Commit Graph

450 Commits

Author SHA1 Message Date
Marek Marczykowski
3b3929b6a2 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core
Conflicts:
	dom0/qvm-core/qubes.py
2011-07-08 21:37:43 +02:00
Marek Marczykowski
bfe28d5ee6 dom0: Wrap hotplug scripts with flock (#253)
Apparently locking mechanism in xen hotplug scripts isn't working. This is
workaround before it will be fixed in xen...
2011-07-06 23:11:51 +02:00
Rafal Wojtczuk
c80ee3b231 qrexec: allow for more options in the policy files 2011-07-06 18:34:00 +02:00
Rafal Wojtczuk
6366db0ab6 qrexec: adjust updates fetching to the new qrexec api 2011-07-06 14:44:40 +02:00
Rafal Wojtczuk
d46150b8d3 qrexec: adjust appmenu syncing to the new qrexec api 2011-07-06 14:09:36 +02:00
Rafal Wojtczuk
2fdf9761c7 qrexec: adjust DispVM code to the new qrexec API
Note, we have qvm-open-in-vm totally for free.
2011-07-06 12:32:20 +02:00
Rafal Wojtczuk
b7e8c2708c qrexec: adjust intervm file copy code to the new qrexec API 2011-07-06 10:17:58 +02:00
Marek Marczykowski
0de378dafc dom0: automatically bind PCI devices to pciback at VM start (#252) 2011-07-05 22:10:45 +02:00
Marek Marczykowski
5f10e408e0 dom0: stores QubesVm.pcidevs as list (#252)
To easier manage pci devices attached to VM
2011-07-05 22:01:28 +02:00
Marek Marczykowski
82bc4bad0b dom0: always set appmenus_templates_dir for QubesVm
If possible - to reasonable value (vm dir for UpdateableVM or template - for
template-based VM).
2011-07-05 21:26:39 +02:00
Marek Marczykowski
b9e00b2189 dom0: Include default whitelisted-appmenus.list in template (#266) 2011-07-05 21:20:43 +02:00
Marek Marczykowski
d16b6f24f9 dom0: fix cmdline of DispVM guid (#248) 2011-07-02 22:44:49 +02:00
Joanna Rutkowska
3bd1c700f6 [REMOVEME] Dom0: Add UGLY sleeps hoping they will temporarily prevent the race condition 2011-07-02 22:15:43 +02:00
Joanna Rutkowska
fc31161361 Dom0: Fix calling syntax for qrexec_client for updatevm 2011-07-02 22:12:43 +02:00
Marek Marczykowski
4c69dbb7d9 dom0: remove support for netvm=dom0 from init.d/qubes_netvm 2011-07-02 19:22:29 +02:00
Marek Marczykowski
cd7024cad1 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core 2011-07-02 18:49:18 +02:00
Marek Marczykowski
35e18029c1 dom0: use default kernel for new VMs 2011-07-02 18:48:17 +02:00
Joanna Rutkowska
1ef800414a Dom0: qubes.py: honor the verbose flag when printing debuging messages 2011-07-02 13:35:59 +02:00
Joanna Rutkowska
8d926960f5 Dom0: Do not try to load non-existent xen-pciback module...
Load just the pciback, which is how it is named on our kernels, and do not scare the user with weired error messages.
2011-07-02 13:18:11 +02:00
Marek Marczykowski
a1ef7d01ea dom0: Disallow directly setting kernel version for template-based VM 2011-07-02 00:24:37 +02:00
Marek Marczykowski
f447a458f2 dom0+vm: Update VM kernel mechanism (#242)
Get kernel from global kernels dir (/var/lib/qubes/vm-kernels), not per-VM. Can
be configured by qvm-prefs (kernel parameter).
New tool: qvm-set-default-kernel

For backward compatibility kernel=None means kernel in VM dir (kernels subdir).
(possibly empty) modules.img should be created in it.
2011-06-30 01:07:47 +02:00
Marek Marczykowski
f3d908a23b dom0: qvm-sync-appmenus: limit size of retrieved data 2011-06-30 00:56:25 +02:00
Marek Marczykowski
aa18fd2175 dom0: do not require tty in sudo (for /etc/init.d/qubes_netvm start) 2011-06-29 21:22:56 +02:00
Marek Marczykowski
49ac5aa17e dom0: fix leaked file descriptor from qfile-daemon-dvm 2011-06-29 19:32:49 +02:00
Marek Marczykowski
acbc6534bc dom0: Fix uninitialized variable in qubes_restore 2011-06-29 19:24:32 +02:00
Marek Marczykowski
70e73ed710 dom0: qvm-prefs: display VM own root.img path only for non-template based VMs 2011-06-27 21:14:34 +02:00
Marek Marczykowski
9d778d6870 dom0: Use xl tool in qvm-dom0-network-via-netvm 2011-06-27 21:14:34 +02:00
Marek Marczykowski
40c7e32fe9 dom0: Use first FirewallVM as UpdateVM 2011-06-27 21:14:34 +02:00
Marek Marczykowski
c41b60340b dom0: cleanup of qubes_core startup script from xend code 2011-06-27 21:14:24 +02:00
Marek Marczykowski
a0b60af3d6 dom0: Do not use transactions to access xenstore
Unfortunately they aren't reliable... at least for writing ~10 keys at once
from python.
2011-06-25 22:31:22 +02:00
Marek Marczykowski
0f28db380e dom0: QubesVm has no add_to_xen_storage() 2011-06-23 22:03:09 +02:00
Marek Marczykowski
151b15bb8c dom0: Edit xl.conf in %post instead of overriding file (rpm file conflict) 2011-06-23 14:39:17 +02:00
Marek Marczykowski
d9d7a69c27 dom0+vm: Tools for downloading dom0 update by VM (#198)
Mainly 4 parts:
 - scripts for providing rpmdb and yum repos to VM (choosen by qvm-set-updatevm)
 - VM script for downloading updates (qubes_download_dom0_updates.sh)
 - qfile-dom0-unpacker which receive updates, check signatures and place its in dom0 local yum repo
 - qvm-dom0-upgrade which calls all of above and after all yum gpk-update-viewer

Besides qvm-dom0-upgrade, updates are checked every 6h and user is prompted if
want to download it. At dom0 side gpk-update-icon (disabled yet) should notice
new updates in "local" repo.
2011-06-22 00:44:48 +02:00
Marek Marczykowski
6d9fdf4729 dom0: Add shortcut qubes-appmenu-select ("Add more shortcuts...") for each VM (#45) 2011-06-12 01:47:15 +02:00
Marek Marczykowski
b75f89038b dom0: qvm-sync-appmenus output error messages to stderr 2011-06-12 01:47:15 +02:00
Marek Marczykowski
4634a6897c dom0: qvm-sync-appmenus: support for calling by qrexec_client 2011-06-12 00:56:47 +02:00
Marek Marczykowski
a4d1a21b46 dom0: qvm-sync-appmenus - copy *directory.template when needed 2011-06-11 23:09:55 +02:00
Marek Marczykowski
9375b8d6ff dom0: qvm-sync-appmenus: add missing object name to vars 2011-06-11 22:58:00 +02:00
Marek Marczykowski
5714410724 dom0: qvm-sync-appmenus: create appmenus dir if needed 2011-06-11 22:55:53 +02:00
Marek Marczykowski
454b678284 dom0: cpu load calculation when VM rebooted fix 2011-06-11 20:44:26 +02:00
Marek Marczykowski
7ced90832b dom0: Support for pcidevs in qvm-prefs
Can be used to e.g. have two NetVMs, eatch with one network interface assigned.
2011-06-10 19:08:47 +02:00
Marek Marczykowski
4cb5838f5b dom0: qvm-revert-template-changes message fix 2011-06-10 18:44:53 +02:00
Marek Marczykowski
5cce87c7d2 dom0: Introduce qvm-revert-template-changes tool 2011-06-10 18:36:20 +02:00
Marek Marczykowski
63dda4de34 dom0: qvm-create: remove obsolete add_to_xen_storage call 2011-06-10 18:27:16 +02:00
Marek Marczykowski
925647c7d7 dom0: run xl create through sudo
This finally solve problem with RLIMIT_MEMLOCK (less important) and is required
to attach PCI devices (eg netvm restart) - more important.
2011-06-10 18:19:19 +02:00
Marek Marczykowski
891653a413 dom0: create lockfile for libxl and set dom0 name in xenstore
Create lockfile to set it proper permissions. Without it the first use
(qvm-start netvm) will create it with root:root and 600.
Without xend, no one sets dom0 name...
2011-06-10 12:02:32 +02:00
Marek Marczykowski
3571a34010 dom0: preserve old root-cow - for qvm-revert-template-changes 2011-06-09 14:22:22 +02:00
Marek Marczykowski
f1f98d47df dom0: Use /var/run/xen-hotplug to store information needed for block devices cleanup.
Libxl removes xenstore entries before udev (+scripts) have chance to read it.
2011-06-09 14:06:24 +02:00
Marek Marczykowski
197ccb2e2c dom0: remove obsolete code from qubes_restore 2011-06-08 03:42:51 +02:00
Marek Marczykowski
ea69b51a97 dom0: use /bin/bash as interpreter of qubes_prepare_saved_domain.sh
Required for ex $(( )) construction. /bin/sh may not handle it (when linked to
some other shell than bash).
2011-06-08 03:41:22 +02:00
Marek Marczykowski
e5df78fe92 dom0: Migrate qubes_restore (and all DispVM logic) to libxl
Detailed changes:
 - use domain config in separate file (not embeded in savefile)
 - DispVM domain config generated from dvm.conf (introduced by previous patches) by qubes_restore
 - use call 'xl restore' to restore domain (instead of command to xend)
 - additional parameter to qubes_restore - config template
 - minor changes (xenstore perms, block-detach without /dev/ prefix, etc)
2011-06-08 03:36:02 +02:00
Marek Marczykowski
81ae4fafcf dom0: Use 10.138.x.y for DispVMs and fix gateway/DNS addresses 2011-06-08 03:33:45 +02:00
Marek Marczykowski
fcd4cd44eb dom0: create config template for DispVM
Introduction for later patches.
2011-06-08 03:30:42 +02:00
Marek Marczykowski
1647d03f74 dom0: use path given in argument to store VM configuration 2011-06-08 03:29:52 +02:00
Marek Marczykowski
f5e4cf58aa dom0: include vif in domain config (no need for network-attach) 2011-06-08 03:28:08 +02:00
Marek Marczykowski
c444ebc5f8 dom0/qmemman: different approach of mem-set and maxmem (libxl way)
Libxl stores maxmem in xenstore (/local/domain/X/memory/static-max) and sets
maxmem and target_mem to actual memory. So qmemman should use xenstore entry as
memory_maximum (when exists) and also adjust maxmem when changing domain memory.
2011-06-07 16:19:52 +02:00
Marek Marczykowski
50a910362d dom0/qmemman: Fix distribution memory left because of memory_maximum 2011-06-07 15:58:55 +02:00
Marek Marczykowski
9ed6b94d63 dom0/qmemman: Check for memory_maximum also for dom0 2011-06-07 15:58:55 +02:00
Marek Marczykowski
bd447308fe dom0/qmemman: distribute memory freed by deleted domain
Also wait a moment after domain list change for domain cleanup. Even if this
time is not sufficient, memory will be balanced when some domain need it.
2011-06-07 15:58:55 +02:00
Marek Marczykowski
429c685f1d dom0: write firewall rules only for running proxyvms 2011-06-07 15:58:55 +02:00
Marek Marczykowski
ae6d2ac70c dom0: include xl.conf in qubes-core-dom0 package
Disable autoballoon (qmemman will handle it) and specify lock file location
writable by user.
2011-06-07 15:58:55 +02:00
Marek Marczykowski
645132f043 dom0: Explicitly set maxmem=mem for NetVM 2011-06-07 15:58:54 +02:00
Marek Marczykowski
6dd0870ca6 dom0: Generate Xen VM config file from common template, on each VM start
Do not use many different config templates for different types of VMs. Also
regenerate config on each VM start to keep in synchronized with qubes.xml
2011-06-07 15:58:54 +02:00
Marek Marczykowski
62111845ea dom0: set memlock limit to unlimited for qubes users
Needed to 'xl create' work
2011-06-07 15:58:54 +02:00
Marek Marczykowski
5ebd163fd3 dom0: check RLIMIT_MEMLOCK before starting VM (and fix if possible) 2011-06-07 15:58:54 +02:00
Marek Marczykowski
d3e6e3dec0 dom0: use xen.lowlevel.xs instead of call xenstore-* 2011-06-05 23:35:53 +02:00
Marek Marczykowski
9ce2f440c3 dom0: remove import of old xend libraries 2011-06-05 22:58:20 +02:00
Marek Marczykowski
7b2ac4b279 dom0: catch error when no VM found by libxc (assume not running) 2011-06-04 02:46:12 +02:00
Marek Marczykowski
f5751bfea7 dom0: prevent division by zero on calculating cpu usage
When VM is starting online_vcpus=0 for short time.
2011-06-04 02:44:27 +02:00
Marek Marczykowski
cc4df5089d dom0: XC/XL infos for dom0 2011-06-02 01:20:23 +02:00
Marek Marczykowski
fac1f7f107 dom0: Set xid=0 for QubesDom0NetVm 2011-06-02 01:20:01 +02:00
Marek Marczykowski
cb1fbfc145 dom0: store xid in QubesVm on get_xid() 2011-06-02 00:07:22 +02:00
Marek Marczykowski
c789121f84 dom0: migrate from xend to libxl stack - qvm-core
This is core part of migration. Things not migrated yet:
 - DispVM (qubes_restore needs to be almost rewritten)
 - VM xen config files should be fixed (use "script:" prefix in block device description, perhaps generate this files on VM start)

Huge, slow xend not needed any more, now it conflicts with libxl
2011-06-01 23:59:53 +02:00
Marek Marczykowski
086c41cb9f dom0 qmemman: watch /local/domain xenstore tree for new/deleted domains
This is the place where _running_ domains are placed.
2011-06-01 23:31:56 +02:00
Marek Marczykowski
4f33e17e69 Set appmenus_templates_dir also for StandaloneVM (#45)
StandaloneVM also have appmenus templates - retrieved from VM. User can choose
some of them to real menu.
2011-05-24 00:14:03 +02:00
Marek Marczykowski
df0240c218 Remove desktop files after uninstalling it (#45) 2011-05-24 00:10:17 +02:00
Marek Marczykowski
dee7c69156 Create appmenus only for whitelisted apps (if set) (#45) 2011-05-24 00:09:44 +02:00
Marek Marczykowski
e1cea1f50b dom0: tool for sync desktop file templates (#45) 2011-05-20 16:38:00 +02:00
Marek Marczykowski
773f0f7b7a dom0: Fix qvm-prefs for standalone VM 2011-05-17 23:05:55 +02:00
Marek Marczykowski
ee87fff0d7 dom0: implement QubesVm.get_start_time() (#231)
Needed to check if VM was just started again
2011-05-12 18:15:09 +02:00
Marek Marczykowski
dccc528144 dom0: qmemman: distribute memory only if there are VMs which can accept it
This prevent potential inifinite loop in qmemman when free memory cannot be
assigned to any VM (because of static max). Practically this will never happen,
because dom0 can always accept memory.
2011-05-12 17:36:47 +02:00
Marek Marczykowski
b57b41aafa dom0: qmemman: Support for maxmem != physical memory (#235) 2011-05-12 15:20:26 +02:00
Marek Marczykowski
3d92e50792 Merge branch 'sane-and-pretty' of ssh://git.qubes-os.org/var/lib/qubes/git/rafal/core 2011-05-09 12:25:14 +02:00
Rafal Wojtczuk
6067be29df qmemman: add comments, make some identifiers more verbose 2011-05-04 17:58:28 +02:00
Rafal Wojtczuk
18e207cbc5 qmemman: prefix variables read from xenstore with "untrusted_"
Additionally move all already existing checks to an already
existing is_meminfo_suspicious procedure.
2011-05-04 17:10:01 +02:00
Marek Marczykowski
4a76bf2981 Call xm to set maxmem, instead of direct call to xend.
Previous one hangs sometimes with 100% occupied by xend.
This will also be simpler to port to xl/libxl interface.
2011-05-01 12:02:27 +02:00
Marek Marczykowski
f49c3a4224 Reduce dom0 priority bonus
To not kill AppVMs performance with ex kcryptd
2011-05-01 00:32:04 +02:00
Marek Marczykowski
aa7df98b7e Use half of host memory as maxmem by default. Allow to configure it per VM. 2011-04-29 01:43:41 +02:00
Marek Marczykowski
ac84bbe621 Remove correct lockfile on qubes_setupdvm stop 2011-04-27 23:07:38 +02:00
Marek Marczykowski
98f4028142 Connect vif's to already running VMs on NetVM/ProxyVM startup (#190)
Also cleanup stale vifs using "xm network-detach ... -f"
Fix iptables rules to support not only first vif of VM
2011-04-23 03:05:27 +02:00
Marek Marczykowski
0b66804a7b Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/smoku/core 2011-04-21 23:56:41 +02:00
Marek Marczykowski
50af1d15b3 Catch more exceptions during VM restore (#212) 2011-04-20 20:05:58 +02:00
Tomasz Sterna
5001b7c9d7 Save VM updatable state in qubes_vm_updateable 2011-04-20 01:01:38 +02:00
Marek Marczykowski
8a9bbbfc98 Fix usage info (and args check) for remove_appvm_appmenus.sh (#225) 2011-04-19 18:06:01 +02:00
Marek Marczykowski
e7190d0239 Clean appmenus on template remove (#225) 2011-04-19 17:55:06 +02:00
Marek Marczykowski
ccecb27b5b Use any directory template when creating appmenus (#225) 2011-04-19 16:52:31 +02:00
Marek Marczykowski
6eb39106bb Include appmenus template for TemplateVM when clonning template files (#225) 2011-04-19 16:09:11 +02:00
Marek Marczykowski
067165e030 Link to icon on template clone (#225) 2011-04-19 15:56:00 +02:00
Marek Marczykowski
1e53115eab Create appmenus not only for AppVM (#225)
Needed also by TemplateVM, and maybe others (service VMs)
For TemplateVM uses separate appmenus template (apps-template.templates).
2011-04-19 15:54:36 +02:00
Marek Marczykowski
ae661a6148 Down net ifaces on suspend (#146)
NetworkManager stop isn't enough
2011-04-19 12:53:57 +02:00