Marek Marczykowski-Górecki
7516737fae
core: Add "dispvm_netvm" property - NetVM for DispVMs started from a VM
...
This allows to specify tight network isolation for a VM, and finally
close one remaining way for leaking traffic around TorVM. Now when VM is
connected to for example TorVM, its DispVMs will be also connected
there.
The new property can be set to:
- default (uses_default_dispvm_netvm=True) - use the same NetVM/ProxyVM as the
calling VM itself - including none it that's the case
- None - DispVMs will be network-isolated
- some NetVM/ProxyVM - will be used, even if calling VM is network-isolated
Closes qubesos/qubes-issues#862
2015-04-04 21:47:31 +02:00
Marek Marczykowski-Górecki
999698bd68
core: rename create_xenstore_entries, get rid of xid parameter
...
It have nothing to do with xenstore, so change the name to not mislead.
Also get rid of unused "xid" parameter - we should use XID as little as
possible, because it is not a simple task to keep it current.
2015-03-28 22:36:28 +01:00
Marek Marczykowski-Górecki
6b05d5b392
Add qvm-trim-template tool
...
Based on work done by Matt McCutchen <matt@mattmccutchen.net>, details
here:
https://groups.google.com/d/msgid/qubes-users/1417939737.2033.24.camel%40localhost
2015-01-30 01:39:59 +01:00
Marek Marczykowski-Górecki
25c425920c
qvm-tools: fix error reporting in qvm-kill
2015-01-30 01:38:56 +01:00
Marek Marczykowski-Górecki
73301a67c8
core: fix vm.run(..., passio=False) handling
...
Long time ago passio=True was used to replace current process with
qrexec-client directly (qvm-run --pass-io was the called), but this
behaviour is not used anymore (qvm-run was the only user). And this
option was left untouched, with misleading name - one would assume that
using passio=False should disallow any I/O, but this isn't the case.
Especially qvm-sync-clock is calling clockvm.run('...', wait=True),
default value for passio=False. This causes to output data from
untrusted VM, without sanitising terminal sequences, which can be fatal.
This patch changes passio semantic to actually do what it means - when
set to True - VM process will be able to interact with
stdin/stdout/stderr. But when set to False, all those FDs will be
connected to /dev/null.
Conflicts:
core-modules/000QubesVm.py
2015-01-30 01:38:52 +01:00
Marek Marczykowski-Górecki
d4ab70ae9d
core: update qvm-block code for HAL API
...
Use QubesDB to get list of devices, call libvirt methods to
attach/detach devices.
2014-12-12 03:59:01 +01:00
Zrubi
b4e0833cb7
qubes-hcl-report v2.2
...
- Network devices section added to HCL Info output
2014-12-05 19:33:17 +01:00
Zrubi
55fce5dd36
qubes-hcl-report v2.1
...
- script redesign,
- fixed VT-d, VT-x detection,
- Support File generation is optional,
- the results are kept in dom0 by default,
- version and usage info added.
(cherry picked from commit f5845b2df1db19da37f02ace24f29a82660c39ff)
2014-12-05 17:06:17 +01:00
Marek Marczykowski-Górecki
467477409d
makefile/windows: install qvm-tools with .py extension
...
So system will automatically run them with python interpreter (wherever
it is installed). This require to have ".py" in PATHEXT variable.
2014-11-19 12:50:26 +01:00
Marek Marczykowski-Górecki
eaac99bf64
qvm-tools: check if running as root only on systems with os.geteuid
2014-11-19 12:50:26 +01:00
Marek Marczykowski-Górecki
0009805041
rpm+makefile: move build/install code to Makefile files
...
This makes build "scripts" not tied to Fedora-specific files. Especially
ease porting to other platforms.
2014-11-19 12:50:24 +01:00
Marek Marczykowski
5a28074c2b
qvm-template-commit: add --offline-mode option
...
Allow force offline mode (disable check if VM isn't running) - useful
for running from anaconda (inside of chroot).
2014-11-19 12:48:27 +01:00
Marek Marczykowski
b8c62c0279
Wrap all VMM connection related object into QubesVMMConnection class
...
This makes easier to import right objects in submodules (only one
object). This also implement lazy connection - at first access, not at
module import, which speeds up tools, which doesn't need runtime
information (like qvm-prefs or qvm-service). In the future this will
ease migration from xenstore to QubesDB.
Also implement "offline mode" - operate on qubes.xml without connecting
to VMM - raise exception at such try.
This is needed to run tools during installation, where only minimal
set of services are started, especially no libvirt.
2014-11-19 12:48:26 +01:00
Marek Marczykowski-Górecki
19d064ca66
qvm-tools/qvm-run: do not echo empty line, remove unneeded imports
2014-11-10 02:25:27 +01:00
Marek Marczykowski-Górecki
ac155705d1
qvm-tools/qvm-run: remove --shutdown option
...
There is separate tool for this operation (qvm-shutdown). qvm-run
options related to shutdown (--wait, --force) can be confusing to the
user.
2014-11-10 02:24:43 +01:00
Marek Marczykowski-Górecki
96d5b47cce
qvm-tools/qvm-backup: add --debug option
2014-09-26 14:42:25 +02:00
Marek Marczykowski-Górecki
68460fb272
qvm-tools/qvm-shutdown: handle domains with xl daemon killed ( #903 )
...
When system is going down, systemd kills all the users processes,
including 'xl' daemons waiting for domain shutdown. This results in
zombie domains not cleaned up. The proper fix would be somehow extract
those processes from user session scope (most likely by starting them as
a service).
But because it applies only to system shutdown (qvm-shutdown
call there), it is simpler to add appropriate handling code to
qvm-shutdown.
In R3 the problem will vanish, because of use libvirtd deamon, so no
user processes required to track domains state.
2014-09-26 02:18:42 +02:00
Marek Marczykowski-Górecki
fc7d686b2e
qvm-tools/qvm-shutdown: do not kill already dead VM
...
When VM stop just when the timeout expires, qvm-shutdown should not try
to kill it - this would result in QubesException("VM already stopped!").
2014-09-25 05:47:35 +02:00
Marek Marczykowski-Górecki
a40e946a3f
backups: add qvm-backup-restore --debug option
2014-09-17 23:12:27 +02:00
Marek Marczykowski-Górecki
b506a0cc15
backups: make the restore more defensive
...
Continue restore even if some fails failed to extract
2014-09-17 23:12:27 +02:00
Marek Marczykowski-Górecki
228ae07543
backups: improve errors handling
...
Report nice error message (not a traceback), interrupt the process on
non-recoverable error (when extraction process is already dead).
2014-09-17 14:43:41 +02:00
Marek Marczykowski-Górecki
f0bbb28398
backups: implement verify-only option ( #863 )
2014-09-17 14:43:27 +02:00
Marek Marczykowski-Górecki
591826daa2
qvm-tools: fix error message for setting vcpus using qvm-prefs
...
Simple typo, but results in exception.
2014-09-16 01:21:21 +02:00
Marek Marczykowski-Górecki
4913fc4fbc
qvm-tools: improve messages for qvm-create --root-{move,copy}
...
There was no separate message, so it looked like registering appmenus
takes a long time.
2014-09-16 01:20:06 +02:00
Marek Marczykowski-Górecki
6dbaede3d0
qvm-tools/qubes-prefs: report empty setting as empty string instead of "none" ( #894 )
2014-09-04 23:58:32 +02:00
Hakisho Nukama
be8d807624
removed duplicated comment tag
2014-09-04 23:31:38 +02:00
Marek Marczykowski-Górecki
e5a6f58851
dispvm: by default use default dispvm-prerun script
...
Assume "--default-script" when no second argument given.
2014-07-02 02:31:22 +02:00
Marek Marczykowski-Górecki
c9ff9c2258
Revert "dispvm: use < 3.12 kernel if possible ( #868 )"
...
This reverts commit 7ce6601853
.
3.12+ kernel fixed, so no longer needed.
2014-06-27 17:31:32 +02:00
Marek Marczykowski-Górecki
7ce6601853
dispvm: use < 3.12 kernel if possible ( #868 )
...
3.12+ is known to have broken balloon driver after save+restore.
2014-06-27 03:24:41 +02:00
Zrubi
dcba6b930a
qubes-hcl-report: collect and print RAM and HDD info.
2014-06-25 14:06:19 +02:00
Marek Marczykowski-Górecki
1ed9c74d83
Rearrange code to not import PyQt on every qvm-* call
...
Move notification functions to separate file (out of guihelpers).
2014-06-05 01:59:42 +02:00
Marek Marczykowski-Górecki
6e8dc37f9b
qvm-tools: add customizable VM output color
2014-05-26 01:31:39 +02:00
Marek Marczykowski-Górecki
44f38fe076
Declare file encoding for all python files, fill missing copyright headers
...
Without that, python do not accept UTF-8 even in comments.
2014-05-18 21:03:27 +02:00
Wojciech Zygmunt Porczyk
04df26ab70
qvm-firewall: use socket.getservby(name|port)
...
instead of parsing /etc/services
(#829 )
2014-05-16 18:55:30 +02:00
Wojciech Zygmunt Porczyk
45318ecb43
regexp fixes and validation ( #829 )
2014-05-16 18:35:59 +02:00
Hakisho Nukama
0d47157f3b
qubes-hcl-report: more output added - wikis source format.
2014-05-09 17:14:17 +02:00
Marek Marczykowski-Górecki
b8b2733114
core: fix un-setting global VMs (default netvm, clockvm etc)
2014-05-05 05:24:04 +02:00
Marek Marczykowski-Górecki
3914835ceb
backups: add option to disable encryption
...
While the encryption is enabled by default in reasonable cases, allow the
user to disable it if he/she want to.
2014-05-05 05:22:57 +02:00
Marek Marczykowski-Górecki
bb9d8bbf78
Remove qubes-dom0-network-via-netvm tool ( #820 )
...
If someone really needs it for debuging he/she should be able to either
do it manually (xl network-attach...) or at worst case retrieve this
tool from git history.
2014-04-16 16:44:41 +02:00
Marek Marczykowski-Górecki
0695a5ff82
qvm-sync-clock: don't show unverified output to the terminal
2014-04-15 04:14:45 +02:00
Marek Marczykowski-Górecki
ac7746feed
qvm-run: add color output and filtering escape sequences
...
This makes VM output clearly distinguishable
2014-04-15 03:19:48 +02:00
Marek Marczykowski-Górecki
5cbfb64a57
qubesutils: enable/disable updates check on all the VMs and dom0 ( #800 )
2014-04-11 07:06:12 +02:00
Marek Marczykowski-Górecki
cd6504f8ea
qvm-tools: add qvm-ls --raw-list for machine readable VM list
2014-04-11 02:18:43 +02:00
Marek Marczykowski-Górecki
5704b41a45
hvm: seamless_gui_mode setting, including runtime change support ( #810 )
2014-04-01 01:12:35 +02:00
Zrubi
133e8ddcc3
qubes-hcl-report - bugfix
2014-03-28 07:28:43 +01:00
Marek Marczykowski-Górecki
242590902a
firewall: minor improvements
...
Do not require ports specified in rule - useful for "any" protocol where
ports doesn't have sense.
2014-03-28 02:55:35 +01:00
Marek Marczykowski-Górecki
e90e1c62ec
proxyvm: add support for rules with expire time ( #760 )
2014-03-28 02:54:59 +01:00
Marek Marczykowski-Górecki
91428ebaa1
core: method to resize root.img ( #699 )
2014-03-21 18:43:13 +01:00
Marek Marczykowski-Górecki
dda1bbc41a
backups/qvm-backup: show all warnings at one place, clarify pass phrase prompt ( #801 )
2014-03-17 21:26:42 +01:00
Marek Marczykowski-Górecki
5d7688a2fe
backups: allow provide full path for the backup (instead of directory) ( #801 )
...
This will allow the user to choose custom filename, instead of
auto generated 'qubes-backup-XXX'.
2014-03-17 21:15:39 +01:00
Marek Marczykowski-Górecki
61c10d7621
qvm-tools: display date of last backup
2014-03-10 04:29:46 +01:00
Marek Marczykowski-Górecki
ab094a623a
qvm-tools: remove files after failed VM clone
2014-02-22 01:26:51 +01:00
Marek Marczykowski-Górecki
4ff39859c4
backups/qvm-tools: decode password using console encoding
2014-02-05 06:53:07 +01:00
Marek Marczykowski-Górecki
ca31b57ee3
backups: improve help message
2014-02-05 02:49:26 +01:00
Marek Marczykowski-Górecki
60d373dbda
qvm-tools: grammar fix in help message
...
might be repeated -> may be repeated
2014-01-23 04:50:14 +01:00
Marek Marczykowski-Górecki
a4d1ede69b
backups/qvm-tools: add an option to restore only selected VMs ( #766 )
2014-01-19 04:52:13 +01:00
Marek Marczykowski-Górecki
dc34b6c94c
qvm-backup: automatically start destination VM ( #767 )
2014-01-15 05:52:46 +01:00
Marek Marczykowski-Górecki
d473140dff
qvm-backup: encrypt the backup when custom enc algo specified
...
Also move forcing encryption earlier to have VM names hidden
(backup_prepare call).
2014-01-15 05:51:52 +01:00
Marek Marczykowski-Górecki
16f8e46f68
qvm-backup: automatically exclude destination VM from backup ( #767 )
2014-01-15 05:51:18 +01:00
Marek Marczykowski-Górecki
8921df90d8
qvm-backup: add options to specify custom hmac/enc algorithms
2014-01-15 05:34:35 +01:00
Marek Marczykowski-Górecki
adbec8e843
backups/qvm-backup: force encryption if backup is sent to AppVM ( #769 )
2014-01-15 05:34:21 +01:00
Marek Marczykowski-Górecki
4b493b6d9a
backups: unify compress/encrypt parameter names
2014-01-15 03:45:12 +01:00
Marek Marczykowski-Górecki
8d445beebb
backups: fix qvm-backup-restore calls
...
Do not use backup_restore_header, it is called from
backup_restore_prepare now.
2014-01-15 03:36:45 +01:00
Marek Marczykowski-Górecki
40953176f4
backups: reorganise restore API
...
Call backup_restore_header from backup_restore_prepare, there is no
sense in requiring the user to call them separately. Also store all
parameters in restore_info object as special '$OPTIONS$' VM to not
require passing them twice (with all the chances for the errors).
2014-01-13 04:45:02 +01:00
Marek Marczykowski-Górecki
e2c19e0bc4
qvm-tools: fix typo in qvm-start
2014-01-10 03:32:22 +01:00
Marek Marczykowski-Górecki
f18717d192
qvm-tools: update log names reported by qvm-start in debug mode
2013-12-17 23:59:16 +01:00
Marek Marczykowski-Górecki
177c40d18f
qvm-tools: do not crash qvm-run/qvm-start --tray when no notification service available
2013-12-15 22:53:06 +01:00
Marek Marczykowski-Górecki
4505d643f9
qvm-tools: one more fix for qvm-check tool
2013-12-13 22:52:18 +01:00
Marek Marczykowski-Górecki
ac9823e6f1
qvm-tools: indentation fix in qvm-check
2013-12-11 21:28:04 +01:00
Zrubi
c8f4dc70e8
qubes-hcl-report update
2013-12-11 21:27:10 +01:00
Marek Marczykowski-Górecki
99b001502a
backups: compression support
2013-12-02 14:05:41 +01:00
Marek Marczykowski-Górecki
27f6f0e64e
Merge branch 'new-backups'
...
Conflicts:
core-modules/000QubesVm.py
2013-11-29 04:00:58 +01:00
Marek Marczykowski-Górecki
10100767da
backups: hide VM names in encrypted backup
...
Even when encrypted backup is selected, file list isn't encrypted. Do
not leak VM names in the filenames.
2013-11-27 03:19:23 +01:00
Marek Marczykowski-Górecki
fa35b1dd55
qvm-tools: add --root-move-from/--root-copy-from options to qvm-create
2013-11-25 17:15:45 +01:00
Marek Marczykowski-Górecki
17c5d22083
qvm-tools: fix qvm-create --hvm* --root args parsing
2013-11-25 17:15:15 +01:00
Marek Marczykowski-Górecki
919b9455f8
qvm-tools: fix args parsing for qvm-create --hvm-template
2013-11-25 14:27:43 +01:00
Marek Marczykowski-Górecki
5033b53543
core: split HVM template into separate class
2013-11-25 07:18:01 +01:00
Marek Marczykowski-Górecki
0fcceb324d
backups: fix appvm handling in qvm-backup-restore
2013-11-25 06:33:31 +01:00
Marek Marczykowski-Górecki
d7e3f3cb0a
backups: qvm-backup: check if /var/tmp have enough space
2013-11-25 05:43:15 +01:00
Marek Marczykowski-Górecki
3a898db663
backups: Prompt for password twice for verification
2013-11-25 05:42:47 +01:00
Marek Marczykowski-Górecki
c781a522d8
backups: move backup code to separate file
...
Also some major cleanups: Reduce some more code duplication
(verify_hmac, simplify backup_restore_prepare). Rename
backup_dir/backup_tmpdir variables to better match its purpose. Rename
backup_do_copy back to backup_do. Require QubesVm object (instead of VM
name) as appvm param.
2013-11-25 05:41:13 +01:00
Marek Marczykowski-Górecki
07ae02915f
backups: add missing import in qvm-backup
2013-11-25 00:55:10 +01:00
Marek Marczykowski-Górecki
c306b9c00a
backups: increase readability of long function calls
2013-11-24 23:49:53 +01:00
Marek Marczykowski-Górecki
6c61e79ebf
backups: don't echo entered passwords
2013-11-24 03:19:11 +01:00
Marek Marczykowski-Górecki
61b3a81e82
backup: remove unused argument from backup_prepare
2013-11-24 03:17:15 +01:00
Marek Marczykowski-Górecki
e7701d9c5d
backup: check for disk space if target is local directory
2013-11-24 03:15:44 +01:00
Marek Marczykowski-Górecki
167b412e54
qvm-tools: unify the qvm-prefs labels ( #756 )
2013-11-21 14:54:50 +01:00
Marek Marczykowski-Górecki
fe834bcb9c
qvm-tools: fix set_* return code
...
Use return True/False to report success/failure instead of exit(1). This
fixes regression introduced by "92b479b qvm-tools: exit with code 1 on
error", which results in some setting not saved.
2013-11-21 14:51:14 +01:00
Marek Marczykowski-Górecki
6fddae3b9b
Support for autostart VMs ( #724 )
2013-11-20 02:57:17 +01:00
Marek Marczykowski-Górecki
2005207462
Template support for HVM ( #719 )
...
Any HVM (which isn't already template-based) can be a template for
another HVM. For now do not allow simultaneous run of template and its
VM (this assumption simplify the implementation, as no root-cow.img is
needed).
2013-11-19 18:42:59 +01:00
Marek Marczykowski-Górecki
92b479bf49
qvm-tools: exit with code 1 on error
...
Not only print error message.
2013-11-19 18:40:16 +01:00
Marek Marczykowski-Górecki
25fd41aa2f
qvm-tools: do not assume that every template VM must have root-cow.img
...
Especially HVM templates do not have (at least for now).
2013-11-19 18:39:22 +01:00
Marek Marczykowski-Górecki
1756ab33e9
qvm-tools: make qvm-ls code more defensive
...
Do not assume only predefined VMs types, do not assume only one type of
template etc.
2013-11-19 18:36:12 +01:00
Marek Marczykowski-Górecki
f0e24c358e
qvm-tools: clarify help message/options error checking ( #741 )
2013-11-18 01:15:17 +01:00
Marek Marczykowski-Górecki
a9a8335403
Merge remote-tracking branch 'oliv/master' into new-backups
...
Conflicts:
core/qubesutils.py
dom0/qvm-core/qubes.py
2013-11-07 22:41:16 +01:00
Marek Marczykowski-Górecki
5291227de3
qvm-tools: qvm-start --install-windows-tools ( #41 pro)
2013-11-01 02:31:13 +01:00
Marek Marczykowski-Górecki
084b5575a9
qvm-tools: add option to list only selected VMs
2013-10-23 20:52:32 +02:00
Marek Marczykowski-Górecki
f74caf876b
qvm-backup: support explicit list of VMs to backup
2013-10-01 03:18:44 +02:00
Marek Marczykowski-Górecki
1525b64e16
Merge remote-tracking branch 'joanna/master'
2013-09-17 04:45:23 +02:00
Marek Marczykowski-Górecki
5da7a520c4
core: move pci_add/pci_remove to QubesVM, add support for live add/remove ( #708 )
...
This additionally requires qubes.DetachPciDevice service in VM.
2013-09-01 01:26:43 +02:00
Marek Marczykowski
a0cb8dbf7e
dispvm: minor fixes
...
Conflicts:
dispvm/qubes-prepare-saved-domain.sh
2013-08-13 00:36:49 +02:00
Marek Marczykowski
42416504bb
qvm-prefs: fix checking kernel path
2013-08-09 13:00:07 +02:00
Zrubi
2fc8e7abb0
qubes-hcl-report update + qvm-check
...
It's now handle dual VGA scenarios, got some other hardware related
improvements, and some usage help text ;)
And because I needed to check if a VM is exists or not just made a
small check script: qvm-check
This is really just a stripped down version of the existing qvm-* scripts..
2013-07-03 09:47:29 +00:00
Marek Marczykowski
8b71129445
qvm-template-commit: --offline-mode
...
Just a placeholder for now, to have common template-builder with Qubes
R3.
2013-05-18 06:01:25 +02:00
Marek Marczykowski
17709dcce9
qvm-tools: qvm-run: eturn exitcode!=0 if any command failed
2013-03-25 16:28:55 +01:00
Marek Marczykowski
398f54f99a
qvm-tools: remove net-tools dependency part two
2013-03-21 05:20:10 +01:00
Marek Marczykowski
a84886db07
Move all files one level up
2013-03-16 19:56:51 +01:00