Joanna Rutkowska
d157fe950a
Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core
2011-03-31 13:30:05 +02:00
Marek Marczykowski
212fd13957
Stop only NM on suspend. ( #146 )
...
Also remove ip_forward setting from sysctl, so NM will not reset it on restart
2011-03-31 00:19:41 +02:00
Rafal Wojtczuk
df9549a7db
Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/smoku/core into spring-merge
2011-03-28 17:28:24 +02:00
Tomasz Sterna
01b7d9aafc
Create needed NetworkManager.conf in netvm. #94
...
Also fixed qubes_fix_nm_conf.sh script.
2011-03-26 11:33:04 +01:00
Marek Marczykowski
5f4fcedf55
Merge branch 'master' of git://git.qubes-os.org/joanna/core
2011-03-23 20:12:13 -04:00
Rafal Wojtczuk
0b208e8664
Move libs and /var/run/qubes out of qubes-netvm
...
They are already in core-appvm package.
2011-03-23 11:48:06 +01:00
Rafal Wojtczuk
5350e5cc5b
move qrexec_agent out of core-netvm.spec
...
It is already in core-appvm.
2011-03-23 11:46:53 +01:00
Rafal Wojtczuk
488eda21d9
Merge branch 'blockless' into spring-merge
...
Conflicts:
appvm/Makefile
appvm/qubes_core
netvm/qubes_core
rpm_spec/core-appvm.spec
rpm_spec/core-netvm.spec
2011-03-21 13:54:35 +01:00
Joanna Rutkowska
4c5d9f56c7
Tag RPMs with dist info
2011-03-16 19:14:42 +01:00
Marek Marczykowski
33ed1ecad8
Drop forced fedora version from requires
2011-03-16 11:41:18 +01:00
Marek Marczykowski
b04b36af2c
Register VM services also on update
2011-03-11 23:42:49 +01:00
Marek Marczykowski
c7a832a279
NetVM, AppVM, ProxyVM from single template - VM side
...
Modify VM packages to:
- do not conflicts
- starts services if its VM type need it
Added core-proxyvm (firewall) and core-commonvm (common parts) packages.
2011-03-11 01:38:04 +01:00
Marek Marczykowski
7e29c397aa
Add 30-qubes_external_ip to netvm.spec
2011-03-10 16:09:37 +01:00
Rafal Wojtczuk
f1a7df6e95
Implemented mechanism to trigger predefined execution in dom0.
...
Processes in AppVM can ask qrexec-agent to send a
MSG_AGENT_TO_SERVER_TRIGGER_EXEC message to qrexec-daemon.
The latter will execute predefined program. It is useful for
the purpose of file copy; the predefined program will create
a connected qfile-daemon<->qfile-agent pair.
2011-03-10 15:41:31 +01:00
Tomasz Sterna
a71b846ee2
Added FirewallVM related VM scripts
2011-03-09 20:50:13 +01:00
Rafal Wojtczuk
f263aa6b7c
Moved vchan and u2mfn code to core.
2011-03-08 12:24:47 +01:00
Rafal Wojtczuk
b98dffc965
qrexec* tools, initial version
2011-03-04 16:32:58 +01:00
Rafal Wojtczuk
e1de26f79a
Require NetworkManager >= 0.8.1-1
...
Unfortunately, config files layout changes with NM version; therefore
require >= 0.8.1-1.
This should also prevent NM from messing with VIF interfaces on suspend/resume.
2010-09-17 15:16:01 +02:00
Rafal Wojtczuk
1239643c73
Tell Network Manager to keep hands off vif interfaces
...
...somehow indirectly, by specifying the mac; unfortunately I do not
see any other way.
2010-09-07 13:18:08 +02:00
Rafal Wojtczuk
31e7e96056
Switch to routed VM network (instead of bridging)
...
No headache from layer 2 attacks.
2010-09-06 17:07:42 +02:00
Rafal Wojtczuk
64e8013dc2
Unify dom0 and netvm sysconfig/iptables
...
Plus:
- dedicated chain for DNAT to nameservers
- prevent intervm networking. Can be conveniently overriden in necessary cases
by inserting ACCEPT clauses (per VM, probably) at the top of FORWARD
2010-09-06 15:10:01 +02:00
Rafal Wojtczuk
d46bf2a270
Pathnames cleanup
...
Move internal scripts to /usr/lib/qubes plus a couple of similar.
2010-07-21 12:57:02 +02:00
Joanna Rutkowska
4cd46be139
netvm spec: do not create user in %post
...
We don't need user account in netvm, do we?
2010-06-18 01:54:38 +02:00
Joanna Rutkowska
247feaa34d
appvm, netvm spec: be quite in %post
2010-06-18 01:50:43 +02:00
Joanna Rutkowska
6ba81ffaa9
Require F13 in VM
2010-06-18 01:48:56 +02:00
Joanna Rutkowska
9cf30ed189
appvm,netvm spec: Fix [ -e fstab ] conditional in %pre
2010-06-18 01:48:18 +02:00
Joanna Rutkowska
4fdcedbb40
Fix serial console on VM to work on F13 (REQUIRES F13)
2010-06-18 01:45:27 +02:00
Joanna Rutkowska
775e01a8e4
Make dom0, appvm, netvm use different qubes.repo
2010-06-18 01:41:10 +02:00
Joanna Rutkowska
ee7756b960
rpm specs: %post cleanup
...
Moved some stuff from the begging of %post sections after the
'if installing-for-the-first-time' check.
2010-06-15 00:02:48 +02:00
Rafal Wojtczuk
2f51c6f673
Install qubes_{setup_dnat_to_ns,nmhook} from common/
2010-05-31 13:17:04 +02:00
Rafal Wojtczuk
d0d82a5090
Lock out root and user passwords; provide passwordless login on the serial console
2010-05-30 15:45:40 +02:00
Rafal Wojtczuk
c75c185179
Add qubes.repo to all qubes-core-* rpms.
2010-05-30 15:45:40 +02:00
Rafal Wojtczuk
93e989bb61
Turn on IP forwarding in sysctl.conf
2010-05-30 15:45:40 +02:00
Rafal Wojtczuk
8da2dd6957
Get rid of dnsmasq in netvm.
...
qubes_setup_dnat_to_ns script sets up DNAT rules for DNS traffic; it is
triggered by dhclient or NetworkManager, and manually (in case there is
a static resolv.conf).
Put IP-dependent rules in qubes-core, after local ip is known. It could be
further improved by introducing custom chains, to enable iptables save.
Restrict FORWARD.
2010-05-30 15:45:35 +02:00
Joanna Rutkowska
a17989470a
Initial public commit.
...
(c) 2010 Invisible Things Lab
Authors:
=========
Joanna Rutkowska <joanna@invisiblethingslab.com>
Rafal Wojtczuk <rafal@invisiblethingslab.com>
2010-04-05 20:58:57 +02:00