Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
512 Commits 1 Branch 0 Tags 20 MiB
95a52d388b
Commit Graph

271 Commits

Author SHA1 Message Date
Rafal Wojtczuk
fcfc1c498d Change permissions on Dispvm template files only if we are root 
Otherwise, it makes no sense, and thus we do not unnecessarily
warn.
 2011-03-24 16:57:43 +01:00
Rafal Wojtczuk
4401c5a2cb Limit Dispvm to 1 vcpu 
Because a restored domain with multiple cpus, ehrrm, hardly works,
at least with current Xen+kernel combination.
 2011-03-24 16:53:40 +01:00
Marek Marczykowski
7f94cf2709 Merge branch 'spring-merge' of ssh://git.qubes-os.org/var/lib/qubes/git/rafal/core into spring-merge 2011-03-23 19:45:59 -04:00
Marek Marczykowski
0962eab45a Cmdline tool to grow private.img (#5) 2011-03-23 19:41:58 -04:00
Rafal Wojtczuk
25f49bca18 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core into spring-merge 2011-03-23 16:47:05 +01:00
Rafal Wojtczuk
f9b9b1ade6 qvm-create-default-dvm: fix permissions after creating savefile 
So, savefile.img and netvm_id.txt are correctly owned as well.
 2011-03-23 13:40:28 +01:00
Rafal Wojtczuk
a1f8cd9071 When creating disposablevm object, pass non-None dirpath 
QubesVm constructor does not like it.
 2011-03-23 13:26:39 +01:00
Marek Marczykowski
46190b9d82 Copy kernel for standalone VM 2011-03-23 09:59:59 +01:00
Rafal Wojtczuk
a814b522b9 Fix permissions on the dvm template directory. 
Needed in case default_template-dvm VM was created in init
scripts, and files are not writeble by group qubes.
 2011-03-23 09:36:30 +01:00
Rafal Wojtczuk
4e78284e4f block.qubes: pass arguments correctly to other scripts 2011-03-23 09:31:44 +01:00
Rafal Wojtczuk
105486135b Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/smoku/core into spring-merge 2011-03-23 09:23:38 +01:00
Tomasz Sterna
481e9871c4 Implemented implicit rule to allow ICMP traffic in firewall 2011-03-21 22:06:53 +01:00
Rafal Wojtczuk
488eda21d9 Merge branch 'blockless' into spring-merge 
Conflicts:
	appvm/Makefile
	appvm/qubes_core
	netvm/qubes_core
	rpm_spec/core-appvm.spec
	rpm_spec/core-netvm.spec
 2011-03-21 13:54:35 +01:00
Marek Marczykowski
a5a43cdbc7 Fix missing arg to reset_volatile_storage (#118) 
And do not call it twice...
 2011-03-19 17:05:53 -04:00
Marek Marczykowski
bc383b692d Use clean-volatile.img.tar instead of unpacked one (#118) 
"tar x" is much faster than cp on sparse file
 2011-03-19 17:05:00 -04:00
Marek Marczykowski
a6ee9d66f5 qvm-backup-{,restore} - support for standalone VMs 
Backup root.img instead of (non-existing) root-cow.img
 2011-03-18 22:24:08 -04:00
Marek Marczykowski
c461835ea7 Dont allow to change disable 'updateable' flag of standalone VM 2011-03-18 22:19:03 -04:00
Marek Marczykowski
ee28ca10d4 Indent, blank lines 2011-03-18 22:18:31 -04:00
Marek Marczykowski
823bd1ce0f Use common image for swap and root-cow - volatile.img (#118) 
This reduces xvd* devices count, so speeds up VM start.
Also swap-cow is no longer needed, so remove this additional dm-snapshot layer.
 2011-03-18 22:15:32 -04:00
Tomasz Sterna
aa58bec1d9 Fixed default policy handling in firewall rules 2011-03-18 14:12:19 +01:00
Marek Marczykowski
33e7ee3623 Reduce duplicated code in qubes.xml load 
Parse common attrs in separate function.
Side effect: possibility to set custom TemplateVM label
 2011-03-16 20:40:15 -04:00
Marek Marczykowski
bef1ea4c92 Reduce duplicated code in create_xml_entries 2011-03-16 19:42:01 -04:00
Marek Marczykowski
4e68c4cde9 Standalone VM (#98) 
'updateable' property is now read-onlyr; updateable=True means that VM has own
root.img, not persistent root-cow.img.
 2011-03-16 18:45:02 -04:00
Marek Marczykowski
ef6a3e576b Parse tags %MEM% and %VCPUS% in {app,net}vm-template.conf (#115) 2011-03-16 13:39:54 -04:00
Marek Marczykowski
379a5620c8 Fix netvm creation from template 
Missing netvms_conf_file parameter in template
 2011-03-16 13:38:16 -04:00
Marek Marczykowski
2b78538376 Merge git://git.qubes-os.org/joanna/core 2011-03-16 11:29:55 -04:00
Marek Marczykowski
5e2dd1c6ce Revert "Do not add new vm to xen storage in qvm-create - it is done by core" 
This reverts commit 72ddb5aae1.
 2011-03-16 11:44:25 +01:00
Marek Marczykowski
72ddb5aae1 Do not add new vm to xen storage in qvm-create - it is done by core 2011-03-16 11:41:18 +01:00
Marek Marczykowski
5acc4610b4 Allow installed_by_rpm=False in NetVM and ProxyVM 2011-03-16 11:41:18 +01:00
Marek Marczykowski
7dbe6e1731 Create NetVM xen config from separate template (netvm-template.conf) 2011-03-16 11:41:18 +01:00
Joanna Rutkowska
fa7e13c602 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2011-03-15 22:57:27 +01:00
Marek Marczykowski
63b06516b7 Do not add new vm to xen storage in qvm-create - it is done by core 2011-03-15 18:51:31 +01:00
Marek Marczykowski
14c48f5253 Merge commit '00ba6dd5b7441cf10f87f527f4ac7eb459cb0a08' 2011-03-15 18:33:01 +01:00
Marek Marczykowski
993d34e7d5 Allow labels for NetVM/ProxyVM. Require it in qvm-create. 2011-03-15 18:28:28 +01:00
Joanna Rutkowska
5e1a808648 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2011-03-15 18:16:33 +01:00
Marek Marczykowski
588f4b91c8 Fix Firewall -> Proxy... 2011-03-15 17:40:23 +01:00
Rafal Wojtczuk
8ce0e0f39b Fixed permissions of qfile-daemon 2011-03-15 16:48:17 +01:00
Rafal Wojtczuk
84b1a186ff Added qfile-unpacker and qfile-daemon 2011-03-15 16:43:43 +01:00
Joanna Rutkowska
f83daa49f9 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/smoku/core 2011-03-14 22:44:04 +01:00
Tomasz Sterna
d82001819d Properly call QubesProxyVm superclass 2011-03-14 20:57:08 +01:00
Tomasz Sterna
00ba6dd5b7 Properly find root netvm in netvm chain 2011-03-14 20:44:17 +01:00
Tomasz Sterna
c92a2bf25f Properly create default firewall configuration 2011-03-14 20:43:56 +01:00
Joanna Rutkowska
b8d98403ff Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2011-03-14 13:15:48 +01:00
Rafal Wojtczuk
5d3c43e4fa created qfile-daemon-dvm 
Mostly code from qfilexchgd; it will be removed soon.
 2011-03-14 10:43:09 +01:00
Marek Marczykowski
d6181d21cf Merge commit 'e2d52a27e810522c41720bb17b1f4f52f1fe2e6a' 
Conflicts:
	dom0/qvm-core/qubes.py
	fwvm/init.d/qubes_firewall
 2011-03-11 23:32:13 +01:00
Marek Marczykowski
65a758029e Revert "Requiest external_ip permission at start, not create" 
This reverts commit 53b8e5aacf.
 2011-03-11 23:21:23 +01:00
Tomasz Sterna
dc8325f564 Use DNS IPs in firewall rules 2011-03-11 19:39:26 +01:00
Marek Marczykowski
2a72b293c4 ProxyVM type in qvm-ls 2011-03-11 02:44:11 +01:00
Marek Marczykowski
53b8e5aacf Requiest external_ip permission at start, not create 2011-03-11 02:22:26 +01:00
Marek Marczykowski
344b257d87 Missing coma 2011-03-11 02:12:23 +01:00
Marek Marczykowski
48613fb911 Check if netvm is set for ProxyVM before using it... 2011-03-11 02:11:05 +01:00
Marek Marczykowski
41800eb879 Store default_fw_netvm in qubes.xml 2011-03-11 02:10:51 +01:00
Marek Marczykowski
5c2e676fa1 Set netvm reference only after NetVMs/ProxyVMs load - ProxyVM 2011-03-11 02:00:42 +01:00
Marek Marczykowski
a3d8778841 arameters for add_new_*, variables loaded from qubes.xml 
Cow based VMs doesn't have root_img param, but private_img.
 2011-03-11 01:59:56 +01:00
Marek Marczykowski
8928e55215 Swap COW for all CowVMs, not only AppVM 2011-03-11 01:55:29 +01:00
Marek Marczykowski
3043a391e0 'templete' typo again 2011-03-11 01:52:09 +01:00
Marek Marczykowski
969b14b5ed qvm-create: support for netvm and proxyvm 
Move PCI config from qvm-add-netvm to qvm-core.
Remove qvm-add-netvm as useless when netvm is template-based
 2011-03-11 01:48:27 +01:00
Marek Marczykowski
c7a832a279 NetVM, AppVM, ProxyVM from single template - VM side 
Modify VM packages to:
- do not conflicts
- starts services if its VM type need it

Added core-proxyvm (firewall) and core-commonvm (common parts) packages.
 2011-03-11 01:38:04 +01:00
Marek Marczykowski
4c14652245 Add preparing_dvm param to TemplateVM.start (to start it as any other VM) 2011-03-10 17:24:56 +01:00
Marek Marczykowski
9895665f2c fwvm -> proxyvm rename fix 2011-03-10 16:16:39 +01:00
Marek Marczykowski
a21e0d37c6 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/smoku/core 
Conflicts:
	dom0/qvm-core/qubes.py
 2011-03-10 16:05:48 +01:00
Marek Marczykowski
a10abc5c9d Merge tag 'smk_a8cef51b' of ssh://git.qubes-os.org/var/lib/qubes/git/smoku/core 
Conflicts:
	dom0/qvm-core/qubes.py
	dom0/qvm-tools/qvm-ls
 2011-03-10 14:14:48 +01:00
Tomasz Sterna
ae2d170a7e Fixed external_ip permissions setting and netvm_domid entry handling. 2011-03-10 13:38:49 +01:00
Tomasz Sterna
afbdfe8ae4 Store netvm domid in FwVM. 2011-03-09 20:38:29 +01:00
Tomasz Sterna
58a4b4c82b Implemented qubes_netvm_external_ip feature. 2011-03-09 20:38:29 +01:00
Tomasz Sterna
87ff30fe26 Fixed xenstore-chmod call syntax 2011-03-09 19:47:08 +01:00
Tomasz Sterna
6ad91617a7 Store the state of FwVM rules 2011-03-09 18:07:22 +01:00
Tomasz Sterna
fd8ecca9bd Create qubes_iptables_error xenstore file in FwVM and set its permissions. 2011-03-09 17:51:05 +01:00
Tomasz Sterna
ca81f0103d Update firewall rules on VM start 2011-03-09 17:51:05 +01:00
Marek Marczykowski
1914854e88 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/marmarek/core 
Conflicts:
	dom0/qvm-core/qubes.py
	dom0/qvm-tools/qvm-prefs
	dom0/qvm-tools/qvm-template-commit
 2011-03-09 17:23:32 +01:00
Marek Marczykowski
e35fccef35 Fix AppVm constructior 2011-03-09 15:24:54 +01:00
Rafal Wojtczuk
a7cc09071f Make qubes_restore rexec-aware. 2011-03-08 13:03:55 +01:00
Rafal Wojtczuk
eb7821771e In qvm-start, check $DISPLAY existence, too. 2011-03-07 16:05:36 +01:00
Rafal Wojtczuk
62d0127647 Integrate qrexec with qvm-run. 2011-03-07 15:58:04 +01:00
Marek Marczykowski
c1bd86142c NetVM and ProxyVM based on template: part 1 (core) 2011-03-06 17:06:45 +01:00
Marek Marczykowski
13c3a04755 Fix typo 'templete' 2011-03-06 14:06:24 +01:00
Tomasz Sterna
e9bd19299f Update firewall iptables file during VM start 2011-03-06 14:06:24 +01:00
Tomasz Sterna
f33fcff372 Implemented iptables rules file generator 2011-03-06 14:06:24 +01:00
Tomasz Sterna
0c1b6ca4b0 Store firewal rules in Python data structure 2011-03-06 14:06:24 +01:00
Tomasz Sterna
aa536fdbda Properly set FwVM xenstore files 2011-03-06 14:06:24 +01:00
Tomasz Sterna
bd05975a53 Removed trailing whitespace 2011-03-06 14:06:24 +01:00
Tomasz Sterna
8e465a13b5 Implemented firewall_conf storage 2011-03-06 14:06:24 +01:00
Tomasz Sterna
026a109d1f Fixed setting netvm of FWVM 2011-03-06 14:06:24 +01:00
Tomasz Sterna
60caf9af7f Refactored QubesVm.is_*vm() methods 2011-03-06 14:06:24 +01:00
Tomasz Sterna
cba89a8747 Show FirewallVMs in qvm-ls 2011-03-06 14:06:24 +01:00
Tomasz Sterna
d207ecacea Implemented QubesFirewallVm subclass of QubesNetVm 2011-03-06 14:06:24 +01:00
Marek Marczykowski
24c0778154 gitignore files - add build products 2011-03-06 14:06:24 +01:00
Marek Marczykowski
b778fa3210 Add typo in qvm-template-commit 
As in original classes...
 2011-03-06 14:06:24 +01:00
Marek Marczykowski
14aaccbc5f Update TemplateVM with running AppVM: part 2 
- support for template modify in qvm-core
- tool for commit changes to template
 2011-03-06 14:06:15 +01:00
Rafal Wojtczuk
d6f327492d Start qrexec daemon and agent 2011-03-04 17:19:51 +01:00
Tomasz Sterna
a8cef51b67 Use new, simplified firewall rules data scheme 2011-03-03 22:40:36 +01:00
Tomasz Sterna
0a8249d83f Update firewall iptables file during VM start 2011-03-02 15:04:11 +01:00
Tomasz Sterna
45f84b1713 Implemented iptables rules file generator 2011-03-02 15:03:21 +01:00
Tomasz Sterna
6083384e6d Store firewal rules in Python data structure 2011-03-02 15:02:46 +01:00
Tomasz Sterna
353f04e186 Properly set FwVM xenstore files 2011-03-02 15:01:30 +01:00
Tomasz Sterna
d758eb8258 Removed trailing whitespace 2011-03-02 15:00:19 +01:00
Marek Marczykowski
c3bf11062f gitignore files - add build products 2011-03-02 11:58:22 +01:00
Marek Marczykowski
143f1519a8 Add typo in qvm-template-commit 
As in original classes...
 2011-03-02 11:52:19 +01:00
Marek Marczykowski
6db640dbfe Update TemplateVM with running AppVM: part 2 
- support for template modify in qvm-core
- tool for commit changes to template
 2011-03-02 11:33:22 +01:00
Tomasz Sterna
a450e51126 Implemented firewall_conf storage 2011-02-21 18:13:27 +01:00