Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
562 Commits 1 Branch 0 Tags 15 MiB
2387a17e6a
Commit Graph

17 Commits

Author SHA1 Message Date
Marek Marczykowski
2f5b6e6582 Run nm-applet as normal user 
Configuration for D-Bus policy and PolicyKit to allow this.
 2011-04-07 14:11:00 +02:00
Rafal Wojtczuk
dd9f1a6f7f Move execution of qrexec_agent to qubes_core 
Previously it was in both qubes_core_appvm and qubes_core_netvm;
somehow counterintuitively, qubes_core_netvm executes on appvm, too. So
move it to a common place.
 2011-03-23 11:34:01 +01:00
Rafal Wojtczuk
488eda21d9 Merge branch 'blockless' into spring-merge 
Conflicts:
	appvm/Makefile
	appvm/qubes_core
	netvm/qubes_core
	rpm_spec/core-appvm.spec
	rpm_spec/core-netvm.spec
 2011-03-21 13:54:35 +01:00
Marek Marczykowski
c7a832a279 NetVM, AppVM, ProxyVM from single template - VM side 
Modify VM packages to:
- do not conflicts
- starts services if its VM type need it

Added core-proxyvm (firewall) and core-commonvm (common parts) packages.
 2011-03-11 01:38:04 +01:00
Tomasz Sterna
a71b846ee2 Added FirewallVM related VM scripts 2011-03-09 20:50:13 +01:00
Rafal Wojtczuk
d6f327492d Start qrexec daemon and agent 2011-03-04 17:19:51 +01:00
Rafal Wojtczuk
31e7e96056 Switch to routed VM network (instead of bridging) 
No headache from layer 2 attacks.
 2010-09-06 17:07:42 +02:00
Rafal Wojtczuk
64e8013dc2 Unify dom0 and netvm sysconfig/iptables 
Plus:
- dedicated chain for DNAT to nameservers
- prevent intervm networking. Can be conveniently overriden in necessary cases
by inserting ACCEPT clauses (per VM, probably) at the top of FORWARD
 2010-09-06 15:10:01 +02:00
Rafal Wojtczuk
a5f11913be xenlinux netvm requires modprobe netbk 2010-07-27 16:08:09 +02:00
Rafal Wojtczuk
d46bf2a270 Pathnames cleanup 
Move internal scripts to /usr/lib/qubes plus a couple of similar.
 2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
a343272481 Make br0 forward traffic delay short 2010-07-21 12:57:02 +02:00
Joanna Rutkowska
c2826ec0c4 Make qubes-testing repos disabled by default 2010-07-06 16:35:10 +02:00
Joanna Rutkowska
775e01a8e4 Make dom0, appvm, netvm use different qubes.repo 2010-06-18 01:41:10 +02:00
Rafal Wojtczuk
7c2c941678 Get rid of /sbin/iptables from qubes_core in netvm 2010-06-04 13:28:29 +02:00
Rafal Wojtczuk
38ab93e34b Moved files used in dom0 from netvm/ to common/ 2010-05-31 13:15:17 +02:00
Rafal Wojtczuk
8da2dd6957 Get rid of dnsmasq in netvm. 
qubes_setup_dnat_to_ns script sets up DNAT rules for DNS traffic; it is
triggered by dhclient or NetworkManager, and manually (in case there is
a static resolv.conf).

Put IP-dependent rules in qubes-core, after local ip is known. It could be
further improved by introducing custom chains, to enable iptables save.

Restrict FORWARD.
 2010-05-30 15:45:35 +02:00
Joanna Rutkowska
a17989470a Initial public commit. 
(c) 2010 Invisible Things Lab

Authors:
=========
Joanna Rutkowska <joanna@invisiblethingslab.com>
Rafal Wojtczuk  <rafal@invisiblethingslab.com>
 2010-04-05 20:58:57 +02:00