Commit Graph

1522 Commits

Author SHA1 Message Date
Marek Marczykowski
9c3f8417d4 vm/iptables: block IPv6 traffic
This isn't properly handled by Qubes VMs yet, so block it in all the VMs.
Also restrict access to firewall config.
2012-10-04 05:44:19 +02:00
Marek Marczykowski
56e0359cfb vm/yum-proxy: one more regexp fix 2012-10-04 05:44:19 +02:00
Marek Marczykowski
551cc8b186 vm/yum-proxy: filter regexp: add missing ^$ marks, remove unneded .* at the beginning
Reported-by: Igor Bukanov <igor@mir2.org>
2012-10-04 05:44:19 +02:00
Marek Marczykowski
0cf7c03ea5 vm/systemd: early user-configurable init script 2012-10-04 05:44:19 +02:00
Marek Marczykowski
04e57db419 vm/yum-proxy: allow pkgtags repodata 2012-10-04 05:44:19 +02:00
Marek Marczykowski
397f2912f0 dom0/core: allow '_' in VM name 2012-10-04 05:44:18 +02:00
Marek Marczykowski
d172fa72f1 vm/qrexec: fix race between child cleanup and select call
reap_children() can close FD, which was already added to FD_SET for select.
This can lead to EBADF and agent termination.
2012-10-04 05:44:18 +02:00
Marek Marczykowski
9519d843d8 dom0/spec: mark qrexec policy as config files
Prevent override on upgrade, when user makes some own changes (especially
"always allow" feature).
2012-10-04 05:44:18 +02:00
Marek Marczykowski
92747285c7 dom0/qvm-block: rework device name parsing to better support c0p1 name style 2012-10-04 05:44:18 +02:00
Marek Marczykowski
1cd3ef3456 dom0/qvm-tools: catch exceptions while settting VM name (#656) 2012-08-23 04:02:50 +02:00
Marek Marczykowski
536eb00b9c dom0/core: verify VM name for not-allowed characters (#656) 2012-08-23 04:01:55 +02:00
Marek Marczykowski
dde1b5b2f5 dom0/qrexec: use QUBESRPC instead of direct multiplexer path 2012-08-23 03:59:31 +02:00
Marek Marczykowski
cc23d3cb3d dom0/qubes_rpc: mark untrusted variables (#654) 2012-08-16 16:56:55 +02:00
Marek Marczykowski
26fca20d45 dom0/qmemman: fix reporting to qubes-manager
When VM is shutting down, xenstore entries (especially 'name') can be deleted
before qmemman remove VM from its list. So check if name is defined before
reporting to qubes-manager.
2012-08-16 16:56:55 +02:00
Marek Marczykowski
9b3a77bc1d dom0: move RPC services to separate directory (#654)
This makes more clear which code have contact with untrusted data from VM.
2012-08-16 16:56:16 +02:00
Joanna Rutkowska
ba85ca2df2 version 1.7.43 2012-08-10 14:45:19 +02:00
Marek Marczykowski
f41759a8b7 vm: ignore additional actions in *.desktop files (#631) 2012-08-10 11:08:05 +02:00
Marek Marczykowski
038933789d vm/updates-proxy: fix regexp (#643) 2012-08-06 14:59:10 +02:00
Marek Marczykowski
4f56cf420a dom0/core: add missing "cleanup_dispvms" file (#648) 2012-08-06 14:57:30 +02:00
Marek Marczykowski
e1404a2d4f dom0/qvm-run: do not break --all when run in one VM failed 2012-08-04 04:15:33 +02:00
Marek Marczykowski
fa17c541af dom0: cleanup dead DispVMs at system startup (#648) 2012-08-04 00:57:34 +02:00
Marek Marczykowski
7677854fd2 dom0/core: make verbose parameter of create_appmenus optional 2012-08-04 00:37:14 +02:00
Marek Marczykowski
b7d2667b1d vm/kernel-placeholder: simplify upgrade 2012-07-30 23:16:05 +02:00
Marek Marczykowski
a680976f1e dom0/updates: show errors from qubes-receive-updates
Especially when signature verification failed, show message about it, not
enigmatic "Could not open/read
file:///var/lib/qubes/updates/repodata/repomd.xml"
2012-07-30 23:16:05 +02:00
Marek Marczykowski
4ffe3e0391 dom0/qvm-block: fix error handler 2012-07-30 23:16:05 +02:00
Marek Marczykowski
c2d4b0de62 dom0/updates: typo fix in qubes-manager statfile handling 2012-07-30 23:16:05 +02:00
Joanna Rutkowska
65a08f7bae version 1.7.42 2012-07-30 16:59:19 +02:00
Marek Marczykowski
be389bddb9 dom0/core: allow custom kernel for non-updateable VMs 2012-07-28 01:40:24 +02:00
Marek Marczykowski
18c9af90c7 dom0/core: fix qubes-session wait code 2012-07-28 00:55:12 +02:00
Marek Marczykowski
b691f57bbf vm: kernel-placeholder package to inhibit real kernel pkg in VM (#645)
Some packages depends on kernel (ex fuse, pulseaudio), but kernel in VM is
managed by dom0. Any hack like exlude or so on will break some things, so
install empty placeholder package to fulfill dependencies.
2012-07-23 23:17:50 +02:00
Marek Marczykowski
cc12b58c2e Merge remote-tracking branch 'joanna/master' 2012-07-23 22:16:42 +02:00
Marek Marczykowski
ad7da49e74 dom0/core: remove ugly hack in network-reconnect code (#637) 2012-07-22 01:33:08 +02:00
Marek Marczykowski
9c912694be vm/prepare-dvm: wait for Xorg in more deterministic way (#636) 2012-07-22 01:23:45 +02:00
Marek Marczykowski
6da61af323 dom0/backup-restore: fix netvm field in summary 2012-07-21 00:12:18 +02:00
Joanna Rutkowska
f2d8142823 version 1.7.41-dom0 2012-07-20 23:22:43 +02:00
Marek Marczykowski
6580fc70a7 Merge branch 'master' of git://git.qubes-os.org/joanna/core
on (#635)

Parse config and setup socket before fork.
2012-07-20 23:01:06 +02:00
Marek Marczykowski
a97458ad08 dom0/core: do not reset firewall on clone_attrs 2012-07-20 22:55:28 +02:00
Marek Marczykowski
dc95349145 dom0/backup-restore: fix verification of VMs in backup 2012-07-20 22:55:28 +02:00
Marek Marczykowski
e7477cfaf2 dom0/core: minor comments improvements 2012-07-20 22:55:28 +02:00
Marek Marczykowski
dbbb168b66 dom0/core: improve diagnostics of qmemman errors 2012-07-20 22:55:17 +02:00
Joanna Rutkowska
00d4da8ee0 version 1.7.40-dom0 2012-07-20 16:47:36 +02:00
Joanna Rutkowska
6ae56d7e18 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2012-07-20 16:45:35 +02:00
Marek Marczykowski
5ea32bd11b dom0/meminfo-writer: fork into background after first info sent to qmemman (#635) 2012-07-20 16:42:12 +02:00
Marek Marczykowski
148e5e55f7 dom0/qmemman: fork into background after daemon initialization (#635)
Parse config and setup socket before fork.
2012-07-20 16:42:11 +02:00
Joanna Rutkowska
47f297f411 version 1.7.39 2012-07-20 13:36:20 +02:00
Joanna Rutkowska
eb74c823d5 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2012-07-20 13:34:49 +02:00
Marek Marczykowski
ba568ed3e9 dom0/core: use generic run() to wait for qubes-session
Especially use 'ignore_stderr' feature.
2012-07-20 13:17:37 +02:00
Joanna Rutkowska
ccbafffff1 version 1.7.38-dom0 2012-07-19 23:24:39 +02:00
Joanna Rutkowska
bf59971108 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2012-07-19 18:55:20 +02:00
Marek Marczykowski
2ddd48f8e4 dom0/core: disable dynamic memory when VM have PCI devices assigned 2012-07-19 14:44:09 +02:00