Rafal Wojtczuk
2600134e3b
qrexec: tiny corrections to rpc autostart code
2011-07-07 10:38:15 +02:00
Rafal Wojtczuk
77f21e08a4
qrexec: corrected stupid typo
2011-07-07 10:06:45 +02:00
Rafal Wojtczuk
65fe9e1b93
qrexec: manually autostart target rpc domain
...
option 2) from the previous commit comment
2011-07-07 10:05:41 +02:00
Rafal Wojtczuk
11c1cb0aa2
qrexec: temporarily disable auto executing domains upon rpc request
...
There are two problems with qvm-run -a:
1) even with -q flag, it spits to stdout (actually, "xl create" does it), and
this garbage is received by rpc client
2) even with -q flag, it steals input (actually, "qrexec ... wait for session")
These two can be manually fixed (by passing /dev/null appropriately); hovewer,
this is prone to disaster if qvm-run is enhanced/broken later.
We could do
if is_domain_running() ; then
run qrexec client
else
qvm-run -a domain true </dev/null >/dev/null
run qrexec client
fi
which looks safer; but is_domain_running() is a bit expensive even in "running"
case - we need to xl_context.list_domains anyway.
Gotta decide on one of these.
2011-07-07 09:13:51 +02:00
Rafal Wojtczuk
c80ee3b231
qrexec: allow for more options in the policy files
2011-07-06 18:34:00 +02:00
Rafal Wojtczuk
7b39b15f6d
qrexec: enforce strict character set in TRIGGER_EXEC message
2011-07-06 17:07:40 +02:00
Rafal Wojtczuk
ab6aeb0bca
qrexec: in qrexec_client_vm, need to preserve absolute exe name before execv
2011-07-06 16:51:56 +02:00
Rafal Wojtczuk
b3ce35b5e2
qrexec: change qrexec_client_vm syntax to be nicer to read
...
Now the local_program is just before arguments, which is nicer.
2011-07-06 14:21:35 +02:00
Rafal Wojtczuk
7d79a15c4b
qrexec: support for rpc with dom0 as target
2011-07-06 13:56:57 +02:00
Rafal Wojtczuk
2fdf9761c7
qrexec: adjust DispVM code to the new qrexec API
...
Note, we have qvm-open-in-vm totally for free.
2011-07-06 12:32:20 +02:00
Rafal Wojtczuk
b7e8c2708c
qrexec: adjust intervm file copy code to the new qrexec API
2011-07-06 10:17:58 +02:00
Rafal Wojtczuk
5b78e8f983
qrexec: dup old stdin/out fds, pass the dup-ed fds in SAVED_FD_%d env var
2011-07-05 20:01:28 +02:00
Rafal Wojtczuk
ecf200dca3
qrexec: last two missing pieces of the new rpc infrastructure
2011-07-05 18:35:03 +02:00
Rafal Wojtczuk
1e355f11d2
qrexec: in agent, use nonzero "fake" pid for existing process
...
Because 0 means invalid entry.
Also make sure that the rest of code handles -1 pid fine.
2011-07-05 13:04:34 +02:00
Rafal Wojtczuk
2c23891856
Revert "qrexec: in agent, use nonzero "fake" pid for existing process"
...
This reverts commit 9e77e8831e
.
2011-07-05 12:58:27 +02:00
Rafal Wojtczuk
9e77e8831e
qrexec: in agent, use nonzero "fake" pid for existing process
...
Because 0 means invalid entry.
2011-07-05 12:49:06 +02:00
Rafal Wojtczuk
9ac98a77b9
qrexec: in agent, handle CONNECT_EXISTING the way convenient for client
2011-07-05 12:46:33 +02:00
Rafal Wojtczuk
703cedc708
qrexec: fixed qrexec_client getopt handling
2011-07-05 11:04:44 +02:00
Rafal Wojtczuk
9c7eb81a23
qrexec: add qrexec_client_vm.c
2011-07-05 11:03:31 +02:00
Rafal Wojtczuk
b4f28152b8
qrexec: CONNECT_EXISTING command handling in daemon and client
2011-07-04 20:55:25 +02:00
Rafal Wojtczuk
c05b26763a
qrexec: new communication scheme, agent<->server part
...
1) Instead of a set of predefined commands, we send MSG_AGENT_TO_SERVER_TRIGGER_CONNECT_EXISTING msg with a parameter (e.g. "org.qubes-os.vm.Filecopy")
defining required action
2) qrexec_daemon just forks qrexec_policy, that will take care of actually
allowing and executing required action
3) after MSG_AGENT_TO_SERVER_TRIGGER_CONNECT_EXISTING, qrexec_agent does not
execute a command - it justs uses already established file descriptors to
send data to/from. Thus, there is no need to use ~/.xxxxxspool - a command line
tool can have direct access to remote fds.
2011-07-04 18:56:56 +02:00
Rafal Wojtczuk
732a90443e
qrexec: move daemon-specific code out of unix_server.c
...
So that agent can use code in unix_server.c
2011-07-04 17:06:29 +02:00
Marek Marczykowski
83d211836a
dom0+vm: Trigger appmenus sync after yum transaction ( #45 ), NEW QREXEC COMMAND
...
After yum transaction (install/upgrade/remove),
yum-plugin-post-transaction-actions will execute script which trigger
qvm-sync-appmenus in dom0 (through qrexec).
THIS INTRODUCE NEW PREDEFINED COMMAND IN QREXEC
2011-06-12 01:46:24 +02:00
Marek Marczykowski
986f4a888c
Merge branch 'r1-beta1-fixes'
...
Conflicts:
dom0/qvm-core/qubes.py
version_dom0
version_vm
2011-05-24 00:20:39 +02:00
Rafal Wojtczuk
e7d2eefecd
qrexec: fix stdout flush on process exit
...
In case a child of qrexec_daemon has exited and there is still data in its
stdout pipe, we need to flush it to the peer. Previously, the case when the
peer is blocked was not handled; it is now. The bug impact was premature EOF.
2011-05-23 15:35:40 +02:00
Rafal Wojtczuk
c677f1cc4e
qrexec and qfile-*: compile with -pie
...
For full ASLR.
2011-05-10 12:19:28 +02:00
Marek Marczykowski
ef517e5e66
Merge branch 'sane-and-pretty' of ssh://git.qubes-os.org/var/lib/qubes/git/rafal/core
2011-05-09 13:57:21 +02:00
Rafal Wojtczuk
8733c0ef77
qrexec_daemon: fixed typo in msg name
2011-05-09 13:31:38 +02:00
Marek Marczykowski
3d92e50792
Merge branch 'sane-and-pretty' of ssh://git.qubes-os.org/var/lib/qubes/git/rafal/core
2011-05-09 12:25:14 +02:00
Rafal Wojtczuk
d84289f983
qrexec - indentation
2011-05-04 13:00:39 +02:00
Rafal Wojtczuk
b4fb7a4b5d
qrexec: added two I/O error checks, even though it is redundant in these cases
2011-05-04 12:56:52 +02:00
Rafal Wojtczuk
d68183da0c
qrexec: added comments, made identifiers more verbose
2011-05-04 12:52:54 +02:00
Rafal Wojtczuk
675d4ce25b
qrexec_daemon: add explicite sanitize routine
...
It sanitizes messages from agent, the only untrusted input. No new
checks have been added, just moved the code.
2011-05-04 10:53:43 +02:00
Marek Marczykowski
3f310e5f3e
Adopt vchan to xen-libs-4.1.0 API.
...
Add #ifdefs to support new and old API
2011-04-19 01:21:48 +02:00
Rafal Wojtczuk
b7698de251
qrexec_daemon: print dots when waiting for agent
2011-03-31 11:23:44 +02:00
Rafal Wojtczuk
1fc8f242c5
Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core into spring-merge
2011-03-28 17:27:50 +02:00
Rafal Wojtczuk
5c10812e36
qrexec_agent: When running as root, make the socket accessible
...
... world-rw. Perms on /var/run/qubes still limit access to group qubes.
2011-03-25 13:47:01 +01:00
Marek Marczykowski
14e50e983d
gitignores
2011-03-23 19:57:48 -04:00
Rafal Wojtczuk
01b75b5987
Enable build on non-appvm.
2011-03-23 17:47:35 +01:00
Rafal Wojtczuk
7f6a06c354
qrexec: in write_stdin, remove dependency on write size
...
Previous code could barf when write was partial; probably can happen
only if we increase vchan buffer size, but it is better isolated now.
2011-03-18 11:16:05 +01:00
Rafal Wojtczuk
1d24ef9d1a
qrexec: when forgetting about a client/process, flush buffered data
...
We need to spawn a child to take care of buffered data flushing, if there
is any. Expensive, but should be needed rarely.
2011-03-17 18:15:04 +01:00
Rafal Wojtczuk
53b517f6a5
qrexec: move set_nonblock function to write_stdin
...
It will be needed there.
2011-03-17 17:53:33 +01:00
Rafal Wojtczuk
fb71bf968c
qrexec_agent: when receiving close from daemon, check buffered data
...
We need to wait for buffer flush, so that buffered data is not lost,
and only then close pipe to the child.
2011-03-17 17:37:35 +01:00
Rafal Wojtczuk
af7fefa73f
qrexec: handle buffered writes correctly
...
In case when we have a buffered write, always append to the
buffer, even if the pipe happens to be writable now. If not,
in case of certain tight race we might end up writing buffered data in
wrong order.
2011-03-17 16:53:29 +01:00
Rafal Wojtczuk
d40fb3a2e1
Fifo semantics is hard to get right.
...
Finally: we need to close the command pipe at EOF.
2011-03-16 16:11:05 +01:00
Rafal Wojtczuk
15bab70eae
Handle pipe io in qrexec_agent properly
...
Don't reopen pipe after each read - no need, and it could lose events.
2011-03-16 15:18:37 +01:00
Rafal Wojtczuk
769eedd33a
Make qrexec_client wait for its local child before exiting
...
If we do not wait and exit imemdiately, qrexec_daemon will decrease
the children count and continue spawning processes, while e.g.
qfile-daemon still waits for kdialog - so dom0 will be DoSed by
multiple processes.
2011-03-16 14:52:35 +01:00
Rafal Wojtczuk
27cfd6111a
qrexec_daemon limits the number of its children
...
So that evil VM cannot just send flood of exec qfile-daemon requests,
and DoS dom0.
2011-03-16 14:21:45 +01:00
Rafal Wojtczuk
00f4bf1197
qrexec_client accepts non-numeric domain description.
...
Just tries to open qrexec.argv[1].
2011-03-11 16:06:00 +01:00
Rafal Wojtczuk
470ddce435
qrexec_daemon creates VMname-based link to its socket
2011-03-11 14:14:04 +01:00