Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
2,254 Commits 1 Branch 0 Tags 15 MiB
7cacc3db48
Commit Graph

372 Commits

Author SHA1 Message Date
Marek Marczykowski
9b3a77bc1d dom0: move RPC services to separate directory (#654) 
This makes more clear which code have contact with untrusted data from VM.
 2012-08-16 16:56:16 +02:00
Marek Marczykowski
a67bf1f1c0 Merge branch 'master' into hvm 2012-08-06 15:00:02 +02:00
Marek Marczykowski
fa17c541af dom0: cleanup dead DispVMs at system startup (#648) 2012-08-04 00:57:34 +02:00
Marek Marczykowski
e6c8bf81fd Merge branch 'master' into hvm 
Conflicts:
	version_dom0
 2012-08-01 00:55:05 +02:00
Marek Marczykowski
b7d2667b1d vm/kernel-placeholder: simplify upgrade 2012-07-30 23:16:05 +02:00
Marek Marczykowski
d1b827e1bd Merge branch 'master' into hvm 
Conflicts:
	dom0/init.d/qubes_core
	rpm_spec/core-dom0.spec
	version_dom0
 2012-07-25 02:52:00 +02:00
Marek Marczykowski
b691f57bbf vm: kernel-placeholder package to inhibit real kernel pkg in VM (#645) 
Some packages depends on kernel (ex fuse, pulseaudio), but kernel in VM is
managed by dom0. Any hack like exlude or so on will break some things, so
install empty placeholder package to fulfill dependencies.
 2012-07-23 23:17:50 +02:00
Marek Marczykowski
f98bf1d570 dom0: fix dirs permissions after xen upgrade 2012-07-20 13:08:18 +02:00
Marek Marczykowski
38e8b85b06 dom0: fix dirs permissions after xen upgrade 2012-07-18 12:46:36 +02:00
Marek Marczykowski
0f6f445ece Revert "vm/spec: disable pam_systemd globally (#607)" (#626) 
This reverts commit 8ec4b6963b71b95bc0cda6dd80d99bf60aa9caec.
This caused regression (#626).

Conflicts:

	rpm_spec/core-vm.spec
 2012-07-16 13:36:08 +02:00
Marek Marczykowski
eeabd3b371 Revert "vm/spec: disable pam_systemd globally (#607)" (#626) 
This reverts commit 8ec4b6963b71b95bc0cda6dd80d99bf60aa9caec.
This caused regression (#626).

Conflicts:

	rpm_spec/core-vm.spec
 2012-07-16 12:49:41 +02:00
Marek Marczykowski
d9291ab2b4 dom0/appmenus: Rename dir entry for ServiceVMs (#627) 2012-07-15 02:41:23 +02:00
Marek Marczykowski
06ba3f6e49 vm: implement qubes.GetAppmenus to reduce code duplication 
As one-liner services are now real one-line, just do it.
 2012-07-15 02:41:23 +02:00
Marek Marczykowski
20f6c6c6dc vm: simplify qubes.VMShell service 
Now additional wrapper not required to skip cmdline argument
 2012-07-15 02:41:23 +02:00
Marek Marczykowski
b6b50b6fea dom0/appmenus: Rename dir entry for ServiceVMs (#627) 2012-07-15 02:26:17 +02:00
Marek Marczykowski
1c096ec65c vm: implement qubes.GetAppmenus to reduce code duplication 
As one-liner services are now real one-line, just do it.
 2012-07-15 02:26:09 +02:00
Marek Marczykowski
15d5a1205d vm: simplify qubes.VMShell service 
Now additional wrapper not required to skip cmdline argument
 2012-07-15 02:04:17 +02:00
Marek Marczykowski
906332ea40 vm: export SuspendPre and SuspendPost qrexec services (#617) 
1. Try to use NetworkManager sleep command instead of shutting it down
2. Move sleep action details (which is VM-specific) to VM
3. Export it as qrexec service(s)
 2012-07-13 14:44:11 +02:00
Marek Marczykowski
6d6f43fb4e vm: export SuspendPre and SuspendPost qrexec services (#617) 
1. Try to use NetworkManager sleep command instead of shutting it down
2. Move sleep action details (which is VM-specific) to VM
3. Export it as qrexec service(s)
 2012-07-13 14:40:52 +02:00
Marek Marczykowski
718f5c2bdb vm: provide dispvm-dotfiles and dispvm-prerun.sh in rpm package (#620) 2012-07-12 14:22:44 +02:00
Marek Marczykowski
b92bb698be vm: provide dispvm-dotfiles and dispvm-prerun.sh in rpm package (#620) 2012-07-12 14:21:44 +02:00
Marek Marczykowski
954b4e6947 vm/systemd: disable additional useless services (#620) 
Most of them relay on direct network acces, which isn't true on Qubes.
 2012-07-12 03:56:09 +02:00
Marek Marczykowski
ca7ec2aa57 vm/spec: remove dupplicated commnds, suppress error message 2012-07-12 03:56:09 +02:00
Marek Marczykowski
00778cacea dom0/spec: suppress unnecessary messages during package upgrade 2012-07-12 03:56:09 +02:00
Marek Marczykowski
6aeaa7b036 vm/systemd: disable additional useless services (#620) 
Most of them relay on direct network acces, which isn't true on Qubes.
 2012-07-12 03:54:41 +02:00
Marek Marczykowski
212d4227c8 vm/spec: remove dupplicated commnds, suppress error message 2012-07-12 03:54:41 +02:00
Marek Marczykowski
f0d55138d3 dom0/spec: suppress unnecessary messages during package upgrade 2012-07-12 03:54:34 +02:00
Marek Marczykowski
302191edec vm/spec: disable pam_systemd only in trigger 
The %post part is unnecessary.
 2012-07-09 15:54:33 +02:00
Marek Marczykowski
c1f5377b1d vm/spec: disable pam_systemd only in trigger 
The %post part is unnecessary.
 2012-07-09 15:52:42 +02:00
Marek Marczykowski
8b2be6b693 dom0/spec: remove some udev rules from system (#605) 2012-07-05 01:43:32 +02:00
Marek Marczykowski
c4888add66 vm: disable D-Bus activation of NetworkManager (#610) 2012-07-05 01:43:32 +02:00
Marek Marczykowski
b834e2c5a7 vm/spec: disable pam_systemd globally (#607) 
Actually all /etc/pam.d/ files containing pam_systemd.so are autogenerated by
authconfig, so "removing" pam_systemd.so file as not elegant solution, seems to
be much more realiable.
 2012-07-05 01:43:32 +02:00
Marek Marczykowski
3ccc43ede2 dom0/spec: remove some udev rules from system (#605) 2012-07-05 01:40:38 +02:00
Marek Marczykowski
725e724044 vm: disable D-Bus activation of NetworkManager (#610) 2012-07-05 01:33:22 +02:00
Marek Marczykowski
f20099f05b vm/spec: disable pam_systemd globally (#607) 
Actually all /etc/pam.d/ files containing pam_systemd.so are autogenerated by
authconfig, so "removing" pam_systemd.so file as not elegant solution, seems to
be much more realiable.
 2012-07-05 01:31:32 +02:00
Marek Marczykowski
0006ebdaff vm/spec: fix enabling NetworkManager SystemD service 2012-06-26 03:43:36 +02:00
Marek Marczykowski
a6c7d0efbe vm/spec: fix error messages 2012-06-26 03:43:36 +02:00
Marek Marczykowski
da63af599c vm/spec: fix enabling of qubes-firewall SysV service 2012-06-26 03:43:36 +02:00
Marek Marczykowski
2e7d5cc178 dom0: appmenu to start Firefox in new DispVM (#594) 2012-06-26 03:43:36 +02:00
Marek Marczykowski
4f7656e36f vm/spec: fix enabling NetworkManager SystemD service 2012-06-26 03:36:22 +02:00
Marek Marczykowski
4cc7d9300f vm/spec: fix error messages 2012-06-26 03:31:28 +02:00
Marek Marczykowski
71c4ca8804 vm/spec: fix enabling of qubes-firewall SysV service 2012-06-26 03:30:06 +02:00
Marek Marczykowski
0008e71784 dom0: appmenu to start Firefox in new DispVM (#594) 2012-06-24 14:09:43 +02:00
Marek Marczykowski
f53ebfc3cd vm: RPC service for NTP time sync (#603) 2012-06-23 00:37:47 +02:00
Marek Marczykowski
8e61660687 vm: RPC service for NTP time sync (#603) 2012-06-22 22:22:57 +02:00
Marek Marczykowski
288dcc562e vm: enable yum-qubes-hooks plugin (#592) 2012-06-11 22:35:44 +02:00
Marek Marczykowski
5354249102 vm: enable yum-qubes-hooks plugin (#592) 2012-06-08 00:34:11 +02:00
Marek Marczykowski
01ca42b5c4 vm/spec: create firmware symlink only when needed 
On new systems, like FC16+, firmware is provided by separate package (like
linux-firmware), so no longer need to get it from kernel package.
 2012-06-06 03:02:58 +02:00
Marek Marczykowski
4463701bf3 vm/spec: depend on ethtool _package_ 2012-06-06 03:02:58 +02:00
Marek Marczykowski
ad6bfe3ca1 vm/spec: create firmware symlink only when needed 
On new systems, like FC16+, firmware is provided by separate package (like
linux-firmware), so no longer need to get it from kernel package.
 2012-06-06 03:00:05 +02:00
Marek Marczykowski
4911ca7eb9 vm/spec: depend on ethtool _package_ 2012-06-06 02:59:07 +02:00
Marek Marczykowski
79f13d6c66 vm: yum plugin to notify dom0 about installed updates (#592) 2012-06-05 21:21:53 +02:00
Marek Marczykowski
ea08560e43 makefile: rename vchan Makefile to not conflict with windows build 2012-06-05 21:21:53 +02:00
Marek Marczykowski
8023c66020 vm: yum plugin to notify dom0 about installed updates (#592) 2012-06-05 19:28:59 +02:00
Marek Marczykowski
dd60d3da95 makefile: rename vchan Makefile to not conflict with windows build 2012-06-02 12:32:49 +02:00
Marek Marczykowski
1f194cbe08 dom0: block_cleaner: removes ejected devices from xenstore 
When device is ejected by some VM (state=6, effectively inactive), it should be
removed from xenstore to free slot for some another device. This should be done
by libxl toolstack, but not implemented in xen 4.1 - AFAIR done in xen 4.2.
 2012-06-01 20:59:45 +02:00
Marek Marczykowski
4bac57818e vm/qubes-yum-proxy: setup yum to use qubes-yum-proxy (#568) 
The simplest way is just add proxy=... entry to /etc/yum.conf, but sometimes it
is reasonable to bypass the proxy. Some examples:
 - usage of non-standard repos with some exotic file layout, which will be
   blocked by the proxy
 - usage of repos not-accessible via proxy (eg only via VPN stared in VpnVM)

This commit introduces 'yum-proxy-setup' pseudo-service, which can be
controlled via standard qvm-service or qubes-manager. When enabled - yum will
be configured at VM startup to use qubes proxy, otherwise - to connect directly
(proxy setting will be cleared).
 2012-05-31 03:11:44 +02:00
Marek Marczykowski
96508abf2c vm: qubes-yum-proxy service (#568) 
Introduce proxy service, which allow only http(s) traffic to yum repos. The
filter rules are based on URL regexp, so it isn't full-featured content
inspection and can be easy bypassed, but should be enough to prevent some
erroneus user actions (like clicking on invalid link).

It is set up to intercept connections to 10.137.255.254:8082, so VM can connect
to this IP regardless of VM in which proxy is running. By default it is
started in every NetVM, but this can be changed using qvm-service or
qubes-manager (as always).
 2012-05-31 03:11:43 +02:00
Marek Marczykowski
341fbe012c vm/spec: remove executable perm where not needed 2012-05-31 03:11:43 +02:00
Marek Marczykowski
edc3518ec9 vm/qubes-yum-proxy: setup yum to use qubes-yum-proxy (#568) 
The simplest way is just add proxy=... entry to /etc/yum.conf, but sometimes it
is reasonable to bypass the proxy. Some examples:
 - usage of non-standard repos with some exotic file layout, which will be
   blocked by the proxy
 - usage of repos not-accessible via proxy (eg only via VPN stared in VpnVM)

This commit introduces 'yum-proxy-setup' pseudo-service, which can be
controlled via standard qvm-service or qubes-manager. When enabled - yum will
be configured at VM startup to use qubes proxy, otherwise - to connect directly
(proxy setting will be cleared).
 2012-05-31 03:05:13 +02:00
Marek Marczykowski
b2cfd73691 vm: qubes-yum-proxy service (#568) 
Introduce proxy service, which allow only http(s) traffic to yum repos. The
filter rules are based on URL regexp, so it isn't full-featured content
inspection and can be easy bypassed, but should be enough to prevent some
erroneus user actions (like clicking on invalid link).

It is set up to intercept connections to 10.137.255.254:8082, so VM can connect
to this IP regardless of VM in which proxy is running. By default it is
started in every NetVM, but this can be changed using qvm-service or
qubes-manager (as always).
 2012-05-31 03:04:11 +02:00
Marek Marczykowski
a953e56042 vm/spec: remove executable perm where not needed 2012-05-31 02:21:15 +02:00
Marek Marczykowski
b4aa6c6ddc vm/spec: fix /etc/hosts if it was broken by previous version 2012-05-08 23:45:00 +02:00
Marek Marczykowski
0ebd1d0de6 vm/spec: fix /etc/hosts if it was broken by previous version 2012-05-08 23:44:07 +02:00
Marek Marczykowski
950d848ede vm: notify dom0 when updates available in VM (#475) 2012-05-02 00:09:00 +02:00
Marek Marczykowski
370ad33c44 dom0: provide service for VM to notify about updates availability (#475) 2012-05-02 00:09:00 +02:00
Marek Marczykowski
9c7ab91491 dom0: remove unused reset_vm_configs.py 2012-05-02 00:09:00 +02:00
Marek Marczykowski
af1f88755d vm: notify dom0 when updates available in VM (#475) 2012-05-01 01:14:04 +02:00
Marek Marczykowski
fa41bf840c dom0: provide service for VM to notify about updates availability (#475) 2012-05-01 01:12:19 +02:00
Marek Marczykowski
366e405df0 dom0: remove unused reset_vm_configs.py 2012-04-30 13:29:01 +02:00
Marek Marczykowski
f05605eccc dom0/spec: fix spec for qmemman.conf 2012-03-29 16:18:00 +02:00
Marek Marczykowski
7bee34dfb0 dom0/spec: fix spec for qmemman.conf 2012-03-29 16:17:10 +02:00
Marek Marczykowski
71b98f9d95 dom0/qmemman: add support for config file 2012-03-28 00:47:26 +02:00
Marek Marczykowski
2e6e9bfab9 dom0/qmemman: add support for config file 2012-03-28 00:21:01 +02:00
Marek Marczykowski
ba6c682254 dom0/rpm-spec: fix xenconsoled setup 
XENCONSOLED_LOG_GUESTS was erroneously replaced by XENCONSOLED_LOG_HYPERVISOR.
So to config fresh systems and broken by prevoius version, remove any
XENCONSOLED_LOG_ entries and add correct one at the config end.
 2012-03-11 21:14:52 +01:00
Marek Marczykowski
e77bdf63db dom0/rpm-spec: fix xenconsoled setup 
XENCONSOLED_LOG_GUESTS was erroneously replaced by XENCONSOLED_LOG_HYPERVISOR.
So to config fresh systems and broken by prevoius version, remove any
XENCONSOLED_LOG_ entries and add correct one at the config end.
 2012-03-11 21:12:49 +01:00
Marek Marczykowski
a58259a171 Merge branch 'master' into hvm 
Conflicts:
	version_dom0
	version_vm
 2012-03-09 10:19:34 +01:00
Marek Marczykowski
0b142fb040 vm/init.d: make firewall and netwatcher service consistent with systemd 2012-03-09 01:50:18 +01:00
Marek Marczykowski
a717b3755e Merge branch 'master' into hvm 
Conflicts:
	dom0/qvm-core/qubes.py
 2012-03-06 02:21:52 +01:00
Marek Marczykowski
db043c84bc dom0/sysconfig: load and setup cpufreq-xen if present 
Required for suspend on Core i5 with pvops kernel.
 2012-03-05 12:44:08 +01:00
Marek Marczykowski
91ec015486 dom0/sysconfig: enable xenconsoled logging 2012-03-05 12:31:15 +01:00
Marek Marczykowski
25b57bab88 dom0/appmenus: Create "Start" appmenu for HVM domains 2012-03-02 01:56:50 +01:00
Marek Marczykowski
63f3537f98 dom0/spec: require xen-hvm package for stubdom 2012-03-01 10:57:34 +01:00
Joanna Rutkowska
0e0fe6a3d9 Merge branch 'master' of git://git.qubes-os.org/marmarek/core into hvm 2012-02-27 13:30:14 +01:00
Marek Marczykowski
067fb100a1 dom0/modules: support for pvops modules in dom0 2012-02-25 14:04:06 +01:00
Marek Marczykowski
3ad50b58e7 dom0/spec: include HVM config template in rpm 2012-02-24 04:53:15 +01:00
Marek Marczykowski
b422bf8b2f dom0/pm-utils: fix scripts order according to pm-utils docs (#443) 2012-02-09 11:31:41 +01:00
Marek Marczykowski
73e63d9998 dom0/spec: include qubes-* tools in rpm (#421) 2012-02-07 12:31:44 +01:00
Marek Marczykowski
70db6b0fc9 vm/mimeopen: save mimetype defaults for DispVM (#423) 2012-02-06 19:08:08 +01:00
Marek Marczykowski
a4a9632a5a vm/spec: fix file permissions 2012-02-06 12:58:02 +01:00
Marek Marczykowski
b87fff44c4 dom0/clock: sync clock using new qubes-sync-clock from cron (#435, #429) 2012-02-01 17:39:20 +01:00
Marek Marczykowski
4c78a9cb7f dom0/spec: require cron daemon (#429) 2012-01-30 16:27:12 +01:00
Marek Marczykowski
31fd953377 vm/spec: do not complain about missing serial.conf 2012-01-30 14:22:35 +01:00
Marek Marczykowski
ad75f3c99e vm/network: symlink NetworkManager system-connection to /rw (#425) 
In FC15, NetworkManager by default uses global connections ("Available to all users"). Save them in /rw instead of /etc, to preserve them across reboots.
 2012-01-30 14:20:02 +01:00
Marek Marczykowski
f8562f8e1c vm/spec: hide diagnostics from systemctl 2012-01-18 17:24:04 +01:00
Marek Marczykowski
83cde6e841 vm: enable qubes-firewall (#424) 2012-01-18 13:37:31 +01:00
Marek Marczykowski
351b413f74 spec: fix build order 2012-01-15 17:36:22 +01:00
Marek Marczykowski
1e2ca857cc vm/systemd: enable ntpd and NetworkManager services 2012-01-14 01:40:54 +01:00
Marek Marczykowski
b5f691da1c vm/systemd: add some package requirements according to Fedora documentation 2012-01-14 01:40:10 +01:00
Marek Marczykowski
7dbb3fe5b0 vm: disable some autostart applications 2012-01-14 01:39:43 +01:00