Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,560 Commits 1 Branch 0 Tags 20 MiB
22207ddf75
Commit Graph

258 Commits

Author SHA1 Message Date
Rafal Wojtczuk
b3511c678a Use "conflict" instead of "requires gui" in rpm spec. 2010-11-18 14:33:18 +01:00
Joanna Rutkowska
1e7c66337c Require gui-dom0 >= 1.1.13 that knows it doesn't own /var/{log,run}/qubes dirs 2010-10-06 14:16:27 +02:00
Rafal Wojtczuk
28880cae52 Merged triggers. 2010-10-06 13:08:17 +02:00
Rafal Wojtczuk
1f5300da85 Move /var/log/qubes and /var/run/qubes to qubes-core rpm from qubes-gui 
Because /var/log/qubes is used in qubes-core %post. While at it, do the same with
/var/run/qubes.
 2010-10-06 11:00:52 +02:00
Rafal Wojtczuk
7c1babe8aa Do not error when qvm-get-default-netvm returns empty string. 
It happens when installing qubes-core-dom0 for the first time.
 2010-10-06 10:55:32 +02:00
Joanna Rutkowska
28e1f962e5 core dom0 rpm: restart qubes_netvm only when using netvm in Dom0 
If we use a separate netvm, then core update in Dom0 doesn't really change the networking,
worse, if we restarted netvm it would get another XID, which would break our DispVM savefile.

One day we should fix it!
 2010-10-04 17:51:01 +02:00
Joanna Rutkowska
bbe085711d Restart qubes_core after Xen update 
This is needed to re-set qubes permissions on some Xen sockets
 2010-10-04 15:25:58 +02:00
Joanna Rutkowska
e1c0aa6eef dom0 rpm: start/stop qubes services for install/update 2010-10-04 14:21:14 +02:00
Rafal Wojtczuk
28fbb48845 Attach/detach pci devices from netvm upon resume/suspend 2010-09-30 18:22:26 +02:00
Rafal Wojtczuk
acac39ec41 rpmbuild wants pyo files in %files 2010-09-27 17:41:03 +02:00
Rafal Wojtczuk
90e3f4ffd8 Add reset_vm_configs.py script 2010-09-27 16:58:02 +02:00
Joanna Rutkowska
67537316cb core-dom0.rpm: Always do %post, not only when installing for the 1st time 2010-09-23 12:42:43 +02:00
Rafal Wojtczuk
0217dba40e Completed dvm->setupdvm name transition 2010-09-22 10:24:57 +02:00
Rafal Wojtczuk
e13e5027c3 qubes_dvm init.d script 
We want to set up a default dvm if needed at boot time; for this,
the default netvm must have been already started. Therefore, we
need a qubes_dvm script, that executes after qubes_netvm.
 2010-09-21 21:46:11 +02:00
Joanna Rutkowska
71baae50cb Merge branch 'ticket4' of git://qubes-os.org/rafal/core 2010-09-17 17:30:36 +02:00
Rafal Wojtczuk
e1de26f79a Require NetworkManager >= 0.8.1-1 
Unfortunately, config files layout changes with NM version; therefore
require >= 0.8.1-1.
This should also prevent NM from messing with VIF interfaces on suspend/resume.
 2010-09-17 15:16:01 +02:00
Joanna Rutkowska
ec988f9385 core-appvm.spec: create 'user' user in %pre instead of in %post 
... otherwsie rpm -i throws an error when trying to set permissions for
/home_volatile/user, as the user 'user' doesn't exist when the %files section
is being processed during rpm install (if this is a first install of the rpm).
 2010-09-15 15:33:09 +02:00
Joanna Rutkowska
9b8c018bc2 Merge branch 'qmemman' of git://qubes-os.org/rafal/core 2010-09-13 15:05:13 +02:00
Rafal Wojtczuk
1239643c73 Tell Network Manager to keep hands off vif interfaces 
...somehow indirectly, by specifying the mac; unfortunately I do not
see any other way.
 2010-09-07 13:18:08 +02:00
Rafal Wojtczuk
31e7e96056 Switch to routed VM network (instead of bridging) 
No headache from layer 2 attacks.
 2010-09-06 17:07:42 +02:00
Rafal Wojtczuk
64e8013dc2 Unify dom0 and netvm sysconfig/iptables 
Plus:
- dedicated chain for DNAT to nameservers
- prevent intervm networking. Can be conveniently overriden in necessary cases
by inserting ACCEPT clauses (per VM, probably) at the top of FORWARD
 2010-09-06 15:10:01 +02:00
Rafal Wojtczuk
1c337db989 qmemman: make meminfo-writer a C program 2010-09-03 16:23:09 +02:00
Rafal Wojtczuk
62487c0f1e Memory management across VMs, first release 2010-08-30 11:40:19 +02:00
Rafal Wojtczuk
4cf0a61858 Before restoring DVM, check for available xen memory 
As we already do xm mem-set 0 800 in qubes_core, this is a
correct check. Now, there should be no errors from qubes_restore
in normal circumstances.
 2010-07-27 16:08:09 +02:00
Rafal Wojtczuk
aa894b5700 qvm-create-default-dvm script 2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
d46bf2a270 Pathnames cleanup 
Move internal scripts to /usr/lib/qubes plus a couple of similar.
 2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
11b8a0409f DVM: execute user script before save 
qubes_prepare_saved_domain.sh now takes optional second argument, the
filename. The content of the file will be copied (via xenstore) to DVM
and executed just before save. This makes it possible to preload memory
with useful apps.
 2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
0c0f34ba9b DVM: manage savefiles 
Instead of hardcoded savefile name, use a symlink in
/var/run/qubes. Tools should set this symlink to a correct
savefile. Also, test whether the savefile is older than the
template root.img.
 2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
a9047d63be add qvm-dvm.desktop to rpm files section 2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
0462be5043 qvm-dvm.desktop entry 2010-07-21 12:57:01 +02:00
Rafal Wojtczuk
897a5ab05e core-appvm requires mimeopen now 2010-07-21 12:57:01 +02:00
Rafal Wojtczuk
0dbef3f2ae dvm: appvm side code 2010-07-21 12:56:43 +02:00
Rafal Wojtczuk
793b7b2596 Quick VM restore support 2010-07-21 12:56:21 +02:00
Joanna Rutkowska
c8ef500588 Pause/Unpause all running VMs on system suspend/resume 
This is to fix the VM lockup problem on HT processors that
occured after S3 resume (see ticket #52).

The qvm-run command now takes additional two switches:
--pause
--unpause
 2010-07-08 12:41:29 +02:00
Joanna Rutkowska
7bb022878c Dom0: rm qubes-r1-dom0.repo created by user during installation 
We want the user to use the qubes.repo that is installed by qubes-core-dom0
 2010-07-06 16:50:31 +02:00
Joanna Rutkowska
115df6f1af Dom0: sync wallclocks in all vms upon resume from S3 sleep 
This is really a workaround, until Xen implements proper suspend/resume
mechanism for notfying DomUs about system-wide S3 sleep.

See this thread for more details:

http://lists.xensource.com/archives/html/xen-devel/2010-07/msg00037.html
 2010-07-06 16:32:50 +02:00
Joanna Rutkowska
4cd46be139 netvm spec: do not create user in %post 
We don't need user account in netvm, do we?
 2010-06-18 01:54:38 +02:00
Joanna Rutkowska
df70691aa0 appvm spec: do not attempt to remove HWADDR from ifcfg-eth0 
Again, this is important when installing on an image created using yum --instalroot, in which
case there will be no ifcfg file. Besides, seems like we don't need it anymore, do we?
 2010-06-18 01:53:48 +02:00
Joanna Rutkowska
af7bbccf9c appvm: create /home/user in core-appvm %post 
This is needed when the template image is created using yum --installroot, rather
than regular installation process.
 2010-06-18 01:52:01 +02:00
Joanna Rutkowska
247feaa34d appvm, netvm spec: be quite in %post 2010-06-18 01:50:43 +02:00
Joanna Rutkowska
6ba81ffaa9 Require F13 in VM 2010-06-18 01:48:56 +02:00
Joanna Rutkowska
9cf30ed189 appvm,netvm spec: Fix [ -e fstab ] conditional in %pre 2010-06-18 01:48:18 +02:00
Joanna Rutkowska
4fdcedbb40 Fix serial console on VM to work on F13 (REQUIRES F13) 2010-06-18 01:45:27 +02:00
Joanna Rutkowska
775e01a8e4 Make dom0, appvm, netvm use different qubes.repo 2010-06-18 01:41:10 +02:00
Joanna Rutkowska
50d7994596 Remove dom0-cleanup.spec 2010-06-15 12:21:24 +02:00
Joanna Rutkowska
096b1b9499 core-dom0.spec: disable unnecessary services in %post 
This is only until we will have a proper installer
 2010-06-15 12:20:53 +02:00
Joanna Rutkowska
ee7756b960 rpm specs: %post cleanup 
Moved some stuff from the begging of %post sections after the
'if installing-for-the-first-time' check.
 2010-06-15 00:02:48 +02:00
Joanna Rutkowska
c95fd449b7 Do not start NetworkManager from dom0 qubes_netvm script 
Mark it for auto-start instead by the system scripts
 2010-06-11 18:34:59 +02:00
Rafal Wojtczuk
4e6e4115e2 dom0 as netvm fixes 
Use /etc/sysconfig/iptables
Replace dnsmasq with DNAT
 2010-05-31 15:23:51 +02:00
Rafal Wojtczuk
2f51c6f673 Install qubes_{setup_dnat_to_ns,nmhook} from common/ 2010-05-31 13:17:04 +02:00
Joanna Rutkowska
34653a06b2 Enable rsyslogd in Dom0 2010-05-31 11:54:33 +02:00
Rafal Wojtczuk
d0d82a5090 Lock out root and user passwords; provide passwordless login on the serial console 2010-05-30 15:45:40 +02:00
Rafal Wojtczuk
c75c185179 Add qubes.repo to all qubes-core-* rpms. 2010-05-30 15:45:40 +02:00
Rafal Wojtczuk
93e989bb61 Turn on IP forwarding in sysctl.conf 2010-05-30 15:45:40 +02:00
Rafal Wojtczuk
8da2dd6957 Get rid of dnsmasq in netvm. 
qubes_setup_dnat_to_ns script sets up DNAT rules for DNS traffic; it is
triggered by dhclient or NetworkManager, and manually (in case there is
a static resolv.conf).

Put IP-dependent rules in qubes-core, after local ip is known. It could be
further improved by introducing custom chains, to enable iptables save.

Restrict FORWARD.
 2010-05-30 15:45:35 +02:00
Rafal Wojtczuk
c287a21723 Allow user in VM to mount /dev/xvdi; so that we can do 
...block-attach... something vfat-formatted...xvdi
in dom0.
 2010-05-13 15:23:31 +02:00
Rafal Wojtczuk
5e02d3ebb0 Precompilation of qubes.py 
On some systems rpmbuild will not automatically precompile qubes.py, resulting
in the core-dom0 rpm bukd failure.
 2010-04-10 13:52:19 +02:00
Joanna Rutkowska
a17989470a Initial public commit. 
(c) 2010 Invisible Things Lab

Authors:
=========
Joanna Rutkowska <joanna@invisiblethingslab.com>
Rafal Wojtczuk  <rafal@invisiblethingslab.com>
 2010-04-05 20:58:57 +02:00