Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
2,046 Commits 1 Branch 0 Tags 15 MiB
331c27d344
Commit Graph

334 Commits

Author SHA1 Message Date
Marek Marczykowski
e35b413c19 dom0/spec: add R: python-lxml for pretty print 2012-10-19 02:21:41 +02:00
Marek Marczykowski
d03bab3db2 Merge branch 'master-for-hvm' into hvm 
Conflicts:
	dom0/qvm-core/qubes.py
	dom0/qvm-tools/qvm-sync-clock
 2012-10-04 05:45:41 +02:00
Marek Marczykowski
490a5e9e1a vm/spec: fix adding yum-proxy configuration 
Do not add entry if already present.
 2012-10-04 05:44:20 +02:00
Bruce A Downs
d19a3cce99 vm: Added 'most recently used' feature to 'copy to vm' dialog 
* replaced zenity to qvm-mru-entry in qubes_rpc/qvm-copy-to-vm.gnome
* added python script qubes_rpc/qvm-mru-entry
* added /usr/bin/qvm-mru-entry to rpm_spec/core-vm.spec
 2012-10-04 05:44:19 +02:00
Bruce A Downs
dba7d94fba vm/spec: mod to core-vm.spec to add test for files 
core rpm was failing during uninstall attempting to move non-existent files
* /var/lib/qubes/fstab.orig
* /var/lib/qubes/serial.orig
 2012-10-04 05:44:19 +02:00
Marek Marczykowski
303d4ab042 dom0/iptables: block IPv6 traffic 
Dom0 is network isolated anyway, but apply also firewall in case of use
qubes-dom0-network-via-netvm.
 2012-10-04 05:44:19 +02:00
Marek Marczykowski
9c3f8417d4 vm/iptables: block IPv6 traffic 
This isn't properly handled by Qubes VMs yet, so block it in all the VMs.
Also restrict access to firewall config.
 2012-10-04 05:44:19 +02:00
Marek Marczykowski
9519d843d8 dom0/spec: mark qrexec policy as config files 
Prevent override on upgrade, when user makes some own changes (especially
"always allow" feature).
 2012-10-04 05:44:18 +02:00
Marek Marczykowski
6419fea4ce vm/spec: fix adding yum-proxy configuration 
Do not add entry if already present.
 2012-10-04 05:29:10 +02:00
Marek Marczykowski
4e2f47d95c dom0/spec: mark qrexec policy as config files 
Prevent override on upgrade, when user makes some own changes (especially
"always allow" feature).
 2012-08-27 00:53:58 +02:00
Marek Marczykowski
c0455ac641 Merge branch 'master' into hvm 
Conflicts:
	dom0/qvm-tools/qvm-create
	version_dom0
 2012-08-23 11:11:59 +02:00
Marek Marczykowski
a98020eca7 dom0+vm/qfile-copy: use setuid instead of policy setting to allow chroot 
This will allow to not hardcode "root" username in policy, which can be useful
for non-Linux systems.
 2012-08-18 21:17:07 +02:00
Marek Marczykowski
9b3a77bc1d dom0: move RPC services to separate directory (#654) 
This makes more clear which code have contact with untrusted data from VM.
 2012-08-16 16:56:16 +02:00
Marek Marczykowski
a67bf1f1c0 Merge branch 'master' into hvm 2012-08-06 15:00:02 +02:00
Marek Marczykowski
fa17c541af dom0: cleanup dead DispVMs at system startup (#648) 2012-08-04 00:57:34 +02:00
Marek Marczykowski
e6c8bf81fd Merge branch 'master' into hvm 
Conflicts:
	version_dom0
 2012-08-01 00:55:05 +02:00
Marek Marczykowski
b7d2667b1d vm/kernel-placeholder: simplify upgrade 2012-07-30 23:16:05 +02:00
Marek Marczykowski
d1b827e1bd Merge branch 'master' into hvm 
Conflicts:
	dom0/init.d/qubes_core
	rpm_spec/core-dom0.spec
	version_dom0
 2012-07-25 02:52:00 +02:00
Marek Marczykowski
b691f57bbf vm: kernel-placeholder package to inhibit real kernel pkg in VM (#645) 
Some packages depends on kernel (ex fuse, pulseaudio), but kernel in VM is
managed by dom0. Any hack like exlude or so on will break some things, so
install empty placeholder package to fulfill dependencies.
 2012-07-23 23:17:50 +02:00
Marek Marczykowski
f98bf1d570 dom0: fix dirs permissions after xen upgrade 2012-07-20 13:08:18 +02:00
Marek Marczykowski
38e8b85b06 dom0: fix dirs permissions after xen upgrade 2012-07-18 12:46:36 +02:00
Marek Marczykowski
0f6f445ece Revert "vm/spec: disable pam_systemd globally (#607)" (#626) 
This reverts commit 8ec4b6963b71b95bc0cda6dd80d99bf60aa9caec.
This caused regression (#626).

Conflicts:

	rpm_spec/core-vm.spec
 2012-07-16 13:36:08 +02:00
Marek Marczykowski
eeabd3b371 Revert "vm/spec: disable pam_systemd globally (#607)" (#626) 
This reverts commit 8ec4b6963b71b95bc0cda6dd80d99bf60aa9caec.
This caused regression (#626).

Conflicts:

	rpm_spec/core-vm.spec
 2012-07-16 12:49:41 +02:00
Marek Marczykowski
d9291ab2b4 dom0/appmenus: Rename dir entry for ServiceVMs (#627) 2012-07-15 02:41:23 +02:00
Marek Marczykowski
06ba3f6e49 vm: implement qubes.GetAppmenus to reduce code duplication 
As one-liner services are now real one-line, just do it.
 2012-07-15 02:41:23 +02:00
Marek Marczykowski
20f6c6c6dc vm: simplify qubes.VMShell service 
Now additional wrapper not required to skip cmdline argument
 2012-07-15 02:41:23 +02:00
Marek Marczykowski
b6b50b6fea dom0/appmenus: Rename dir entry for ServiceVMs (#627) 2012-07-15 02:26:17 +02:00
Marek Marczykowski
1c096ec65c vm: implement qubes.GetAppmenus to reduce code duplication 
As one-liner services are now real one-line, just do it.
 2012-07-15 02:26:09 +02:00
Marek Marczykowski
15d5a1205d vm: simplify qubes.VMShell service 
Now additional wrapper not required to skip cmdline argument
 2012-07-15 02:04:17 +02:00
Marek Marczykowski
906332ea40 vm: export SuspendPre and SuspendPost qrexec services (#617) 
1. Try to use NetworkManager sleep command instead of shutting it down
2. Move sleep action details (which is VM-specific) to VM
3. Export it as qrexec service(s)
 2012-07-13 14:44:11 +02:00
Marek Marczykowski
6d6f43fb4e vm: export SuspendPre and SuspendPost qrexec services (#617) 
1. Try to use NetworkManager sleep command instead of shutting it down
2. Move sleep action details (which is VM-specific) to VM
3. Export it as qrexec service(s)
 2012-07-13 14:40:52 +02:00
Marek Marczykowski
718f5c2bdb vm: provide dispvm-dotfiles and dispvm-prerun.sh in rpm package (#620) 2012-07-12 14:22:44 +02:00
Marek Marczykowski
b92bb698be vm: provide dispvm-dotfiles and dispvm-prerun.sh in rpm package (#620) 2012-07-12 14:21:44 +02:00
Marek Marczykowski
954b4e6947 vm/systemd: disable additional useless services (#620) 
Most of them relay on direct network acces, which isn't true on Qubes.
 2012-07-12 03:56:09 +02:00
Marek Marczykowski
ca7ec2aa57 vm/spec: remove dupplicated commnds, suppress error message 2012-07-12 03:56:09 +02:00
Marek Marczykowski
00778cacea dom0/spec: suppress unnecessary messages during package upgrade 2012-07-12 03:56:09 +02:00
Marek Marczykowski
6aeaa7b036 vm/systemd: disable additional useless services (#620) 
Most of them relay on direct network acces, which isn't true on Qubes.
 2012-07-12 03:54:41 +02:00
Marek Marczykowski
212d4227c8 vm/spec: remove dupplicated commnds, suppress error message 2012-07-12 03:54:41 +02:00
Marek Marczykowski
f0d55138d3 dom0/spec: suppress unnecessary messages during package upgrade 2012-07-12 03:54:34 +02:00
Marek Marczykowski
302191edec vm/spec: disable pam_systemd only in trigger 
The %post part is unnecessary.
 2012-07-09 15:54:33 +02:00
Marek Marczykowski
c1f5377b1d vm/spec: disable pam_systemd only in trigger 
The %post part is unnecessary.
 2012-07-09 15:52:42 +02:00
Marek Marczykowski
8b2be6b693 dom0/spec: remove some udev rules from system (#605) 2012-07-05 01:43:32 +02:00
Marek Marczykowski
c4888add66 vm: disable D-Bus activation of NetworkManager (#610) 2012-07-05 01:43:32 +02:00
Marek Marczykowski
b834e2c5a7 vm/spec: disable pam_systemd globally (#607) 
Actually all /etc/pam.d/ files containing pam_systemd.so are autogenerated by
authconfig, so "removing" pam_systemd.so file as not elegant solution, seems to
be much more realiable.
 2012-07-05 01:43:32 +02:00
Marek Marczykowski
3ccc43ede2 dom0/spec: remove some udev rules from system (#605) 2012-07-05 01:40:38 +02:00
Marek Marczykowski
725e724044 vm: disable D-Bus activation of NetworkManager (#610) 2012-07-05 01:33:22 +02:00
Marek Marczykowski
f20099f05b vm/spec: disable pam_systemd globally (#607) 
Actually all /etc/pam.d/ files containing pam_systemd.so are autogenerated by
authconfig, so "removing" pam_systemd.so file as not elegant solution, seems to
be much more realiable.
 2012-07-05 01:31:32 +02:00
Marek Marczykowski
0006ebdaff vm/spec: fix enabling NetworkManager SystemD service 2012-06-26 03:43:36 +02:00
Marek Marczykowski
a6c7d0efbe vm/spec: fix error messages 2012-06-26 03:43:36 +02:00
Marek Marczykowski
da63af599c vm/spec: fix enabling of qubes-firewall SysV service 2012-06-26 03:43:36 +02:00