Commit Graph

234 Commits

Author SHA1 Message Date
Marek Marczykowski
c0c64ecdc5 dom0: add VM rename support (#371) 2011-11-02 00:39:23 +01:00
Marek Marczykowski
134af81b3b dom0: move remove_appmenus to separate subroutine 2011-11-01 23:42:13 +01:00
Marek Marczykowski
12b8ff7d17 dom0: store relative paths in qubes.xml when possible 2011-11-01 23:33:20 +01:00
Marek Marczykowski
47ad186926 dom0: set firewall to block-all when setting netvm to none (#370) 2011-11-01 15:50:03 +01:00
Marek Marczykowski
870dea1502 dom0/qvm-run: move run code to qubesutils 2011-10-31 13:31:54 +01:00
Marek Marczykowski
a4e11dedd9 dom0/DispVM: inherit firewall from calling VM (#370) 2011-10-31 01:29:46 +01:00
Marek Marczykowski
99c0356bf2 dom0: set first NetVM as ClockVM 2011-10-17 23:20:21 +02:00
Marek Marczykowski
db3ab9333a dom0/qvm-shutdown: increase timeout to 60s (#373) 2011-10-17 23:14:26 +02:00
Marek Marczykowski
c43a62e0bb dom0/qvm-shutdown: implement --wait in qvm-shutdown 2011-10-17 23:14:19 +02:00
Marek Marczykowski
3063ef35b7 dom0: move NetVM shutdown sanity check code to qvm-core 2011-10-17 22:45:04 +02:00
Marek Marczykowski
abcd6416fc dom0: move shutdown to qvm-core 2011-10-14 11:59:33 +02:00
Marek Marczykowski
bc47334d21 dom0: fix cleanup_vif 2011-10-10 17:11:00 +02:00
Marek Marczykowski
e1ccda362c dom0/qvm-core: release lock in VM.start() right before starting qrexec (#344) 2011-10-10 11:23:14 +02:00
Marek Marczykowski
05605f1394 dom0/qvm-core: ignore template_vm=None when loading qubes.xml
This should result in more elegant error message in case of error in qubes.xml.
2011-10-07 21:46:27 +02:00
Marek Marczykowski
98827c7020 dom0/qvm-core: output messages to stderr (#276) 2011-10-07 21:40:29 +02:00
Marek Marczykowski
053944470c dom0: improve vif cleanup
Just remove dead devices from xenstore, there is no point in waiting for its
shutdown (which 'xl' does) as backend domain is dead.
2011-10-03 22:54:45 +02:00
Marek Marczykowski
600877b830 dom0: use default values for values not present in qubes.xml
Do not set them to None. This should improve compatibility with older versions of qubes.xml
2011-10-01 10:33:25 +02:00
Marek Marczykowski
f0038d2ec7 dom0: typo fix in default_fw_netvm saving 2011-10-01 02:55:22 +02:00
Marek Marczykowski
3c7f8b97cd dom0: return datatime value in get_start_time (#315) 2011-10-01 02:54:18 +02:00
Marek Marczykowski
7ae0c52e6d dom0: introduce ClockVM - timesource for dom0 (#361) 2011-10-01 02:54:00 +02:00
Marek Marczykowski
287da572e9 dom0+vm: introduce 'qubes-service' xenstore dir - enable/disable VM services from dom0
This allows control which services are started in VM by dom0. For some
situation vm_type was used, but it isn't enough - i.e. ntpd should be started
in one, selected NetVM.
2011-10-01 02:49:25 +02:00
Marek Marczykowski
5fc5301cee Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core 2011-09-30 10:46:04 +02:00
Marek Marczykowski
6b885bd361 dom0+vm: expose block devices info in xenstore (#226) 2011-09-29 13:56:06 +02:00
Joanna Rutkowska
59f71f634a dom0: Fix xenstore permissions qubes_netvm_external_ip
We should ensure that the first expression in the permisions list
is nX, where X is the owning domain, and not rX or wX, as otherwise
we would be granting all other VMs read access to the key.

This is explained in more detail here:

http://wiki.xensource.com/xenwiki/XenBus

In practice the perms problem applied only to the qubes_netvm_external_ip key
that is exposed by each NetVM to corresponding Proxy VMs. Before this fix,
the key was readable by any VM in the system, which might not be desired in some
more advanced networking setups, such as with Tor Proxy VM.
2011-09-26 17:24:11 +02:00
Marek Marczykowski
0ce7336cad dom0: Distinguish 'Halting','Crashed' state from simple 'Halted' (#314) 2011-09-13 18:39:09 +02:00
Joanna Rutkowska
f2770e2d03 dom0: Fix create_xenstore_entries in other classes to not require xid argument 2011-09-09 18:49:15 +02:00
Marek Marczykowski
2319083631 dom0: use default kernel opts when custom opts isn't set
This can happen after rpm upgrade.
2011-09-09 14:24:17 +02:00
Joanna Rutkowska
89d532ef11 dom0: qubes.py: do not use pci=nomsi as a default argument for passthrough VM kernels anymore 2011-09-08 14:09:03 +02:00
Marek Marczykowski
5e09af2b46 dom0: limit default swiotlb size for NetVM (#342) 2011-09-08 01:19:25 +02:00
Marek Marczykowski
320847de91 dom0: correctly remove appmenus for ServiceVM (if any) 2011-09-06 01:17:09 +02:00
Marek Marczykowski
77ec31d164 dom0: appmenus templates handling for StandaloneVM (#317)
StandaloneVM also needs apps.templates dir in order to qubes-appmenu-select
works. Also can be helpful for backup/restore.
2011-09-06 01:15:35 +02:00
Marek Marczykowski
c1f0296e66 dom0: automatically determine domain xid in create_xenstore_entries 2011-09-06 01:14:49 +02:00
Marek Marczykowski
f85fcc06aa dom0: replace obsolete swiotlb=force with iommu=soft 2011-09-03 16:15:02 +02:00
Marek Marczykowski
5cb6cd2aa7 dom0: fix uses_default_kernelopts typo 2011-09-03 16:14:51 +02:00
Marek Marczykowski
58985193e7 dom0: move network-attach logic to qubes.py
Main reason is to remove code duplication.
Also fixes #260 and workaround (by sleep...) some race at NetVM restart
(fronted driver does not noticed vif-detach+vif-attach).
2011-09-03 16:13:14 +02:00
Marek Marczykowski
5fe147729d dom0: copy only selected files for StandaloneVM kernel
Especially ignore modules dir - already included in modules.img
2011-09-03 16:04:25 +02:00
Marek Marczykowski
7f24727b2b dom0: fix waiting for vif detach 2011-09-03 16:01:22 +02:00
Marek Marczykowski
11da1633d3 dom0: Copy default template kernel to StandaloneVM dir (#333)
Just prepare kernel for qvm-set -s <vmname> kernel none
2011-09-01 15:01:37 +02:00
Marek Marczykowski
ac917ef1d8 dom0: Set modules.img device R/W for StandaloneVM (#333) 2011-09-01 14:56:23 +02:00
Marek Marczykowski
577dd2b076 dom0: when cleaning up network devices, wait for actual device destroy
Otherwise subsequent network-attach will not be noticed by frontend driver.
2011-09-01 00:01:53 +02:00
Marek Marczykowski
be5e5a98a1 dom0: use full patch for network script
xl (apart from xm) doesn't prefix script with dir.
2011-08-31 22:01:08 +02:00
Marek Marczykowski
3cf1af0321 dom0: implement custom kernelopts (#323) 2011-08-31 20:39:26 +02:00
Marek Marczykowski
fbce32ae1f dom0/qvm-prefs: info when kernel setting is from template 2011-08-31 18:32:37 +02:00
Rafal Wojtczuk
8ecd6134d9 firewall: call iptables-restore once per domain (#311)
qubes.py now places rules for each domain in a separate key under
/local/domain/fw_XID/qubes_iptables_domainrules/
plus the header in /local/domain/fw_XID/qubes_iptables_header.
/local/domain/fw_XID/qubes_iptables is now just a trigger.
So, if iptables-restore fails dues to e.g. error resolving a domain name
in a rules for a domain, then only this domain will not get connectivity,
others will work fine.
2011-07-29 16:50:12 +02:00
Rafal Wojtczuk
6fc358bd20 dispvm: honour current choice of template for dispvm
... when auto-refreshing the dispvm savefile.
While at it, also copy dispvm-prerun.sh script in qvm-clone.
2011-07-26 17:09:59 +02:00
Rafal Wojtczuk
7cfbe1c7d8 qubes.py: postpone qmmeman.close()
There are indications that when parent "xl" process exits, the domain is not
booted completely; and xl actions may interfere with qmemman memory balancing.
Thus, in VM.start(), we delay releasing of qmemman handle until qrexec_daemon
connects successfully.
2011-07-22 15:07:04 +02:00
Marek Marczykowski
342261ff10 dom0: Do not clone config file with template
Not needed any more
2011-07-21 00:49:03 +02:00
Marek Marczykowski
c9ad2314ea dom0: variable names conflict (#290)
uuid is also name of (used here) python module...
2011-07-20 16:12:28 +02:00
Marek Marczykowski
f1153a5413 dom0: initialize vmtype in create_appmenus (#212) 2011-07-20 16:06:22 +02:00
Marek Marczykowski
99dfdd70c3 dom0: Hide some messages from 'xl' tool (#265) 2011-07-17 01:54:27 +02:00