qrexec-daemon will start new processes for called services, which
include starting new DispVM, starting other required VMs (like backend
GPG VM). Having those processes as root leads to many permissions
problems, like the one linked below. So when VM is started by root, make
sure that qrexec-daemon will be running as normal user (the first user
in group 'qubes' - there should be only one).
QubesOS/qubes-issues#1768
- Remove old qvm-remove
- Remove a log line from Storage, because it prints confusing lines, like:
Removing volume kernel: /var/lib/qubes/vm-kernels/4.1.13-6/modules.img
Add the ability to handle commands having subcommands, like `qvm-block`
Split the ArgumentCheckVisitor in an OptionsCheckVisitor &
SubCommandCheckVisitor. The OptionsCheckVisitor checks options given
in a section named 'Options' (case insensitive), while the
SubCommandCheckVisitor dispatches on a section named 'Commands' (case
insensitive).
This also fixes finding the undocumented command arguments. The previous
solution with depart_document did not work. NodeVisitor does not dispatch to
depart_document() even if it's mentioned in the documentation.
On KDE5 native decoration plugin is used and requires special properties
set (instead of `_QUBES_VMNAME` etc).
Special care needs to be taken when detecting environment, because
environment variables aren't good enough - this script may be running
with cleared environment (through sudo, or from systemd). So check
properties of X11 root window.
QubesOS/qubes-issues#1784
Trim template name to fit full VM name in 31 chars.
At the same time, check if the VM already exists - if so - remove it
first (or error out asking the user to remove it manually - if VM isn't
marked as internal).
Now that VM is created as internal, to skip appmenus creation.
QubesOS/qubes-issues#1910FixesQubesOS/qubes-issues#1655
This behaves better when running multiple VMs. If one need full CPU
power in some VM, it is always possible to increase vCPUs for this
particular VM.
FixesQubesOS/qubes-issues#1891
This commit eliminates import statements happening in the middle of the
file (between two classes definition). The cycles are still there. The
only magic module is qubes itself.
This requires having at least 1GB free on /tmp, but it is fair
assumption - it's tmpfs in dom0 and while performing the backup most of
the VMs aren't running, so shouldn't be a problem. Anyway it is always
possible to set TMPDIR variable or pass --tmpdir cmdline option.
Using tmpfs based temporary directory should speedup the backup.
QubesOS/qubes-issues#1652
This is squashed woju/qubes-core-admin#8 by @kalkin
- LinuxKernel.volumes() lists all available kernels
- LinuxKernel use kernel version as vid
- LinuxKernel add docstrings
- Linux.kernel use os.listdir instead of os.walk
- LinuxKernel dynamically list available kernels
Do not force inheritance of ExtraTestMixin and QubesTestCase. Instead
provide 'qubes.tests.extra.ExtraTestCase' for external tests. This makes
the API less "magic", easier to understand and apply static analysis
tools on it.
QubesOS/qubes-issues#1800
