Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,936 Commits 1 Branch 0 Tags 15 MiB
4e2f47d95c
Commit Graph

32 Commits

Author SHA1 Message Date
Marek Marczykowski
3bce6047b5 dom0/qrexec: properly process data after client terminated one way of transfer 
Instead of removing client from list at EPIPE error from write, assume that
client does not wish read future data, but still can write something.
 2012-08-27 00:49:45 +02:00
Marek Marczykowski
f79101d114 dom0/qrexec: fix the case when client disconnected while sending cmdline 
Previously there was not cleaned up entry in clients table. Not critical, as
will be reset to known state at new client connect, but still fix it.
 2012-08-27 00:48:36 +02:00
Marek Marczykowski
1b42142e05 dom0/qrexec: change qrexec startup timeout to 60s (#373) 2011-10-18 00:09:34 +02:00
Joanna Rutkowska
7d5609a80a dom0: qrexec_daemon: use 30s connect timeout instead of 120s 2011-09-09 16:34:41 +02:00
Marek Marczykowski
e2aeceb230 qrexec: Use pselect instead of select (#241) 
Details here: http://wiki.qubes-os.org/trac/ticket/241
 2011-09-01 14:56:19 +02:00
Rafal Wojtczuk
259d08a83e qrexec: use $anyvm and $dispvm symbols 2011-07-25 01:49:25 +02:00
Rafal Wojtczuk
abd8b79864 qrexec: impose startup time limit for qrexec_daemon 2011-07-25 01:49:24 +02:00
Rafal Wojtczuk
77f21e08a4 qrexec: corrected stupid typo 2011-07-07 10:06:45 +02:00
Rafal Wojtczuk
7b39b15f6d qrexec: enforce strict character set in TRIGGER_EXEC message 2011-07-06 17:07:40 +02:00
Rafal Wojtczuk
b4f28152b8 qrexec: CONNECT_EXISTING command handling in daemon and client 2011-07-04 20:55:25 +02:00
Rafal Wojtczuk
c05b26763a qrexec: new communication scheme, agent<->server part 
1) Instead of a set of predefined commands, we send MSG_AGENT_TO_SERVER_TRIGGER_CONNECT_EXISTING msg with a parameter (e.g. "org.qubes-os.vm.Filecopy")
defining required action
2) qrexec_daemon just forks qrexec_policy, that will take care of actually
allowing and executing required action
3) after MSG_AGENT_TO_SERVER_TRIGGER_CONNECT_EXISTING, qrexec_agent does not
execute a command - it justs uses already established file descriptors to
send data to/from. Thus, there is no need to use ~/.xxxxxspool - a command line
tool can have direct access to remote fds.
 2011-07-04 18:56:56 +02:00
Rafal Wojtczuk
732a90443e qrexec: move daemon-specific code out of unix_server.c 
So that agent can use code in unix_server.c
 2011-07-04 17:06:29 +02:00
Marek Marczykowski
83d211836a dom0+vm: Trigger appmenus sync after yum transaction (#45), NEW QREXEC COMMAND 
After yum transaction (install/upgrade/remove),
yum-plugin-post-transaction-actions will execute script which trigger
qvm-sync-appmenus in dom0 (through qrexec).
THIS INTRODUCE NEW PREDEFINED COMMAND IN QREXEC
 2011-06-12 01:46:24 +02:00
Rafal Wojtczuk
8733c0ef77 qrexec_daemon: fixed typo in msg name 2011-05-09 13:31:38 +02:00
Rafal Wojtczuk
d84289f983 qrexec - indentation 2011-05-04 13:00:39 +02:00
Rafal Wojtczuk
b4fb7a4b5d qrexec: added two I/O error checks, even though it is redundant in these cases 2011-05-04 12:56:52 +02:00
Rafal Wojtczuk
d68183da0c qrexec: added comments, made identifiers more verbose 2011-05-04 12:52:54 +02:00
Rafal Wojtczuk
675d4ce25b qrexec_daemon: add explicite sanitize routine 
It sanitizes messages from agent, the only untrusted input. No new
checks have been added, just moved the code.
 2011-05-04 10:53:43 +02:00
Rafal Wojtczuk
b7698de251 qrexec_daemon: print dots when waiting for agent 2011-03-31 11:23:44 +02:00
Rafal Wojtczuk
5c10812e36 qrexec_agent: When running as root, make the socket accessible 
... world-rw. Perms on /var/run/qubes still limit access to group qubes.
 2011-03-25 13:47:01 +01:00
Rafal Wojtczuk
1d24ef9d1a qrexec: when forgetting about a client/process, flush buffered data 
We need to spawn a child to take care of buffered data flushing, if there
is any. Expensive, but should be needed rarely.
 2011-03-17 18:15:04 +01:00
Rafal Wojtczuk
53b517f6a5 qrexec: move set_nonblock function to write_stdin 
It will be needed there.
 2011-03-17 17:53:33 +01:00
Rafal Wojtczuk
27cfd6111a qrexec_daemon limits the number of its children 
So that evil VM cannot just send flood of exec qfile-daemon requests,
and DoS dom0.
 2011-03-16 14:21:45 +01:00
Rafal Wojtczuk
470ddce435 qrexec_daemon creates VMname-based link to its socket 2011-03-11 14:14:04 +01:00
Rafal Wojtczuk
1a5bfd8c2b Reset SIGPIPE in qrexec_daemon, too. 2011-03-11 13:08:19 +01:00
Rafal Wojtczuk
e19390ca1c Moved ioall.c file to "common" 2011-03-11 11:47:20 +01:00
Rafal Wojtczuk
f1a7df6e95 Implemented mechanism to trigger predefined execution in dom0. 
Processes in AppVM can ask qrexec-agent to send a
MSG_AGENT_TO_SERVER_TRIGGER_EXEC message to qrexec-daemon.
The latter will execute predefined program. It is useful for
the purpose of file copy; the predefined program will create
a connected qfile-daemon<->qfile-agent pair.
 2011-03-10 15:41:31 +01:00
Rafal Wojtczuk
27c8b05792 qrexec_daemon child should notify the parent. 2011-03-07 13:54:57 +01:00
Rafal Wojtczuk
50252ec64e qrexec_daemon parent should exit after connection to VM. 2011-03-07 13:50:30 +01:00
Rafal Wojtczuk
bb0507c89a Make qrexec_daemon socket accessible. 
Set restructive umask after socket creation.
 2011-03-04 17:41:54 +01:00
Rafal Wojtczuk
b899bfc9ba Daemonize qrexec_daemon. 2011-03-04 17:38:59 +01:00
Rafal Wojtczuk
b98dffc965 qrexec* tools, initial version 2011-03-04 16:32:58 +01:00