Commit Graph

3462 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
9cbf9a8a59 Add support for 'pci_strictreset' option
This allows to assign PCI device to the VM, even if it doesn't support
proper reset. The default behaviour (when the value is True) is to not
allow such attachment (VM will not start if such device is assigned).

Require libvirt patch for this option.
2015-05-28 00:11:17 +02:00
Marek Marczykowski-Górecki
c9a670cbd1 linux/block-snapshot: fix handling root.img being already block device 2015-05-27 23:52:57 +02:00
Marek Marczykowski-Górecki
acbdb3a261 qvm-tools: do not show scary message on --force-root
When this option is used, the user probably already got that message.
Also some internal scripts are using this (for example template
pre-uninstall script).

Conflicts:
	qvm-tools/qvm-remove
2015-05-23 04:43:51 +02:00
Marek Marczykowski-Górecki
449554f404 version 3.0.13 2015-05-15 03:29:20 +02:00
Marek Marczykowski-Górecki
23ae0ed990 dispvm: clean the VM in case of failed savefile creation
Otherwise further tries to regenerate savefile would fail.
2015-05-15 03:22:06 +02:00
Marek Marczykowski-Górecki
8aaef404de qvm-prefs: add an option to get a single VM property
Could be useful for scripts
2015-05-15 03:22:06 +02:00
Marek Marczykowski-Górecki
dadcfc334d dispvm: set 'memory' to the size reported on savefile generation
That parameter will be used later to request memory from qmemman just
before loading savefile to memory, so it should match the real need.

Do not allow values smaller than 400, to prevent storing some erroneous
values.

Fixes qubesos/qubes-issues#973
2015-05-15 03:22:06 +02:00
Marek Marczykowski-Górecki
2856b6a836 Wait for udev to create loopXpY device when preparing volatile.img 2015-05-13 04:12:42 +02:00
Marek Marczykowski-Górecki
d5b67a67a2 Fix "dispvm: sanitize used memory info received from VM"
There should be no -q option - we actually want the result.

Fixes qubesos/qubes-issues#994
2015-05-13 04:12:20 +02:00
Marek Marczykowski-Górecki
b159f544d3 version 3.0.12 2015-05-11 02:34:11 +02:00
Marek Marczykowski-Górecki
b1f4e6d15c backup: fix missing 'unused' variables
Actually the 'vm' variable is used - in eval'ed statement.
2015-05-11 02:31:56 +02:00
Zrubi
770cf5cce0 Wiki -> YML output format change + basic TPM detection
(cherry picked from commit 28097bfdf1e3220a9de295cb7621d611d4f0620b)
2015-05-10 03:29:20 +02:00
Marek Marczykowski-Górecki
47a6bf4f7a version 3.0.11 2015-05-04 02:42:27 +02:00
Marek Marczykowski-Górecki
602155374a dispvm: restore DispVM naming independent of Qubes VM ID (#983)
Using QID for DispVM ID was a bad idea in terms of anonymity:
1. It gives some clue about VMs count in the system. In case of large
numbers, this can be quite unique.
2. If new DispVM is started just after closing previous one, it will get
the same ID, and in consequence the same IP. In case of using TorVM,
this leads to use the same circuit as just closed DispVM.

Fixes qubesos/qubes-issues#983
2015-05-04 00:41:33 +02:00
Marek Marczykowski-Górecki
ef1494eb54 gitignore 2015-05-04 00:35:57 +02:00
Marek Marczykowski-Górecki
77da23fba2 dispvm: fix netvm presence reporting
If desired netvm presence is different than during savefile creation(*),
defer setting the netvm until new DispVM is running - otherwise kernel
there will not notice the change and will either have (not working)
'eth0' when it shouldn't, or will not have it while it should.

Additionally set dispvm.uses_default_netvm = False, so GUI tools will
display actual netvm value.

(*) Actually compare to netvm set for dispvm template (`TEMPLATE-dvm`
VM), which can be different if user just changed that but not
regenerated dispvm savefile yet.

Fixes qubesos/qubes-issues#985
Related to qubesos/qubes-issues#862
2015-05-03 20:40:37 +02:00
Marek Marczykowski-Górecki
b985bf3b65 core: fix removing VMs not registered in libvirt
It can happen that VM will not be registered in libvirt (for example
when it was never started). It shouldn't be a problem when we want to
remove it.
2015-05-03 20:26:07 +02:00
Marek Marczykowski-Górecki
ed03fb4313 dispvm: remove unused imports, mark methods as static where appropriate 2015-05-03 20:25:39 +02:00
Marek Marczykowski-Górecki
3ca94941b1 dispvm: update copyright header 2015-05-03 20:25:08 +02:00
Marek Marczykowski-Górecki
4e4a4a60c3 dispvm: code style - whitespace fixes 2015-05-03 20:24:45 +02:00
Marek Marczykowski-Górecki
6ecc263534 core: use libvirtError instance instead of virConnGetLastError 2015-05-03 20:23:26 +02:00
Marek Marczykowski-Górecki
13f0f64d0a backup: code style, no functional change (part 2)
Remove unused variables, rename potentially coliding one.
2015-05-03 14:57:28 +02:00
Marek Marczykowski-Górecki
9ec0580840 backup: code style fixes, no functional change (part 1)
Indentation, break long lines, use is/is not None instead of ==/!=.
2015-05-03 14:57:28 +02:00
Marek Marczykowski-Górecki
e2d6ff653a version 3.0.10 2015-04-28 15:01:20 +02:00
Marek Marczykowski-Górecki
1d69f2c24a qvm-tools: fix qvm-firewall -r 2015-04-28 15:00:50 +02:00
Marek Marczykowski-Górecki
1a284f18fb core: store dom0 info in qubes.xml
At least to have there info about its backup.

This was already done in commit
dc6fd3c8f3, but later was erroneously
reverted during migration to libvirt.

Fixes qubesos/qubes-issues#958
2015-04-28 15:00:50 +02:00
Marek Marczykowski-Górecki
c421dc2a95 Prevent concurrent qvm-sync-clock calls
In some cases qvm-sync-clock can take a long time (for example in case
of network problems, or when some do not responds). This can lead to
multiple qvm-sync-clock hanging for the same reason (blocking vchan
resources). To prevent that create a lock file and simply abort when one
instance is already running.
2015-04-28 15:00:50 +02:00
Marek Marczykowski-Górecki
7652137854 core: make sure that dom0.libvirt_domain isn't used
libvirt do not have domain object for dom0, so do not try to access it.
2015-04-28 15:00:50 +02:00
Marek Marczykowski-Górecki
4d5df95ae8 version 3.0.9 2015-04-28 14:23:26 +02:00
Marek Marczykowski-Górecki
cd163b81be dispvm: sanitize used memory info received from VM
Luckily it is used as argument to commands with does not allow any
harmful arguments (virsh set(max)mem). Also usage in arithmetic
expression does not allow any harmful usage in this place.
2015-04-28 03:24:38 +02:00
Marek Marczykowski-Górecki
e9735d156c version 3.0.8 2015-04-15 18:47:41 +02:00
Marek Marczykowski-Górecki
bbf2ee3a67 core: cleanup_vifs should not fail when no network intf is present
This can happen when initially there was no default netvm, some domain
was started, then default netvm was set and started - then
netvm.connected_vms will contain domains which aren't really connected
there.
Especially this was happening in firstboot.
2015-04-15 12:04:21 +02:00
Marek Marczykowski-Górecki
db28551807 tests: update backup tests
Since default netvm name was changed, the restore process need to set
'use-default-netvm' flag.
2015-04-14 23:10:18 +02:00
Marek Marczykowski-Górecki
868ee83093 block: trigger QubesDB watches after attaching/detaching device
Since libvirt do not support such events (at least for libxl driver), we
need some way to notify qubes-manager when device is attached/detached.
Use the same protocol as for connect/disconnect but on the target
domain.
2015-04-14 23:08:52 +02:00
Marek Marczykowski-Górecki
e1da1fb3c1 block: fixes for dom0-backed devices and dead domains 2015-04-14 23:07:54 +02:00
Marek Marczykowski-Górecki
936fa0f4cc version 3.0.7 2015-04-12 03:13:40 +02:00
Marek Marczykowski-Górecki
48945a9d37 linux/systemd: prevent user login before VMs autostart
When user logins, login script will try to connect all guid to all the
running VMs. If VMs are still booting at this stage, will never
automatically get its guid (until user tries to start some program
there). This can for example lead to lack of nm-applet icon.
2015-04-12 03:11:03 +02:00
Marek Marczykowski-Górecki
08c8c919a5 minor indentation fix 2015-04-10 19:05:42 +02:00
Marek Marczykowski-Górecki
f2aa0f3e2f dispvm: prevent any output from qfile-daemon-dvm
This script is connected directly to calling process, so any output here
will disrupt qrexec service data. For example in case of qubes.OpenInVM
this will be prepended to modified file while sending it back to the
source VM - in case of no modification, it will override that file in
the source VM...
2015-04-10 19:01:46 +02:00
Marek Marczykowski-Górecki
913cc27023 core: fix QubesVm.clone_attrs - really copy dicts
Otherwise it would point at the same object and for example changing
vm.services[] in one VM will change that also for another. That link
will be severed after reloading the VMs from qubes.xml, but at least in
case of DispVM startup its too late - vm.service['qubes-dvm'] is set for
the DispVM template even during normal startup, not savefile preparation.
2015-04-10 18:32:14 +02:00
Marek Marczykowski-Górecki
d776400973 version 3.0.6 2015-04-07 15:02:18 +02:00
Marek Marczykowski-Górecki
1ab4663293 core: reject non-NetVM for vm.netvm and vm.dispvm_netvm 2015-04-06 02:55:26 +02:00
Marek Marczykowski-Górecki
75e9c8aff0 tests: test for netvm/dispvm_netvm
Check:
 - default value
 - setting to None
 - setting to a VM
 - resetting to default
 - setting invalid value
2015-04-06 02:53:18 +02:00
Marek Marczykowski-Górecki
dbb43f6035 core/storage: fix disk handling for HVM template
Currently HVM template do not have root-cow.img (also do not use 2-layer
device-mapper as PV VMs), so vm.is_template() check isn't enough.
2015-04-06 00:21:38 +02:00
Marek Marczykowski-Górecki
678ccdfaa0 core: fix saving 'dispvm_netvm' attribute 2015-04-06 00:21:08 +02:00
Marek Marczykowski-Górecki
221750af94 version 3.0.5 2015-04-04 22:04:02 +02:00
Marek Marczykowski-Górecki
d8533bd061 core: do not reset firewal when setting netvm=none
It is no longer needed as qubesos/qubes-issues#862 is implemented.
2015-04-04 21:48:03 +02:00
Marek Marczykowski-Górecki
7516737fae core: Add "dispvm_netvm" property - NetVM for DispVMs started from a VM
This allows to specify tight network isolation for a VM, and finally
close one remaining way for leaking traffic around TorVM. Now when VM is
connected to for example TorVM, its DispVMs will be also connected
there.
The new property can be set to:
 - default (uses_default_dispvm_netvm=True) - use the same NetVM/ProxyVM as the
 calling VM itself - including none it that's the case
 - None - DispVMs will be network-isolated
 - some NetVM/ProxyVM - will be used, even if calling VM is network-isolated

Closes qubesos/qubes-issues#862
2015-04-04 21:47:31 +02:00
Marek Marczykowski-Górecki
a6448e073c block: fix handling non-dom0 backend
The libvirt XML config syntax was changed - the element is named
<backenddomain/>.
2015-04-04 16:18:10 +02:00
Marek Marczykowski-Górecki
b10cead867 version 3.0.4 2015-04-03 11:26:12 +02:00