Commit Graph

287 Commits

Author SHA1 Message Date
Joanna Rutkowska
670f034ee9 Igonre the 'run as root' warning for qvm-create-default-dvm 2011-04-08 11:03:00 +02:00
Joanna Rutkowska
f6d4f86edc Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core
Conflicts:
	rpm_spec/core-dom0.spec
2011-04-07 19:39:42 +02:00
Joanna Rutkowska
7097cfa2ac Add explanations why we don't isolate root from user in VMs and in Dom0 2011-04-07 19:38:02 +02:00
Marek Marczykowski
a610ec51d0 Automaticaly start qubes_guid for all VMs when user logon
This is needed ex for NetVM, which is started without qubes_guid
2011-04-07 19:23:23 +02:00
Joanna Rutkowska
2230e67a39 Optional package with suspend fixes for Vaio Z laptops 2011-04-07 13:34:17 +02:00
Marek Marczykowski
e9c6dc387e Fixed getting VMs connected to NetVM (#172) 2011-04-07 10:42:24 +02:00
Marek Marczykowski
086f2720df Add missing import (#200) 2011-04-06 23:55:16 +02:00
Marek Marczykowski
c569d4070e Warning the user if calling qvm-{create,remove} as root (#200) 2011-04-06 23:52:39 +02:00
Marek Marczykowski
d1abb37a5f Do not fail if cannot remove VM from xen store just before adding it again (#204) 2011-04-06 23:30:14 +02:00
Joanna Rutkowska
d01489b486 Use 200MB by default for NetVM and ProxyVM 2011-04-06 13:34:03 +02:00
Joanna Rutkowska
102d5735e7 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2011-04-06 10:40:51 +02:00
Marek Marczykowski
d4e80e7984 Deny inter-VM traffic in ProxyVM 2011-04-06 10:32:20 +02:00
Joanna Rutkowska
c80a1c18ac Add qubes group to suders that can do everything
(The file in /etc/sudoers.d/ cannot have '.' in its name!)
2011-04-05 18:01:03 +02:00
Joanna Rutkowska
a7ac3a089c Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2011-04-05 14:41:52 +02:00
Marek Marczykowski
c8acca0eb6 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core
Conflicts:
	dom0/qvm-core/qubes.py
2011-04-05 14:39:40 +02:00
Marek Marczykowski
ffaa518c5a Fix checking if there is AppVMs based on template (#154) 2011-04-05 14:33:51 +02:00
Joanna Rutkowska
cc5d0e016d Use priority 8x for qubes services, allowing for more flexibility 2011-04-05 14:31:19 +02:00
Joanna Rutkowska
97ca67c974 Merge branch 'spring-merge' of git.qubes-os.org:/var/lib/qubes/git/rafal/core 2011-04-05 14:24:52 +02:00
Marek Marczykowski
c2498a33e2 Uninstall appmenus only if present in VM dir (#192) 2011-04-05 11:58:21 +02:00
Rafal Wojtczuk
37e06d19e4 qmemman: handle requests for small pieces correctly
There seems to be a problem with xm mem-set, when executed for a value
very close to the current value - the request is ignored; apparently, the
domU kernel imposes some granularity on the request size.
So, if qmemman is asked for, say 470MB, and there is 469MB free, it will try
to milk 1MB from all domains - and this will fail. REQ_SAFETY_NET_FACTOR
does not help in this scenario.
The logs show
req= 1110016 avail= 2503727104.0 donors [('11', 194375270.40000001),...
borrow 90484.1597129 from 11 - so, beg for 90K from a domain
borrow 132239.288652 from 10
borrow 537099.316089 from 0
borrow 148004.024941 from 7
borrow 139834.21573 from 9
borrow 117855.794876 from 8
and then we fail when a domain does not provide this lousy 90KB.

The solution is to ask for actual_need+XEN_FREE_MEM_LEFT, but return if we already
have actual_need+XEN_FREE_MEM_MIN (the latter is 25MB smaller).
2011-04-05 10:52:53 +02:00
Marek Marczykowski
449bcb09ac Don't remove VM dir, when qvm-create failed
It can contain user data (copied here by hand)
2011-04-05 00:12:32 +02:00
Marek Marczykowski
1b0f198999 Don't pause AppVMs when connecting network to dom0
There is no point in this, because we have firewall in NetVM. If someone
compromise NetVM to controll firewall, he could also reach dom0 by network.
2011-04-04 20:02:07 +02:00
Marek Marczykowski
2aec07dd60 Store VM collection connected to NetVM 2011-04-04 19:08:40 +02:00
Joanna Rutkowska
a88e104b6e Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2011-04-04 18:47:08 +02:00
Marek Marczykowski
a6d079594b Don't set template on StandaloneVM - only use it when copying template files (#189) 2011-04-04 18:41:02 +02:00
Rafal Wojtczuk
02514b1347 If the firewall rules file does not exist, assume ALLOW (#188)
So that newly created appvms have net access.
2011-04-04 17:07:46 +02:00
Joanna Rutkowska
b779fadda6 Revert "Start qrexec daemon when VM is running (but qrexec not)"
This functionality has already been implemented by:

d6bdb85883

This reverts commit 97403a8e45.
2011-04-04 09:35:48 +02:00
Joanna Rutkowska
3f31a5f3a7 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2011-04-04 09:33:31 +02:00
Marek Marczykowski
c10f7ef70b Add missing coma (#155) 2011-04-04 00:08:24 +02:00
Marek Marczykowski
398734dad2 Internal VMs (hidden in qubes-manager, menus etc) - used for DispVM template (#155) 2011-04-03 17:47:20 +02:00
Marek Marczykowski
fa703c536f Generate firewall rules only for VMs connected to this firewall (#158) 2011-04-03 01:54:04 +02:00
Marek Marczykowski
ab244d803f Detect if VMs is outdated (#168)
If so - VMs restart is required to see latest template changes.
2011-04-02 02:11:41 +02:00
Marek Marczykowski
5e3b3fe922 Store and load from qubes.xml memory, vcpus and pcidevs
Needed to recreate correct xen config files (ex after template package upgrade)
2011-04-02 00:37:38 +02:00
Marek Marczykowski
e22f303f79 Warn user when restoring backup as root (#159) 2011-04-01 02:11:40 +02:00
Marek Marczykowski
136a65e0be Fix indentation - duplicate VMs warning message (#159) 2011-04-01 02:10:50 +02:00
Marek Marczykowski
156778fcd7 Set template field before check its correctness.
Backup from Aplha3 with updateable VMs contains case, when updateable VM have template.
So set this template (to make qvm-backup-restore working), but give error message.

Also fix typo.
2011-04-01 02:06:22 +02:00
Marek Marczykowski
97403a8e45 Start qrexec daemon when VM is running (but qrexec not)
This takes place ex. when VM started from qubes-manager.
There is little sense in implementing full start procedure in every qubes tool,
so start it here, not in qubes-manager.
2011-04-01 01:23:57 +02:00
Marek Marczykowski
f0716c2498 Setup firewall for every VM with FW configuration (no only AppVM) (#167) 2011-04-01 01:17:38 +02:00
Marek Marczykowski
97393c54a5 Really block 'updateable' flag change 2011-04-01 01:17:18 +02:00
Marek Marczykowski
1f5c03da3f Remove QubesCowVm class
StandaloneVM isn't really CowVM; also most AppVM/CowVM features applies also to TemplateVM.
So CowVM class is meaningless.
2011-04-01 01:14:18 +02:00
Rafal Wojtczuk
d6bdb85883 Start qrexec_daemon in vm.start()
Instead of three separate places - qvm-start, qvm-run, manager.
2011-03-31 11:11:39 +02:00
Rafal Wojtczuk
5978f7a724 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core into spring-merge 2011-03-31 09:44:30 +02:00
Marek Marczykowski
3a5cc0cc21 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core 2011-03-31 02:51:34 +02:00
Marek Marczykowski
ece8cfa9f0 Show output from resize2fs, when running it in AppVM (#5) 2011-03-31 02:40:45 +02:00
Marek Marczykowski
6273c42faf Recursive stop VMs, when stopping NetVM (#172)
Dependency resolving in qvm-core, recursive stopping only in qvm-run for now.
2011-03-31 02:35:02 +02:00
Marek Marczykowski
01ef2aff9e Wait for device size change, before resize2fs (#5) 2011-03-31 00:44:58 +02:00
Marek Marczykowski
212fd13957 Stop only NM on suspend. (#146)
Also remove ip_forward setting from sysctl, so NM will not reset it on restart
2011-03-31 00:19:41 +02:00
Joanna Rutkowska
23f4806c7d Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2011-03-29 13:25:07 +02:00
Marek Marczykowski
464337a24e Ignore exit status from netvm pm-scripts (#146) 2011-03-29 12:22:31 +02:00
Marek Marczykowski
2bcbc1742e Run pm-utils scripts in netvm on suspend (#146) 2011-03-29 12:20:50 +02:00