Commit Graph

3544 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
1199806b5a core: fix handling firewall configuration for VM clones and DispVMs (#1032)
There were two bugs:
1. Firewall configuration wasn't copied during qvm-clone (it is in
   separate file, so now it is included in vm.clone_disk_files).
2. Non-default firewall configuration wasn't stored in qubes.xml. This
   means that initially DispVM got proper configuration (inherited from
   calling VM), but if anything caused firewall reload (for example
   starting another VM), the firewall rules was cleared to default state
   (allow all).

Fixes qubesos/qubes-issues#1032
2015-07-08 04:46:14 +02:00
Marek Marczykowski-Górecki
a7e08e4584 tests: add qvm-clone test (#1032 case) 2015-07-08 04:26:11 +02:00
Marek Marczykowski-Górecki
6c167911f1 qvm-sync-clock: hide stdout in non-verbose mode 2015-07-08 01:59:49 +02:00
Marek Marczykowski-Górecki
5f9a30d335 qvm-sync-clock: use qubes.SetDateTime service instead of direct "date" call
This way it gives more control over time synchronization to the VM. For
example Whonix VMs can decide to not use this mechanism. Also VM can
choose how that time will be set (chronyc call?). And finally it will be
possible to implement the same for other OS-es (Windows).

Additionally because of calling date as "localcmd" each time, instead of
once at the beginning, time synchronization is more accurrate now. If
some VM stall the time set call, other VMs time will no longer be
affected (but still synchronization will be delayed).
2015-07-08 01:56:38 +02:00
Marek Marczykowski-Górecki
e52f0a0566 core: by default call qrexec services without GUI
Most of them do not need GUI (especially those started from dom0), so
speed the things up a little (no need to wait for guid). But if some
service will need GUI access, there is "gui" parameter.
2015-07-08 01:36:28 +02:00
Marek Marczykowski-Górecki
284419b355 core: add "localcmd" support in QubesVm.run_service function 2015-07-08 01:35:59 +02:00
Marek Marczykowski-Górecki
50a9c62d0e tests: add test for qvm-sync-clock 2015-07-08 01:21:13 +02:00
Marek Marczykowski-Górecki
455535d036 tests: reload qubes.xml after creating VMs
Unfortunately it is still needed. For example to load default netvm
setting.
2015-07-08 01:20:25 +02:00
Marek Marczykowski-Górecki
6d1f40219c tests: code style fixes, no functional change 2015-07-07 21:41:54 +02:00
Marek Marczykowski-Górecki
205a28ecc2 version 3.0.15 2015-07-01 07:05:12 +02:00
Marek Marczykowski-Górecki
6d19a9c2cc Do not hold the lock while retrieving application icons (qubes.NotifyTools)
This can take quite a long time, so do not block the whole system.
2015-07-01 07:03:52 +02:00
Marek Marczykowski-Górecki
df509cb780 Fix qubes.NotifyTools service (not import xenstore) 2015-07-01 04:47:52 +02:00
Marek Marczykowski-Górecki
4bf73a5d7f Increase default swiotlb size to 16MB (#1038)
Fixes qubesos/qubes-issues#1038
2015-07-01 04:46:46 +02:00
Marek Marczykowski-Górecki
677a79b213 hvm: change default graphics to std vga ('xen')
The resulting qemu option is -std-vga.
This apparently this is much better handled by many OSes.
2015-07-01 04:44:41 +02:00
Marek Marczykowski-Górecki
310ba9f1df block: do not treat disks of not running VMs as used
There are legitimate use cases when one want to attach disk of one VM to
some other. Do not try to detach the disk from powered down VM in such
case.
2015-07-01 04:42:44 +02:00
Marek Marczykowski-Górecki
d9c2990747 core: fix creation of private.img at VM startup
This code is used when VM is migrated from older system, where HVM
didn't have private.img.
2015-07-01 04:41:09 +02:00
Marek Marczykowski-Górecki
402d1b9a3d indentation fix 2015-07-01 04:40:48 +02:00
Marek Marczykowski-Górecki
522bfc427a core: fix template-based HVM disk handling
We use only one device-mapper layer for HVMs, and this isn't the same as
for PV - it is that one, which PV does in initramfs.
Device-mapper layers summary for template-based VMs:
PV: root.img+root-cow.img (dom0) -> xvda, xvda+volatile.img (VM)
HVM: root.img+volatile.img (dom0)
2015-07-01 04:35:09 +02:00
Marek Marczykowski-Górecki
a96d49a40a core: properly redirect qrexec output to /dev/null when necessary
/dev/null was opened in read-only mode ("rw" is invalid value), so
qrexec couldn't write there.
2015-07-01 04:33:04 +02:00
Marek Marczykowski-Górecki
8134360614 tests: fix skipping whonix in timezone test 2015-06-27 05:05:34 +02:00
Marek Marczykowski-Górecki
ad89c8f8a2 core: show clear message when a VM has non-existing PCI device assigned 2015-06-27 04:52:25 +02:00
Marek Marczykowski-Górecki
3867d1fdb3 tests: check timezone dom0->vm propagation 2015-06-27 04:47:27 +02:00
Marek Marczykowski-Górecki
ed9b4bfc54 tests: check firewall rules blocking VM IP spoofing 2015-06-27 04:46:17 +02:00
Marek Marczykowski-Górecki
8b4c9b23b3 tests: hide git check warning 2015-06-27 04:19:07 +02:00
Marek Marczykowski-Górecki
ee48954445 core: fix starting stubdom guid for HVM in debug mode
Remove artificial attribute '_start_guid_first' and use
guiagent_installed directly. This way starting guid for stubdom in debug
mode, even if guiagent_installed is set is much clearer.
2015-06-27 04:10:32 +02:00
Marek Marczykowski-Górecki
f7c86f861c Prevent GUI usage in qvm-sync-clock 2015-06-23 00:15:21 +02:00
Marek Marczykowski-Górecki
df20a67a6c Convert qubes.NotifyTools service to use qubesdb 2015-06-23 00:14:57 +02:00
Marek Marczykowski-Górecki
236dca29a8 tests/network: add support for Debian's default netcat implementation
By default Debian has different nc installed, which requires different
options.
2015-06-21 02:08:02 +02:00
Marek Marczykowski-Górecki
33f0fa17b8 tests: fix clipboard tess 2015-06-21 01:12:47 +02:00
Zrubi
2c1889acbb YML output fix
(cherry picked from commit 53260bd66ba3f0b2cc62b9488d67cdcdb6cec1e8)
2015-06-12 10:25:02 +02:00
Marek Marczykowski-Górecki
4a8cfb3c88 version 3.0.14 2015-06-02 11:19:48 +02:00
Zrubi
d43848d163 YML output fix
(cherry picked from commit 60cf12b4fdea0d119c1b8ca0c84f77bd4877f843)
2015-06-02 11:18:18 +02:00
Marek Marczykowski-Górecki
9cbf9a8a59 Add support for 'pci_strictreset' option
This allows to assign PCI device to the VM, even if it doesn't support
proper reset. The default behaviour (when the value is True) is to not
allow such attachment (VM will not start if such device is assigned).

Require libvirt patch for this option.
2015-05-28 00:11:17 +02:00
Marek Marczykowski-Górecki
c9a670cbd1 linux/block-snapshot: fix handling root.img being already block device 2015-05-27 23:52:57 +02:00
Marek Marczykowski-Górecki
acbdb3a261 qvm-tools: do not show scary message on --force-root
When this option is used, the user probably already got that message.
Also some internal scripts are using this (for example template
pre-uninstall script).

Conflicts:
	qvm-tools/qvm-remove
2015-05-23 04:43:51 +02:00
Marek Marczykowski-Górecki
449554f404 version 3.0.13 2015-05-15 03:29:20 +02:00
Marek Marczykowski-Górecki
23ae0ed990 dispvm: clean the VM in case of failed savefile creation
Otherwise further tries to regenerate savefile would fail.
2015-05-15 03:22:06 +02:00
Marek Marczykowski-Górecki
8aaef404de qvm-prefs: add an option to get a single VM property
Could be useful for scripts
2015-05-15 03:22:06 +02:00
Marek Marczykowski-Górecki
dadcfc334d dispvm: set 'memory' to the size reported on savefile generation
That parameter will be used later to request memory from qmemman just
before loading savefile to memory, so it should match the real need.

Do not allow values smaller than 400, to prevent storing some erroneous
values.

Fixes qubesos/qubes-issues#973
2015-05-15 03:22:06 +02:00
Marek Marczykowski-Górecki
2856b6a836 Wait for udev to create loopXpY device when preparing volatile.img 2015-05-13 04:12:42 +02:00
Marek Marczykowski-Górecki
d5b67a67a2 Fix "dispvm: sanitize used memory info received from VM"
There should be no -q option - we actually want the result.

Fixes qubesos/qubes-issues#994
2015-05-13 04:12:20 +02:00
Marek Marczykowski-Górecki
b159f544d3 version 3.0.12 2015-05-11 02:34:11 +02:00
Marek Marczykowski-Górecki
b1f4e6d15c backup: fix missing 'unused' variables
Actually the 'vm' variable is used - in eval'ed statement.
2015-05-11 02:31:56 +02:00
Zrubi
770cf5cce0 Wiki -> YML output format change + basic TPM detection
(cherry picked from commit 28097bfdf1e3220a9de295cb7621d611d4f0620b)
2015-05-10 03:29:20 +02:00
Marek Marczykowski-Górecki
47a6bf4f7a version 3.0.11 2015-05-04 02:42:27 +02:00
Marek Marczykowski-Górecki
602155374a dispvm: restore DispVM naming independent of Qubes VM ID (#983)
Using QID for DispVM ID was a bad idea in terms of anonymity:
1. It gives some clue about VMs count in the system. In case of large
numbers, this can be quite unique.
2. If new DispVM is started just after closing previous one, it will get
the same ID, and in consequence the same IP. In case of using TorVM,
this leads to use the same circuit as just closed DispVM.

Fixes qubesos/qubes-issues#983
2015-05-04 00:41:33 +02:00
Marek Marczykowski-Górecki
ef1494eb54 gitignore 2015-05-04 00:35:57 +02:00
Marek Marczykowski-Górecki
77da23fba2 dispvm: fix netvm presence reporting
If desired netvm presence is different than during savefile creation(*),
defer setting the netvm until new DispVM is running - otherwise kernel
there will not notice the change and will either have (not working)
'eth0' when it shouldn't, or will not have it while it should.

Additionally set dispvm.uses_default_netvm = False, so GUI tools will
display actual netvm value.

(*) Actually compare to netvm set for dispvm template (`TEMPLATE-dvm`
VM), which can be different if user just changed that but not
regenerated dispvm savefile yet.

Fixes qubesos/qubes-issues#985
Related to qubesos/qubes-issues#862
2015-05-03 20:40:37 +02:00
Marek Marczykowski-Górecki
b985bf3b65 core: fix removing VMs not registered in libvirt
It can happen that VM will not be registered in libvirt (for example
when it was never started). It shouldn't be a problem when we want to
remove it.
2015-05-03 20:26:07 +02:00
Marek Marczykowski-Górecki
ed03fb4313 dispvm: remove unused imports, mark methods as static where appropriate 2015-05-03 20:25:39 +02:00