Marek Marczykowski
9db9d8b6c2
dom0/core: allow passing stdin to QubesVM.run()
2012-09-25 00:22:31 +02:00
Marek Marczykowski
cb5479666c
win/vchan: reset the evtchn buffer in case of overflow
...
In case of evtchn buffer overflow (received more than 1024 events between
libvchan_wait calls) further reads returns ERROR_IO_DEVICE. The only way to
recover from that is to reset the buffer. Because vchan code doesn't take care
of number of fired events - only the fact that some event was fired - lost
events here shouldn't break anything. Events reported _after_ libvchan_wait
call will be collected and reported correctly.
Some more comments in the code (here and in qrexec-agent in the next commit).
2012-09-16 23:32:56 +02:00
Marek Marczykowski
2444603ef5
dom0/core: allow '_' in VM name
2012-09-14 12:57:25 +02:00
Marek Marczykowski
900a21db72
dom0/init.d: hide some missleading error
2012-09-04 19:24:01 +02:00
Marek Marczykowski
b7eaf9a30d
dom0/core: do not use hardcoded "user" in qvm-sync-clock
2012-08-31 00:53:50 +02:00
Marek Marczykowski
e6da68dae2
dom0/qrexec: use DEFAULT user feature of qrexec_daemon in policy parser
2012-08-30 17:48:19 +02:00
Marek Marczykowski
3f5a34f635
Revert "dom0/qrexec: use default user from VM settings"
...
This reverts commit b1ccc9a510e465b8b59f12bafb7735664c4101d0.
This can be handled by qrexec_daemon itself.
Conflicts:
qrexec/qrexec_policy
2012-08-30 17:47:32 +02:00
Marek Marczykowski
46fd664ba3
dom0/qrexec: implement default user handling in qrexec_daemon
...
This will simplify using qrexec from utilities which doen't load qubes.xml
normally (like qrexec_policy, gui daemon).
2012-08-30 17:44:52 +02:00
Marek Marczykowski
4e2f47d95c
dom0/spec: mark qrexec policy as config files
...
Prevent override on upgrade, when user makes some own changes (especially
"always allow" feature).
2012-08-27 00:53:58 +02:00
Marek Marczykowski
3bce6047b5
dom0/qrexec: properly process data after client terminated one way of transfer
...
Instead of removing client from list at EPIPE error from write, assume that
client does not wish read future data, but still can write something.
2012-08-27 00:49:45 +02:00
Marek Marczykowski
f79101d114
dom0/qrexec: fix the case when client disconnected while sending cmdline
...
Previously there was not cleaned up entry in clients table. Not critical, as
will be reset to known state at new client connect, but still fix it.
2012-08-27 00:48:36 +02:00
Marek Marczykowski
89ab002db1
dom0/qrexec: minor FD leak fix
...
qrexec_client will be shortly terminated after that, but still fix it.
2012-08-27 00:48:36 +02:00
Marek Marczykowski
d1882bb9fc
vm/filecopy: close stdin when no more data will be read
...
This will allow qrexec_agent drop the data instead of buffering it.
2012-08-27 00:48:35 +02:00
Marek Marczykowski
4ae822846d
vm/filecopy: add one missing write() error checking
2012-08-27 00:48:35 +02:00
Marek Marczykowski
6984c4d795
vm/qrexec: better handle the case when child process closes its stdin
...
Instead of assuming process termination (because of write returned EPIPE), just
do not write to the process pipe, but still process the data in opposite
direction until EOF received.
2012-08-27 00:48:22 +02:00
Marek Marczykowski
798d239c15
vm/qrexec: fix race between child cleanup and select call
...
reap_children() can close FD, which was already added to FD_SET for select.
This can lead to EBADF and agent termination.
2012-08-27 00:20:25 +02:00
Marek Marczykowski
1c04920833
vm/qrexec: log exit code in "sending exit code" message
2012-08-27 00:18:35 +02:00
Marek Marczykowski
6305e6cbe1
dom0/qvm-block: rework device name parsing to better support c0p1 name style
2012-08-26 14:41:35 +02:00
Marek Marczykowski
fefb6d9cff
vm+dom0/filecopy-unpacker: send errors to qfile-agent istead of local message ( #239 )
...
Because unpacker no longer require GUI access, there is no need for separate
process for error reporting. Which greatly simplify the code.
2012-08-25 02:09:45 +02:00
Marek Marczykowski
cec58c048a
vm/filecopy-agent: check for unpacker errors during transfer ( #239 )
...
If unpacker encounter error it sends result header immediately - detect it as
soon as possible and do not send rest of file(s).
2012-08-25 01:26:19 +02:00
Marek Marczykowski
87511f3112
vm/filecopy: support nonblocking fd in read_all
...
This will be needed to (non blocking) check if data is available on pipe -
especially to receive possible error from the other end (which will be
introduced sometime later).
2012-08-25 01:22:00 +02:00
Marek Marczykowski
62f626e68f
vm/filecopy: close unused fds in parent process
2012-08-25 01:19:47 +02:00
Marek Marczykowski
c9a43f66ed
dom0/qrexec: do not exit client before all data in both direction transfered
...
When qrexec_client cannot write to its stdout, this doesn't necessary mean that
there is no data in opposite direction.
Simple example is RPC service: when process in destination VM closes its stdin,
it can still send some data to triggering VM.
2012-08-25 01:17:50 +02:00
Marek Marczykowski
77b2758c93
vm/qubes-rpc: move set_(non)?block to ioall.c as can be used not only in qrexec
2012-08-25 01:11:22 +02:00
Marek Marczykowski
e03eab7137
vm/filecopy: remove duplicated error reporting
...
Each write_all is check for errors (when it makes sense) with own perror call,
so don't dupplicate messages.
2012-08-25 01:06:25 +02:00
Marek Marczykowski
ab52153ab2
win/vchan: remove outstanding evtchn events on libvchan_wait
...
Windows evtchn driver can double fire on one event (details in
xenpci/evtchn_device_interface.c:EvtChn_EvtIoWrite). Less intrusive way of
fixing it is just remove all events from queue on libvchan_wait (to prevent
queue fill).
This won't hurt because we are interested in events only sent
after xc_evtchn_unmask call which is one line below.
2012-08-23 21:39:41 +02:00
Marek Marczykowski
c0455ac641
Merge branch 'master' into hvm
...
Conflicts:
dom0/qvm-tools/qvm-create
version_dom0
2012-08-23 11:11:59 +02:00
Marek Marczykowski
1cd3ef3456
dom0/qvm-tools: catch exceptions while settting VM name ( #656 )
2012-08-23 04:02:50 +02:00
Marek Marczykowski
536eb00b9c
dom0/core: verify VM name for not-allowed characters ( #656 )
2012-08-23 04:01:55 +02:00
Marek Marczykowski
dde1b5b2f5
dom0/qrexec: use QUBESRPC instead of direct multiplexer path
2012-08-23 03:59:31 +02:00
Marek Marczykowski
b7f5c6ac0b
dom0/qvm-tools: catch exceptions while settting VM name ( #656 )
2012-08-23 03:48:03 +02:00
Marek Marczykowski
85565af560
dom0/core: verify VM name for not-allowed characters ( #656 )
2012-08-23 03:45:06 +02:00
Marek Marczykowski
4fcaf3e7b7
Revert "win: unmask evtchn before checking if libvchan_wait is needed"
...
This reverts commit f7ce10db8f76f752cf9d65b420de352e70bdb048.
This should be fixed by doing 0-length reads in qrexec main loop (instead of
real read of fired port number).
2012-08-23 01:58:44 +02:00
Marek Marczykowski
7c1dfe9266
dom0/qrexec: implement standalone policy evaluation ( #12 pro)
...
This change will allow to use the same policy mechanism to control clipboard
copy between domains.
2012-08-18 22:08:26 +02:00
Marek Marczykowski
11e142adb3
dom0/qrexec: use default user from VM settings
2012-08-18 21:42:54 +02:00
Marek Marczykowski
d0f20e9e59
Merge remote-tracking branch 'joanna-pro/hvm' into hvm
2012-08-18 21:24:01 +02:00
Marek Marczykowski
7745e23137
dom0/qrexec: use QUBESRPC instead of direct multiplexer path
2012-08-18 21:21:20 +02:00
Marek Marczykowski
a98020eca7
dom0+vm/qfile-copy: use setuid instead of policy setting to allow chroot
...
This will allow to not hardcode "root" username in policy, which can be useful
for non-Linux systems.
2012-08-18 21:17:07 +02:00
Marek Marczykowski
b05d035ff2
Merge remote-tracking branch 'alex/hvm' into hvm
2012-08-17 17:44:37 +02:00
Marek Marczykowski
cc23d3cb3d
dom0/qubes_rpc: mark untrusted variables ( #654 )
2012-08-16 16:56:55 +02:00
Marek Marczykowski
26fca20d45
dom0/qmemman: fix reporting to qubes-manager
...
When VM is shutting down, xenstore entries (especially 'name') can be deleted
before qmemman remove VM from its list. So check if name is defined before
reporting to qubes-manager.
2012-08-16 16:56:55 +02:00
Marek Marczykowski
9b3a77bc1d
dom0: move RPC services to separate directory ( #654 )
...
This makes more clear which code have contact with untrusted data from VM.
2012-08-16 16:56:16 +02:00
Joanna Rutkowska
ba85ca2df2
version 1.7.43
2012-08-10 14:45:19 +02:00
Marek Marczykowski
f41759a8b7
vm: ignore additional actions in *.desktop files ( #631 )
2012-08-10 11:08:05 +02:00
Marek Marczykowski
cb39325e6f
vm: ignore additional actions in *.desktop files ( #631 )
2012-08-10 11:06:58 +02:00
Marek Marczykowski
a67bf1f1c0
Merge branch 'master' into hvm
2012-08-06 15:00:02 +02:00
Marek Marczykowski
038933789d
vm/updates-proxy: fix regexp ( #643 )
2012-08-06 14:59:10 +02:00
Marek Marczykowski
4f56cf420a
dom0/core: add missing "cleanup_dispvms" file ( #648 )
2012-08-06 14:57:30 +02:00
Marek Marczykowski
e1404a2d4f
dom0/qvm-run: do not break --all when run in one VM failed
2012-08-04 04:15:33 +02:00
Marek Marczykowski
fa17c541af
dom0: cleanup dead DispVMs at system startup ( #648 )
2012-08-04 00:57:34 +02:00