs to support new and old API
2011-04-19 01:21:48 +02:00
Joanna Rutkowska
ce7fa7474f
vaio_fixes: pass special option to snd-hda-intel module (required to get sound on Vaio Z)
2011-04-11 11:35:25 +02:00
Joanna Rutkowska
cc83e31047
Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core
2011-04-10 22:52:07 +02:00
Marek Marczykowski
8dc50df12b
Missing vm name in message
2011-04-10 21:49:13 +02:00
Rafal Wojtczuk
7b43755f33
qfile-daemon-dvm: increase timeout of tray notification
2011-04-10 15:39:35 +02:00
Rafal Wojtczuk
e6cc7b84d8
qubes_setupdvm: preserve mtime of the default savefile copy in shm
...
Otherwise, if the savefile is stale, we would use it instead of
recreating.
2011-04-10 15:18:17 +02:00
Joanna Rutkowska
1d97d1bd0f
Don't create DispVM savefile in initd script
2011-04-08 23:00:10 +02:00
Joanna Rutkowska
b9f6962716
Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core
2011-04-08 22:50:57 +02:00
Marek Marczykowski
4ae804b3ec
Wait for qubes-session initialization before executing GUI application ( #208 )
2011-04-08 22:35:31 +02:00
Marek Marczykowski
0dc4fb929e
Backup kernel+initrd of StandaloneVM ( #213 )
2011-04-08 20:03:38 +02:00
Joanna Rutkowska
304c27313a
qubes.py: handle nicely situation when create_appmenus exits with error
2011-04-08 16:00:14 +02:00
Joanna Rutkowska
670f034ee9
Igonre the 'run as root' warning for qvm-create-default-dvm
2011-04-08 11:03:00 +02:00
Joanna Rutkowska
f6d4f86edc
Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core
...
Conflicts:
rpm_spec/core-dom0.spec
2011-04-07 19:39:42 +02:00
Joanna Rutkowska
7097cfa2ac
Add explanations why we don't isolate root from user in VMs and in Dom0
2011-04-07 19:38:02 +02:00
Marek Marczykowski
a610ec51d0
Automaticaly start qubes_guid for all VMs when user logon
...
This is needed ex for NetVM, which is started without qubes_guid
2011-04-07 19:23:23 +02:00
Joanna Rutkowska
2230e67a39
Optional package with suspend fixes for Vaio Z laptops
2011-04-07 13:34:17 +02:00
Marek Marczykowski
e9c6dc387e
Fixed getting VMs connected to NetVM ( #172 )
2011-04-07 10:42:24 +02:00
Marek Marczykowski
086f2720df
Add missing import ( #200 )
2011-04-06 23:55:16 +02:00
Marek Marczykowski
c569d4070e
Warning the user if calling qvm-{create,remove} as root ( #200 )
2011-04-06 23:52:39 +02:00
Marek Marczykowski
d1abb37a5f
Do not fail if cannot remove VM from xen store just before adding it again ( #204 )
2011-04-06 23:30:14 +02:00
Joanna Rutkowska
d01489b486
Use 200MB by default for NetVM and ProxyVM
2011-04-06 13:34:03 +02:00
Joanna Rutkowska
102d5735e7
Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core
2011-04-06 10:40:51 +02:00
Marek Marczykowski
d4e80e7984
Deny inter-VM traffic in ProxyVM
2011-04-06 10:32:20 +02:00
Joanna Rutkowska
c80a1c18ac
Add qubes group to suders that can do everything
...
(The file in /etc/sudoers.d/ cannot have '.' in its name!)
2011-04-05 18:01:03 +02:00
Joanna Rutkowska
a7ac3a089c
Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core
2011-04-05 14:41:52 +02:00
Marek Marczykowski
c8acca0eb6
Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core
...
Conflicts:
dom0/qvm-core/qubes.py
2011-04-05 14:39:40 +02:00
Marek Marczykowski
ffaa518c5a
Fix checking if there is AppVMs based on template ( #154 )
2011-04-05 14:33:51 +02:00
Joanna Rutkowska
cc5d0e016d
Use priority 8x for qubes services, allowing for more flexibility
2011-04-05 14:31:19 +02:00
Joanna Rutkowska
97ca67c974
Merge branch 'spring-merge' of git.qubes-os.org:/var/lib/qubes/git/rafal/core
2011-04-05 14:24:52 +02:00
Marek Marczykowski
c2498a33e2
Uninstall appmenus only if present in VM dir ( #192 )
2011-04-05 11:58:21 +02:00
Rafal Wojtczuk
37e06d19e4
qmemman: handle requests for small pieces correctly
...
There seems to be a problem with xm mem-set, when executed for a value
very close to the current value - the request is ignored; apparently, the
domU kernel imposes some granularity on the request size.
So, if qmemman is asked for, say 470MB, and there is 469MB free, it will try
to milk 1MB from all domains - and this will fail. REQ_SAFETY_NET_FACTOR
does not help in this scenario.
The logs show
req= 1110016 avail= 2503727104.0 donors [('11', 194375270.40000001),...
borrow 90484.1597129 from 11 - so, beg for 90K from a domain
borrow 132239.288652 from 10
borrow 537099.316089 from 0
borrow 148004.024941 from 7
borrow 139834.21573 from 9
borrow 117855.794876 from 8
and then we fail when a domain does not provide this lousy 90KB.
The solution is to ask for actual_need+XEN_FREE_MEM_LEFT, but return if we already
have actual_need+XEN_FREE_MEM_MIN (the latter is 25MB smaller).
2011-04-05 10:52:53 +02:00
Marek Marczykowski
449bcb09ac
Don't remove VM dir, when qvm-create failed
...
It can contain user data (copied here by hand)
2011-04-05 00:12:32 +02:00
Marek Marczykowski
1b0f198999
Don't pause AppVMs when connecting network to dom0
...
There is no point in this, because we have firewall in NetVM. If someone
compromise NetVM to controll firewall, he could also reach dom0 by network.
2011-04-04 20:02:07 +02:00
Marek Marczykowski
2aec07dd60
Store VM collection connected to NetVM
2011-04-04 19:08:40 +02:00
Joanna Rutkowska
a88e104b6e
Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core
2011-04-04 18:47:08 +02:00
Marek Marczykowski
a6d079594b
Don't set template on StandaloneVM - only use it when copying template files ( #189 )
2011-04-04 18:41:02 +02:00
Rafal Wojtczuk
02514b1347
If the firewall rules file does not exist, assume ALLOW ( #188 )
...
So that newly created appvms have net access.
2011-04-04 17:07:46 +02:00
Joanna Rutkowska
b779fadda6
Revert "Start qrexec daemon when VM is running (but qrexec not)"
...
This functionality has already been implemented by:
d6bdb85883
This reverts commit 97403a8e45
.
2011-04-04 09:35:48 +02:00
Joanna Rutkowska
3f31a5f3a7
Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core
2011-04-04 09:33:31 +02:00
Marek Marczykowski
c10f7ef70b
Add missing coma ( #155 )
2011-04-04 00:08:24 +02:00
Marek Marczykowski
398734dad2
Internal VMs (hidden in qubes-manager, menus etc) - used for DispVM template ( #155 )
2011-04-03 17:47:20 +02:00
Marek Marczykowski
fa703c536f
Generate firewall rules only for VMs connected to this firewall ( #158 )
2011-04-03 01:54:04 +02:00
Marek Marczykowski
ab244d803f
Detect if VMs is outdated ( #168 )
...
If so - VMs restart is required to see latest template changes.
2011-04-02 02:11:41 +02:00
Marek Marczykowski
5e3b3fe922
Store and load from qubes.xml memory, vcpus and pcidevs
...
Needed to recreate correct xen config files (ex after template package upgrade)
2011-04-02 00:37:38 +02:00
Marek Marczykowski
e22f303f79
Warn user when restoring backup as root ( #159 )
2011-04-01 02:11:40 +02:00
Marek Marczykowski
136a65e0be
Fix indentation - duplicate VMs warning message ( #159 )
2011-04-01 02:10:50 +02:00
Marek Marczykowski
156778fcd7
Set template field before check its correctness.
...
Backup from Aplha3 with updateable VMs contains case, when updateable VM have template.
So set this template (to make qvm-backup-restore working), but give error message.
Also fix typo.
2011-04-01 02:06:22 +02:00
Marek Marczykowski
97403a8e45
Start qrexec daemon when VM is running (but qrexec not)
...
This takes place ex. when VM started from qubes-manager.
There is little sense in implementing full start procedure in every qubes tool,
so start it here, not in qubes-manager.
2011-04-01 01:23:57 +02:00
Marek Marczykowski
f0716c2498
Setup firewall for every VM with FW configuration (no only AppVM) ( #167 )
2011-04-01 01:17:38 +02:00
Marek Marczykowski
97393c54a5
Really block 'updateable' flag change
2011-04-01 01:17:18 +02:00
Marek Marczykowski
1f5c03da3f
Remove QubesCowVm class
...
StandaloneVM isn't really CowVM; also most AppVM/CowVM features applies also to TemplateVM.
So CowVM class is meaningless.
2011-04-01 01:14:18 +02:00
Rafal Wojtczuk
d6bdb85883
Start qrexec_daemon in vm.start()
...
Instead of three separate places - qvm-start, qvm-run, manager.
2011-03-31 11:11:39 +02:00
Rafal Wojtczuk
5978f7a724
Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core into spring-merge
2011-03-31 09:44:30 +02:00
Marek Marczykowski
3a5cc0cc21
Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core
2011-03-31 02:51:34 +02:00
Marek Marczykowski
ece8cfa9f0
Show output from resize2fs, when running it in AppVM ( #5 )
2011-03-31 02:40:45 +02:00
Marek Marczykowski
6273c42faf
Recursive stop VMs, when stopping NetVM ( #172 )
...
Dependency resolving in qvm-core, recursive stopping only in qvm-run for now.
2011-03-31 02:35:02 +02:00
Marek Marczykowski
01ef2aff9e
Wait for device size change, before resize2fs ( #5 )
2011-03-31 00:44:58 +02:00
Marek Marczykowski
212fd13957
Stop only NM on suspend. ( #146 )
...
Also remove ip_forward setting from sysctl, so NM will not reset it on restart
2011-03-31 00:19:41 +02:00
Joanna Rutkowska
23f4806c7d
Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core
2011-03-29 13:25:07 +02:00
Marek Marczykowski
464337a24e
Ignore exit status from netvm pm-scripts ( #146 )
2011-03-29 12:22:31 +02:00
Marek Marczykowski
2bcbc1742e
Run pm-utils scripts in netvm on suspend ( #146 )
2011-03-29 12:20:50 +02:00
Rafal Wojtczuk
50af4bd8a0
qfile-daemon-dvm: lock around possible savefile recreate
2011-03-28 17:39:21 +02:00
Rafal Wojtczuk
df9549a7db
Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/smoku/core into spring-merge
2011-03-28 17:28:24 +02:00
Tomasz Sterna
04a6b01b1b
Do not allow NEW connection to VM through ProxyVM. #136
2011-03-27 17:24:17 +02:00
Marek Marczykowski
0d52b037f1
Changed network addresses to 10.137.0.0/16 ( #73 )
...
Also limit qid to 254 - should be enough and fits in one byte (in IP address)
2011-03-27 12:58:38 +02:00
Tomasz Sterna
efcff5cc3a
Added plymouth progress handling to qubes_setupdvm init script.
2011-03-26 11:33:04 +01:00
Tomasz Sterna
5efee35654
Fix ownership and rights when creating DVM during boot.
2011-03-26 11:33:04 +01:00
Tomasz Sterna
e2d9673713
Fixed qubes_setupdvm whitespace.
2011-03-26 11:33:04 +01:00
Marek Marczykowski
14f0141214
Fix to long label for standalone VM
2011-03-24 21:56:59 -04:00
Marek Marczykowski
f2567cbf71
Check if template_vm is set when recreating config files ( #131 )
2011-03-24 21:44:07 -04:00
Marek Marczykowski
24b5c24c25
create_appmenus() on standalone VM -> only register existing apps in menu
...
Needed for example on backup-restore
2011-03-24 21:41:10 -04:00
Marek Marczykowski
9aa5638dcf
Create template_vm property in every VM (defaults to None)
...
Simplify template based VM detection.
2011-03-24 21:39:13 -04:00
Marek Marczykowski
7dca7a5a32
Support for backup standalone VMs (add root.img, apps/); add firewall.xml to backup
2011-03-24 21:37:30 -04:00
Marek Marczykowski
8bdbed7bb8
Fix error handling in qvm-backup-restore
2011-03-24 21:35:46 -04:00
Marek Marczykowski
4723b9e2ef
Template name change option, reset config files, standalone vm restore ( #103 )
...
Recreate config file when requested but also when template name changed.
Restore full AppVM dir from backup - not only selected files.
2011-03-24 21:34:04 -04:00
Marek Marczykowski
d87265851c
Merge branch 'spring-merge' of ssh://git.qubes-os.org/var/lib/qubes/git/rafal/core
2011-03-24 16:43:13 -04:00
Rafal Wojtczuk
57fd6c49bb
Removed obsolete code, dom0 side
...
Just like the previous commit, it is related to switch to
qrexec-based file copy.
2011-03-24 17:18:10 +01:00
Rafal Wojtczuk
fcfc1c498d
Change permissions on Dispvm template files only if we are root
...
Otherwise, it makes no sense, and thus we do not unnecessarily
warn.
2011-03-24 16:57:43 +01:00
Rafal Wojtczuk
4401c5a2cb
Limit Dispvm to 1 vcpu
...
Because a restored domain with multiple cpus, ehrrm, hardly works,
at least with current Xen+kernel combination.
2011-03-24 16:53:40 +01:00
Marek Marczykowski
7f94cf2709
Merge branch 'spring-merge' of ssh://git.qubes-os.org/var/lib/qubes/git/rafal/core into spring-merge
2011-03-23 19:45:59 -04:00
Marek Marczykowski
0962eab45a
Cmdline tool to grow private.img ( #5 )
2011-03-23 19:41:58 -04:00
Rafal Wojtczuk
25f49bca18
Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core into spring-merge
2011-03-23 16:47:05 +01:00
Rafal Wojtczuk
f9b9b1ade6
qvm-create-default-dvm: fix permissions after creating savefile
...
So, savefile.img and netvm_id.txt are correctly owned as well.
2011-03-23 13:40:28 +01:00
Rafal Wojtczuk
a1f8cd9071
When creating disposablevm object, pass non-None dirpath
...
QubesVm constructor does not like it.
2011-03-23 13:26:39 +01:00
Marek Marczykowski
46190b9d82
Copy kernel for standalone VM
2011-03-23 09:59:59 +01:00
Rafal Wojtczuk
a814b522b9
Fix permissions on the dvm template directory.
...
Needed in case default_template-dvm VM was created in init
scripts, and files are not writeble by group qubes.
2011-03-23 09:36:30 +01:00
Rafal Wojtczuk
4e78284e4f
block.qubes: pass arguments correctly to other scripts
2011-03-23 09:31:44 +01:00
Rafal Wojtczuk
105486135b
Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/smoku/core into spring-merge
2011-03-23 09:23:38 +01:00
Tomasz Sterna
481e9871c4
Implemented implicit rule to allow ICMP traffic in firewall
2011-03-21 22:06:53 +01:00
Rafal Wojtczuk
488eda21d9
Merge branch 'blockless' into spring-merge
...
Conflicts:
appvm/Makefile
appvm/qubes_core
netvm/qubes_core
rpm_spec/core-appvm.spec
rpm_spec/core-netvm.spec
2011-03-21 13:54:35 +01:00
Marek Marczykowski
a5a43cdbc7
Fix missing arg to reset_volatile_storage ( #118 )
...
And do not call it twice...
2011-03-19 17:05:53 -04:00
Marek Marczykowski
bc383b692d
Use clean-volatile.img.tar instead of unpacked one ( #118 )
...
"tar x" is much faster than cp on sparse file
2011-03-19 17:05:00 -04:00
Marek Marczykowski
a6ee9d66f5
qvm-backup-{,restore} - support for standalone VMs
...
Backup root.img instead of (non-existing) root-cow.img
2011-03-18 22:24:08 -04:00
Marek Marczykowski
c461835ea7
Dont allow to change disable 'updateable' flag of standalone VM
2011-03-18 22:19:03 -04:00
Marek Marczykowski
ee28ca10d4
Indent, blank lines
2011-03-18 22:18:31 -04:00
Marek Marczykowski
823bd1ce0f
Use common image for swap and root-cow - volatile.img ( #118 )
...
This reduces xvd* devices count, so speeds up VM start.
Also swap-cow is no longer needed, so remove this additional dm-snapshot layer.
2011-03-18 22:15:32 -04:00
Tomasz Sterna
aa58bec1d9
Fixed default policy handling in firewall rules
2011-03-18 14:12:19 +01:00
Marek Marczykowski
33e7ee3623
Reduce duplicated code in qubes.xml load
...
Parse common attrs in separate function.
Side effect: possibility to set custom TemplateVM label
2011-03-16 20:40:15 -04:00
Marek Marczykowski
bef1ea4c92
Reduce duplicated code in create_xml_entries
2011-03-16 19:42:01 -04:00
Marek Marczykowski
4e68c4cde9
Standalone VM ( #98 )
...
'updateable' property is now read-onlyr; updateable=True means that VM has own
root.img, not persistent root-cow.img.
2011-03-16 18:45:02 -04:00
Marek Marczykowski
ef6a3e576b
Parse tags %MEM% and %VCPUS% in {app,net}vm-template.conf ( #115 )
2011-03-16 13:39:54 -04:00
Marek Marczykowski
379a5620c8
Fix netvm creation from template
...
Missing netvms_conf_file parameter in template
2011-03-16 13:38:16 -04:00
Marek Marczykowski
2b78538376
Merge git://git.qubes-os.org/joanna/core
2011-03-16 11:29:55 -04:00
Marek Marczykowski
5e2dd1c6ce
Revert "Do not add new vm to xen storage in qvm-create - it is done by core"
...
This reverts commit 72ddb5aae1
.
2011-03-16 11:44:25 +01:00
Marek Marczykowski
72ddb5aae1
Do not add new vm to xen storage in qvm-create - it is done by core
2011-03-16 11:41:18 +01:00
Marek Marczykowski
5acc4610b4
Allow installed_by_rpm=False in NetVM and ProxyVM
2011-03-16 11:41:18 +01:00
Marek Marczykowski
7dbe6e1731
Create NetVM xen config from separate template (netvm-template.conf)
2011-03-16 11:41:18 +01:00
Joanna Rutkowska
fa7e13c602
Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core
2011-03-15 22:57:27 +01:00
Marek Marczykowski
63b06516b7
Do not add new vm to xen storage in qvm-create - it is done by core
2011-03-15 18:51:31 +01:00
Marek Marczykowski
14c48f5253
Merge commit '00ba6dd5b7441cf10f87f527f4ac7eb459cb0a08'
2011-03-15 18:33:01 +01:00
Marek Marczykowski
993d34e7d5
Allow labels for NetVM/ProxyVM. Require it in qvm-create.
2011-03-15 18:28:28 +01:00
Joanna Rutkowska
5e1a808648
Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core
2011-03-15 18:16:33 +01:00
Marek Marczykowski
588f4b91c8
Fix Firewall -> Proxy...
2011-03-15 17:40:23 +01:00
Rafal Wojtczuk
8ce0e0f39b
Fixed permissions of qfile-daemon
2011-03-15 16:48:17 +01:00
Rafal Wojtczuk
84b1a186ff
Added qfile-unpacker and qfile-daemon
2011-03-15 16:43:43 +01:00
Joanna Rutkowska
f83daa49f9
Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/smoku/core
2011-03-14 22:44:04 +01:00
Tomasz Sterna
d82001819d
Properly call QubesProxyVm superclass
2011-03-14 20:57:08 +01:00
Tomasz Sterna
00ba6dd5b7
Properly find root netvm in netvm chain
2011-03-14 20:44:17 +01:00
Tomasz Sterna
c92a2bf25f
Properly create default firewall configuration
2011-03-14 20:43:56 +01:00
Joanna Rutkowska
b8d98403ff
Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core
2011-03-14 13:15:48 +01:00
Rafal Wojtczuk
5d3c43e4fa
created qfile-daemon-dvm
...
Mostly code from qfilexchgd; it will be removed soon.
2011-03-14 10:43:09 +01:00
Marek Marczykowski
d6181d21cf
Merge commit 'e2d52a27e810522c41720bb17b1f4f52f1fe2e6a'
...
Conflicts:
dom0/qvm-core/qubes.py
fwvm/init.d/qubes_firewall
2011-03-11 23:32:13 +01:00
Marek Marczykowski
65a758029e
Revert "Requiest external_ip permission at start, not create"
...
This reverts commit 53b8e5aacf
.
2011-03-11 23:21:23 +01:00
Tomasz Sterna
dc8325f564
Use DNS IPs in firewall rules
2011-03-11 19:39:26 +01:00
Marek Marczykowski
2a72b293c4
ProxyVM type in qvm-ls
2011-03-11 02:44:11 +01:00
Marek Marczykowski
53b8e5aacf
Requiest external_ip permission at start, not create
2011-03-11 02:22:26 +01:00
Marek Marczykowski
344b257d87
Missing coma
2011-03-11 02:12:23 +01:00
Marek Marczykowski
48613fb911
Check if netvm is set for ProxyVM before using it...
2011-03-11 02:11:05 +01:00
Marek Marczykowski
41800eb879
Store default_fw_netvm in qubes.xml
2011-03-11 02:10:51 +01:00
Marek Marczykowski
5c2e676fa1
Set netvm reference only after NetVMs/ProxyVMs load - ProxyVM
2011-03-11 02:00:42 +01:00
Marek Marczykowski
a3d8778841
arameters for add_new_*, variables loaded from qubes.xml
...
Cow based VMs doesn't have root_img param, but private_img.
2011-03-11 01:59:56 +01:00
Marek Marczykowski
8928e55215
Swap COW for all CowVMs, not only AppVM
2011-03-11 01:55:29 +01:00
Marek Marczykowski
3043a391e0
'templete' typo again
2011-03-11 01:52:09 +01:00
Marek Marczykowski
969b14b5ed
qvm-create: support for netvm and proxyvm
...
Move PCI config from qvm-add-netvm to qvm-core.
Remove qvm-add-netvm as useless when netvm is template-based
2011-03-11 01:48:27 +01:00
Marek Marczykowski
c7a832a279
NetVM, AppVM, ProxyVM from single template - VM side
...
Modify VM packages to:
- do not conflicts
- starts services if its VM type need it
Added core-proxyvm (firewall) and core-commonvm (common parts) packages.
2011-03-11 01:38:04 +01:00
Marek Marczykowski
4c14652245
Add preparing_dvm param to TemplateVM.start (to start it as any other VM)
2011-03-10 17:24:56 +01:00
Marek Marczykowski
9895665f2c
fwvm -> proxyvm rename fix
2011-03-10 16:16:39 +01:00
Marek Marczykowski
a21e0d37c6
Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/smoku/core
...
Conflicts:
dom0/qvm-core/qubes.py
2011-03-10 16:05:48 +01:00
Marek Marczykowski
a10abc5c9d
Merge tag 'smk_a8cef51b' of ssh://git.qubes-os.org/var/lib/qubes/git/smoku/core
...
Conflicts:
dom0/qvm-core/qubes.py
dom0/qvm-tools/qvm-ls
2011-03-10 14:14:48 +01:00
Tomasz Sterna
ae2d170a7e
Fixed external_ip permissions setting and netvm_domid entry handling.
2011-03-10 13:38:49 +01:00
Tomasz Sterna
afbdfe8ae4
Store netvm domid in FwVM.
2011-03-09 20:38:29 +01:00
Tomasz Sterna
58a4b4c82b
Implemented qubes_netvm_external_ip feature.
2011-03-09 20:38:29 +01:00
Tomasz Sterna
87ff30fe26
Fixed xenstore-chmod call syntax
2011-03-09 19:47:08 +01:00
Tomasz Sterna
6ad91617a7
Store the state of FwVM rules
2011-03-09 18:07:22 +01:00
Tomasz Sterna
fd8ecca9bd
Create qubes_iptables_error xenstore file in FwVM and set its permissions.
2011-03-09 17:51:05 +01:00
Tomasz Sterna
ca81f0103d
Update firewall rules on VM start
2011-03-09 17:51:05 +01:00
Marek Marczykowski
1914854e88
Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/marmarek/core
...
Conflicts:
dom0/qvm-core/qubes.py
dom0/qvm-tools/qvm-prefs
dom0/qvm-tools/qvm-template-commit
2011-03-09 17:23:32 +01:00
Marek Marczykowski
e35fccef35
Fix AppVm constructior
2011-03-09 15:24:54 +01:00
Rafal Wojtczuk
a7cc09071f
Make qubes_restore rexec-aware.
2011-03-08 13:03:55 +01:00
Rafal Wojtczuk
eb7821771e
In qvm-start, check $DISPLAY existence, too.
2011-03-07 16:05:36 +01:00
Rafal Wojtczuk
62d0127647
Integrate qrexec with qvm-run.
2011-03-07 15:58:04 +01:00
Marek Marczykowski
c1bd86142c
NetVM and ProxyVM based on template: part 1 (core)
2011-03-06 17:06:45 +01:00
Marek Marczykowski
13c3a04755
Fix typo 'templete'
2011-03-06 14:06:24 +01:00
Tomasz Sterna
e9bd19299f
Update firewall iptables file during VM start
2011-03-06 14:06:24 +01:00
Tomasz Sterna
f33fcff372
Implemented iptables rules file generator
2011-03-06 14:06:24 +01:00
Tomasz Sterna
0c1b6ca4b0
Store firewal rules in Python data structure
2011-03-06 14:06:24 +01:00
Tomasz Sterna
aa536fdbda
Properly set FwVM xenstore files
2011-03-06 14:06:24 +01:00
Tomasz Sterna
bd05975a53
Removed trailing whitespace
2011-03-06 14:06:24 +01:00
Tomasz Sterna
8e465a13b5
Implemented firewall_conf storage
2011-03-06 14:06:24 +01:00
Tomasz Sterna
026a109d1f
Fixed setting netvm of FWVM
2011-03-06 14:06:24 +01:00
Tomasz Sterna
60caf9af7f
Refactored QubesVm.is_*vm() methods
2011-03-06 14:06:24 +01:00
Tomasz Sterna
cba89a8747
Show FirewallVMs in qvm-ls
2011-03-06 14:06:24 +01:00
Tomasz Sterna
d207ecacea
Implemented QubesFirewallVm subclass of QubesNetVm
2011-03-06 14:06:24 +01:00
Marek Marczykowski
24c0778154
gitignore files - add build products
2011-03-06 14:06:24 +01:00
Marek Marczykowski
b778fa3210
Add typo in qvm-template-commit
...
As in original classes...
2011-03-06 14:06:24 +01:00
Marek Marczykowski
14aaccbc5f
Update TemplateVM with running AppVM: part 2
...
- support for template modify in qvm-core
- tool for commit changes to template
2011-03-06 14:06:15 +01:00
Rafal Wojtczuk
d6f327492d
Start qrexec daemon and agent
2011-03-04 17:19:51 +01:00
Tomasz Sterna
a8cef51b67
Use new, simplified firewall rules data scheme
2011-03-03 22:40:36 +01:00
Tomasz Sterna
0a8249d83f
Update firewall iptables file during VM start
2011-03-02 15:04:11 +01:00
Tomasz Sterna
45f84b1713
Implemented iptables rules file generator
2011-03-02 15:03:21 +01:00
Tomasz Sterna
6083384e6d
Store firewal rules in Python data structure
2011-03-02 15:02:46 +01:00
Tomasz Sterna
353f04e186
Properly set FwVM xenstore files
2011-03-02 15:01:30 +01:00
Tomasz Sterna
d758eb8258
Removed trailing whitespace
2011-03-02 15:00:19 +01:00
Marek Marczykowski
c3bf11062f
gitignore files - add build products
2011-03-02 11:58:22 +01:00
Marek Marczykowski
143f1519a8
Add typo in qvm-template-commit
...
As in original classes...
2011-03-02 11:52:19 +01:00
Marek Marczykowski
6db640dbfe
Update TemplateVM with running AppVM: part 2
...
- support for template modify in qvm-core
- tool for commit changes to template
2011-03-02 11:33:22 +01:00
Tomasz Sterna
a450e51126
Implemented firewall_conf storage
2011-02-21 18:13:27 +01:00
Tomasz Sterna
a088e14244
Fixed setting netvm of FWVM
2011-02-11 00:34:46 +01:00
Tomasz Sterna
053ca36ca8
Refactored QubesVm.is_*vm() methods
2011-02-11 00:34:46 +01:00
Tomasz Sterna
4297c1284a
Show FirewallVMs in qvm-ls
2011-02-09 21:21:41 +01:00
Tomasz Sterna
8c82361f5e
Implemented QubesFirewallVm subclass of QubesNetVm
2011-02-09 21:21:14 +01:00
Joanna Rutkowska
a5c4a1626e
qvm-backup-restore: support for --skip-conflicting option
2010-12-18 07:25:47 +01:00
Joanna Rutkowska
751e0b380a
qvm-backup: support --exclude option
2010-11-28 16:30:26 +01:00
Rafal Wojtczuk
1fccf9c309
Use delayed_transaction_seq from sender, not receiver.
...
Apparently, qvm-copy-to-vm when receiver already has an incoming pendrive
worked only by coincidence.
2010-10-28 12:39:03 +02:00
Rafal Wojtczuk
7c1babe8aa
Do not error when qvm-get-default-netvm returns empty string.
...
It happens when installing qubes-core-dom0 for the first time.
2010-10-06 10:55:32 +02:00
Joanna Rutkowska
18dc0b67c7
dom0: do not do mem-set for dom0 in init.d/qubes_core
2010-10-04 15:20:41 +02:00
Joanna Rutkowska
e91ee0acb3
dom0 init.d/qubes_core: kill some processes on stop()
2010-10-04 15:20:09 +02:00
Rafal Wojtczuk
862bd1f11c
DVM: do not mem-set 400
...
qmemman will do the job automagically.
2010-09-30 18:26:35 +02:00
Rafal Wojtczuk
28fbb48845
Attach/detach pci devices from netvm upon resume/suspend
2010-09-30 18:22:26 +02:00
Rafal Wojtczuk
ece96ba3fb
Make qfilexchgd listen for change in /vm to detect vm start/stop
...
... instead of watching /local/domain, which changes whenever meminfo-wwriter
pushes data.
2010-09-27 17:42:34 +02:00
Rafal Wojtczuk
90e3f4ffd8
Add reset_vm_configs.py script
2010-09-27 16:58:02 +02:00
Rafal Wojtczuk
2244ea95bf
Separate create_config_file() function in qubes.py
2010-09-27 16:53:17 +02:00
Joanna Rutkowska
ba59ac733e
Merge branch 'qmemman' of git://qubes-os.org/rafal/core
...
Conflicts:
dom0/qvm-core/qubes.py
2010-09-23 12:31:25 +02:00
Rafal Wojtczuk
11eafede31
Make qubes_prepare_saved_domain.sh output less scary for [normal] users
2010-09-22 11:15:22 +02:00
Rafal Wojtczuk
0217dba40e
Completed dvm->setupdvm name transition
2010-09-22 10:24:57 +02:00
Rafal Wojtczuk
7aa55affcf
renamed: qubes_dvm -> qubes_setupdvm
2010-09-22 10:22:45 +02:00
Rafal Wojtczuk
2a4abafd1b
Removed empty function from qubes_dvm
2010-09-22 10:21:54 +02:00
Rafal Wojtczuk
4e067aa503
Slightly change the savefile update notification message.
2010-09-21 22:28:14 +02:00
Rafal Wojtczuk
c0656720ab
DVM: if needed, qfileexchgd will recreate DVM savefile
...
It would be nice to have some progress notification, as dvm setup is
slow.
2010-09-21 22:23:38 +02:00
Rafal Wojtczuk
e13e5027c3
qubes_dvm init.d script
...
We want to set up a default dvm if needed at boot time; for this,
the default netvm must have been already started. Therefore, we
need a qubes_dvm script, that executes after qubes_netvm.
2010-09-21 21:46:11 +02:00
Rafal Wojtczuk
c22a6ebb84
DVM: make qvm-get-default-template use the default template, if asked
...
Via options --default-template and --default-script
2010-09-21 18:40:15 +02:00
Rafal Wojtczuk
c0cac005ec
Tiny logging fix in qfileexchgd
...
...that is impossible to happen, naturally.
2010-09-21 16:00:40 +02:00
Rafal Wojtczuk
ca1122cd6a
Add QubesDisposableVm and use class
2010-09-21 15:59:22 +02:00
Rafal Wojtczuk
6afdffa96f
qvm-dom0-network-via-netvm script (ticket #20 )
2010-09-21 13:36:46 +02:00
Rafal Wojtczuk
885d747272
qmmemman: force static_memory_max to be as much as total RAM
...
Not including netvm, it causes some issues with it.
2010-09-20 11:24:56 +02:00
Joanna Rutkowska
4e7ce5f90c
qubes.py: another small fix to QubesHost :)
2010-09-16 20:11:35 +02:00
Joanna Rutkowska
8292c25713
Merge branch 'qmemman' of git://qubes-os.org/rafal/core
2010-09-16 20:01:40 +02:00
Joanna Rutkowska
157a18c244
qubes.py: a small fix to QubesHost
2010-09-16 18:47:05 +02:00
Joanna Rutkowska
268789fc4c
dom0/qvm-core/qubes.py: added QubesHost class
2010-09-16 17:52:52 +02:00
Rafal Wojtczuk
c411519220
qmemman: do not trim the mem-set value too much
...
We used to mem-set the domain to 0.995*calculated_value; 5 promils of 4GB
is ca 19MB, and it is too visible. Use 0.999 instead of 0.995
2010-09-16 16:40:09 +02:00
Rafal Wojtczuk
eea01fba3b
qmemman: in is_balance_req_significant(), account for Xen free memory
2010-09-16 16:00:07 +02:00
Rafal Wojtczuk
e476531b0e
Leave XEN_FREE_MEM_LEFT of Xen free memory.
...
Needed for driver domain, to be able to get contiguous memory for
its drivers.
2010-09-16 15:57:11 +02:00
Joanna Rutkowska
0f1700ef3d
Merge branch 'comment1' of git://qubes-os.org/rafal/core
...
Conflicts:
dom0/restore/qubes_restore.c
2010-09-16 15:55:35 +02:00
Joanna Rutkowska
70f8a7401c
Make 'make clean' clean all the object files
2010-09-15 15:36:04 +02:00
Joanna Rutkowska
9b8c018bc2
Merge branch 'qmemman' of git://qubes-os.org/rafal/core
2010-09-13 15:05:13 +02:00
Rafal Wojtczuk
0c1f21a28e
qmemman: when a AppVM is low on memory, allow small adjustments
...
A small AppVM (say, with 100MB total) can go below prefmem, and
still not be assigned memory, because of the MIN_TOTAL_MEMORY_TRANSFER
threshold.
So, if AppVM is below prefmem, allow for smaller mem-sets.
2010-09-10 11:35:30 +02:00
Rafal Wojtczuk
f6e3607d2d
qmemman: offload some processing to meminfo-writer
...
Make meminfo-writer compute used memory, and report to qmemman only if
it has changed significantly enough. As it is written in C, its code is
much faster that qmemman-server; also in the idle case, it saves on xenstore
communication overhead. Allows to send updates up to 10 times per second,
with CPU load on the VM below 0.1%.
2010-09-09 17:51:53 +02:00
Rafal Wojtczuk
51e14fc8bb
qmemman: trigger do_balance() on receiving /proc/meminfo data
2010-09-09 12:36:18 +02:00
Rafal Wojtczuk
f4e46b63a4
qmemman: in client code, set FD_CLOEXEC on qmmemman.socket
2010-09-09 12:33:48 +02:00
Rafal Wojtczuk
7545789a26
qmemman: now parse_meminfo takes a single argument
2010-09-09 11:30:02 +02:00
Rafal Wojtczuk
9c609a23bf
qmemman: move /proc/meminfo parsing to qmemman_algo
...
Just cosmetics, to make code layout more coherent.
2010-09-09 11:24:04 +02:00
Rafal Wojtczuk
24b3baf063
qmemman: use 'Memtotal' from /proc/meminfo to calculate used memory
...
Previously, memory_actual (retrieved from xen) was used; it can be inconsistent.
'Memtotal' can be spoofed, but anyway we rely on other fields from /proc/meminfo.
2010-09-09 11:08:20 +02:00
Rafal Wojtczuk
5a33ed71ce
qmemman: use the fact that balloon driver retries
...
Apparently even if there is not enough xen memory to balloon up,
balloon driver will try to fulfill the request later, when
some memory is freed. Thus, in do_balloon, do not limit mem_set
to the available memory.
2010-09-09 10:36:13 +02:00
Rafal Wojtczuk
87d1e973c7
qmemman: print balance stats only when updating
2010-09-09 10:29:35 +02:00
Rafal Wojtczuk
8d377d19dc
DVM: added missing fix_savefile_all
2010-09-07 17:45:52 +02:00
Rafal Wojtczuk
6472e8c926
DVM: fix savefile to contain ip address
...
needed for routed networking
2010-09-07 17:36:28 +02:00
Rafal Wojtczuk
2dd9bab23a
DVM: add --dvm option to qvm-start
...
Currently it only forces to use a fake IP address, which can be
replaced during restore time.
2010-09-07 16:15:24 +02:00
Rafal Wojtczuk
5be12f8459
qmemman: switch off memory balancing when doing xm save
...
Apparently, it interferes:
INFO (XendCheckpoint:417) ERROR Internal error: Could not get vcpu context
INFO (XendCheckpoint:417) ERROR Internal error: Failed to map/save the p2m frame list
2010-09-07 16:00:14 +02:00
Rafal Wojtczuk
11abef3439
qmemman: xc.domain_set_target_mem can throw exceptions, too
2010-09-07 13:10:48 +02:00
Rafal Wojtczuk
a013973806
Use vif-route-qubes.
2010-09-06 17:24:12 +02:00
Rafal Wojtczuk
31e7e96056
Switch to routed VM network (instead of bridging)
...
No headache from layer 2 attacks.
2010-09-06 17:07:42 +02:00
Rafal Wojtczuk
64e8013dc2
Unify dom0 and netvm sysconfig/iptables
...
Plus:
- dedicated chain for DNAT to nameservers
- prevent intervm networking. Can be conveniently overriden in necessary cases
by inserting ACCEPT clauses (per VM, probably) at the top of FORWARD
2010-09-06 15:10:01 +02:00
Rafal Wojtczuk
22df517425
qmemman: detect domain list change by watching /vm, not /local/domain
...
The latter triggers on every memory/meminfo key update, which needlessly
adds xenstore requests.
2010-09-06 10:46:36 +02:00
Rafal Wojtczuk
7dcb7cb196
qmemman: don't use xenapi, use hypercalls to do mem-set
2010-09-03 16:19:48 +02:00
Rafal Wojtczuk
10408d61db
qmemman: when low on memory, do not make a VM go below prefmem
...
Now the balance() has two different cases: enough memory and low_on_memory.
In the former, distribute memory proportianally; in the former, dont do this, as this
makes a VM go below prefmem.
2010-09-01 12:40:02 +02:00
Rafal Wojtczuk
80771763cf
qmemman: limit total memory transfer, not each one
2010-09-01 10:39:39 +02:00
Rafal Wojtczuk
c66e0848f3
qmemman: limit domain memory to 2G to workaround for xen xml-rpc limitation
...
File "/usr/lib64/python2.6/xmlrpclib.py", line 710, in dump_int
raise OverflowError, "int exceeds XML-RPC limits"
OverflowError: int exceeds XML-RPC limits
How crappy.
2010-08-31 16:19:01 +02:00
Rafal Wojtczuk
de2619fbed
qmemman: wrap xenapi.memset within try/except
...
It can fail e.g. when a domain is being shutdown with a pretty
message like
File "/usr/lib64/python2.6/site-packages/xen/xend/XendDomainInfo.py", line 1322, in setMemoryTarget
(target * 1024))
Error: (1, 'Operation not permitted')
2010-08-31 15:53:24 +02:00
Rafal Wojtczuk
eb6755e93c
qmemman: fix locking
...
We want balance() to wait on a lock even after balloon() has finished,
until socket client has closed.
2010-08-30 14:50:48 +02:00
Rafal Wojtczuk
2eba4c1c15
I will test before commit. I will test before commit. I will...
2010-08-30 12:01:42 +02:00
Rafal Wojtczuk
f3561b7aad
Fix restore completion detection in appvm/qubes_core
2010-08-30 11:43:30 +02:00
Rafal Wojtczuk
62487c0f1e
Memory management across VMs, first release
2010-08-30 11:40:19 +02:00
Rafal Wojtczuk
8a022d7904
core.git/dom0/pendrive_swapper/README
2010-08-03 09:03:32 +02:00
Rafal Wojtczuk
cee9d6b4d6
Added comments to nonobvious code fragments
2010-08-03 07:12:59 +02:00
Joanna Rutkowska
4d26334709
dom0/init.d/qubes_core: set Dom0 mem to 1600M
2010-07-30 16:00:18 +02:00
Joanna Rutkowska
557984f4b9
minor ident fixes
2010-07-30 15:59:43 +02:00
Rafal Wojtczuk
4cf0a61858
Before restoring DVM, check for available xen memory
...
As we already do xm mem-set 0 800 in qubes_core, this is a
correct check. Now, there should be no errors from qubes_restore
in normal circumstances.
2010-07-27 16:08:09 +02:00
Joanna Rutkowska
3856f7cdbd
qvm-create-default-dvm: use gray label for dvm-template (be consitent with VM template label)
2010-07-27 12:47:18 +02:00
Rafal Wojtczuk
b578aab5d5
qubes_prepare_saved_domain.sh: Check exit code of xm save
2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
aa894b5700
qvm-create-default-dvm script
2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
d46bf2a270
Pathnames cleanup
...
Move internal scripts to /usr/lib/qubes plus a couple of similar.
2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
11b8a0409f
DVM: execute user script before save
...
qubes_prepare_saved_domain.sh now takes optional second argument, the
filename. The content of the file will be copied (via xenstore) to DVM
and executed just before save. This makes it possible to preload memory
with useful apps.
2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
0c0f34ba9b
DVM: manage savefiles
...
Instead of hardcoded savefile name, use a symlink in
/var/run/qubes. Tools should set this symlink to a correct
savefile. Also, test whether the savefile is older than the
template root.img.
2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
6ee594f972
Update qubes.xml with DVM
...
Also, pass correct parameters to DVM's qubes_guid (taken from
qubes.xml).
2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
e1320483f9
qfilexchgd: handle 'killme' command
2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
0c122f670e
qfilexchgd: pass correct transaction_seq for delayed transaction
2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
203b3fd70b
dvm: reserve a bit more ram in dom0
2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
2e927cce68
dvm: correct PATH and permissions
2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
c71a1694d2
Make the message about DVM creation failure more verbose
2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
a343272481
Make br0 forward traffic delay short
2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
d93e6dd86b
add syslog.h to qubes_restore.c
2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
c05911a01e
qfilexchgd fixes
...
kill dvm after is has sent an answer
set transaction_seq to 0 for normal transfers
qfilexchgd mode:=755
2010-07-21 12:56:43 +02:00
Rafal Wojtczuk
0dbef3f2ae
dvm: appvm side code
2010-07-21 12:56:43 +02:00
Rafal Wojtczuk
08d3082cf3
qfilexchgd code for disposable VM
2010-07-21 12:56:43 +02:00
Rafal Wojtczuk
793b7b2596
Quick VM restore support
2010-07-21 12:56:21 +02:00
Joanna Rutkowska
8c4ac4326f
pm-utils: 01qubes-sync-vms-clock: cosmetic fix for nicer output
2010-07-08 12:45:33 +02:00
Joanna Rutkowska
c8ef500588
Pause/Unpause all running VMs on system suspend/resume
...
This is to fix the VM lockup problem on HT processors that
occured after S3 resume (see ticket #52 ).
The qvm-run command now takes additional two switches:
--pause
--unpause
2010-07-08 12:41:29 +02:00
Joanna Rutkowska
c2826ec0c4
Make qubes-testing repos disabled by default
2010-07-06 16:35:10 +02:00
Joanna Rutkowska
115df6f1af
Dom0: sync wallclocks in all vms upon resume from S3 sleep
...
This is really a workaround, until Xen implements proper suspend/resume
mechanism for notfying DomUs about system-wide S3 sleep.
See this thread for more details:
http://lists.xensource.com/archives/html/xen-devel/2010-07/msg00037.html
2010-07-06 16:32:50 +02:00
Joanna Rutkowska
6ac6fe397a
qubes.py: Always reset/create swap COW on VM start
2010-06-29 17:04:24 +02:00
Joanna Rutkowska
e6c831cb79
Merge branch 'migration-tools'
2010-06-29 02:24:12 +02:00
Joanna Rutkowska
92d00bb19f
qvm-backup-restore: cosmetic fixes
2010-06-29 02:20:27 +02:00
Joanna Rutkowska
b0ed1e12d2
qvm-backup-restore: fix template restore process
2010-06-29 02:19:40 +02:00
Joanna Rutkowska
74e820a4e5
In dry_run also use /var/lib/qubes/ for base dir
2010-06-26 15:02:58 +02:00
Joanna Rutkowska
16f3b20a31
qubes.py: Correct retcode checking logic on clone_template()
2010-06-26 15:02:18 +02:00
Joanna Rutkowska
1b1d0b9f93
Added qvm-backup and qvm-backup-restore tools
2010-06-26 15:00:19 +02:00
Joanna Rutkowska
0fa26d84ea
Merge branch 'block_dhcp_from_vms' of git://qubes-os.org/rafal/core
2010-06-25 18:23:14 +02:00
Rafal Wojtczuk
42ce721063
In dom0, block dhcp replies from vms.
...
Relevant only if using dom0 as netvm. It is already done in "real" netvm.
2010-06-25 12:05:39 -04:00
Joanna Rutkowska
a760741ecc
dom0: qubes_netvm: fix stop() function
2010-06-18 23:11:39 +02:00
Joanna Rutkowska
2b135f2aef
dom0: unbind_all_network_devices: try also pciback module, before giving up
2010-06-18 20:09:49 +02:00
Joanna Rutkowska
6322447d1f
patch_appvm_initramfs: move qubes_core_setup.sh to pre-udev
2010-06-18 01:46:43 +02:00
Joanna Rutkowska
775e01a8e4
Make dom0, appvm, netvm use different qubes.repo
2010-06-18 01:41:10 +02:00
Joanna Rutkowska
bcae9f9e36
added .gitignore for *.pyo files in qvm-core
2010-06-14 23:53:54 +02:00
Joanna Rutkowska
c95fd449b7
Do not start NetworkManager from dom0 qubes_netvm script
...
Mark it for auto-start instead by the system scripts
2010-06-11 18:34:59 +02:00
Joanna Rutkowska
8724c65b35
qvm-tools: pass -l <label_index> to qubes_guid
2010-06-03 23:04:47 +02:00
Joanna Rutkowska
297d1d65d0
qubes.py: use label indexes starting from 1, not from 0
...
This is to unify with the convention used by Window Manager, where index == 0 is reserved for Dom0
2010-06-03 23:04:06 +02:00
Rafal Wojtczuk
4e6e4115e2
dom0 as netvm fixes
...
Use /etc/sysconfig/iptables
Replace dnsmasq with DNAT
2010-05-31 15:23:51 +02:00
Rafal Wojtczuk
8da2dd6957
Get rid of dnsmasq in netvm.
...
qubes_setup_dnat_to_ns script sets up DNAT rules for DNS traffic; it is
triggered by dhclient or NetworkManager, and manually (in case there is
a static resolv.conf).
Put IP-dependent rules in qubes-core, after local ip is known. It could be
further improved by introducing custom chains, to enable iptables save.
Restrict FORWARD.
2010-05-30 15:45:35 +02:00
Joanna Rutkowska
7d4be47df0
qubes.py: fixed an ident bug causing an icon for appvm to be created only if verbose was True
2010-05-11 16:00:50 +02:00
Joanna Rutkowska
301fbec19c
qubes.py: added qubes_guid_path global variable
2010-05-11 14:48:54 +02:00
Joanna Rutkowska
da41cd2a4a
QubesVmLabels(): introduce 'index' field, useful for sorting
2010-05-10 15:03:50 +02:00
Joanna Rutkowska
cd20eeb8a4
Reload Xend session params when we got an XenAPI.Failure exception
...
Because we're caching e.g. uuid and metrics objects for the Xend session, we can get an exception
when the VM changed the power state between since we cached the object. We now catch this exception
and reload uuid and metrics object in the handler.
2010-05-10 15:03:50 +02:00
Joanna Rutkowska
67bf660255
unbind_all_network_devices: fix regexp to cover all pci devices
...
http://www.qubes-os.org/trac/ticket/19
2010-05-07 16:06:38 +02:00
Joanna Rutkowska
df82fa8282
Optimize Xend acesseses
...
Open Xend session only once, cache various intermediary Xen API
objects for faster access. This all is important for Qubes Manager, so that it
doesn'tintroduce too much load on Dom0's CPU when displaying the load chart.
2010-05-07 16:06:38 +02:00
Joanna Rutkowska
c8f220b1fc
Added qubes.png icon
2010-05-07 16:06:38 +02:00
Joanna Rutkowska
d7011a6ddb
Fix the purple frame's color :)
2010-05-07 16:06:16 +02:00
Rafal Wojtczuk
e9586a8128
qubes.py: correctly calculate Xen free memory
2010-04-10 13:56:43 +02:00
Joanna Rutkowska
a17989470a
Initial public commit.
...
(c) 2010 Invisible Things Lab
Authors:
=========
Joanna Rutkowska <joanna@invisiblethingslab.com>
Rafal Wojtczuk <rafal@invisiblethingslab.com>
2010-04-05 20:58:57 +02:00