This is used internally for device-model stubdomains (untrusted qemu)
for HVMs, and causes conflicts when trying to boot foo (HVM) and foo-dm
(any type).
Partially fixes https://github.com/QubesOS/qubes-issues/issues/2422
Many drivers, including iwlwifi doesn't handle this well, resulting in
oopses etc. Also we're disabling PCI hotplug, which may be result in
more troubles here.
This reverts commit 2658c9a6e6.
QubesOS/qubes-issues#1673
There are problems with using sudo in early system startup
(systemd-logind not running yet, pam_systemd timeouts). Since we don't
need full session here, runuser is good enough (even better: faster).
On VM start, old qubesdb-daemon is terminated (if still running). In
practice it happen only at VM startart (shutdown and quickly start
again). But in that case, if the VM was started by root, such operation
would fail.
So when VM is started by root, make sure that qubesdb-daemon will be
running as normal user (the first user in group 'qubes' - there should
be only one).
FixesQubesOS/qubes-issues#1745
Enable e820_host option for VMs with PCI devices (to allow VM kernel to
deal with address space conflicts). But add a property to allow
disabling it.
FixesQubesOS/qubes-issues#2019
qrexec-daemon will start new processes for called services, which
include starting new DispVM, starting other required VMs (like backend
GPG VM). Having those processes as root leads to many permissions
problems, like the one linked below. So when VM is started by root, make
sure that qrexec-daemon will be running as normal user (the first user
in group 'qubes' - there should be only one).
QubesOS/qubes-issues#1768
On KDE5 native decoration plugin is used and requires special properties
set (instead of `_QUBES_VMNAME` etc).
Special care needs to be taken when detecting environment, because
environment variables aren't good enough - this script may be running
with cleared environment (through sudo, or from systemd). So check
properties of X11 root window.
QubesOS/qubes-issues#1784
This behaves better when running multiple VMs. If one need full CPU
power in some VM, it is always possible to increase vCPUs for this
particular VM.
FixesQubesOS/qubes-issues#1891
1. wait=False isn't supportet together with localcmd (explicit, or
implicit via 'input') - qrexec-client refuses such combination
2. When using localcmd, qrexec-client exists as soon as the local command
terminates, not necessary remote. This may not be desired effect when
used with wait=True (the default), so do not use localcmd in such a
case
Found while debugging tests for qubes.USBAttach/qubes.USBDetach - with
wait=True broken, there were a lot of race conditions.
Related to QubesOS/qubes-issues#531
In some cases libvirt doesn't report error code at all. This probably
happens in some stage of domain startup/shutdown. Threat this the same
as domain not running.
FixesQubesOS/qubes-issues#1537
When /var/lib/qubes/appvms is a mount point of ext4 filesystem, there
will be already 'lost+found' directory. Avoid this conflict.
FixesQubesOS/qubes-issues#1440
When VM is shutting down it doesn't disconnect PCI frontend (?), so when
VM is destroyed it ends up in timeouts in PCI backend shutdown (which
can't communicate with frontend at that stage). Prevent this by
detaching PCI devices while VM is still running.
FixesQubesOS/qubes-issues#1494FixesQubesOS/qubes-issues#1425
I had some issue with fstrim and the missing else had caused the code to continue and fail later with a non-descriptive error message. This commit makes the error message more descriptive and helpful.
Forgetting this leads to misterious errors (VM started with different
kernel than it was just set), so simplify the API.
FixesQubesOS/qubes-issues#1400
When using PVGrub it doesn't make sense to attach modules.img, since
modules are already in the VM. Initramfs there will already handle such
situation and will not try to mount it, when VM's root filesystem
already contains appropriate /lib/modules/`uname -r`.
On the other hand, error earlier when initramfs is missing. While also
not used by PV Grub, the file is always specified in libvirt config and
when missing libvirt will throw rather cryptic error message.
QubesOS/qubes-issues#1354
This process may be running as root in case of default NetVM. But do not
kill it forcibly (through sudo or so), because it may also be stale
pid file. After all, QubesDB should automatically terminate when its VM
is terminated, so this code is already some error handling.
FixesQubesOS/qubes-issues#1331
* qubesos/pr/7:
Don't send screen layout to the VM if we haven't received it from xrandr because this breaks proper initial screen layout set by gui-agent FixesQubesOS/qubes-issues#1305QubesOS/qubes-issues#998
If /etc/localtime in dom0 is a hardlink to zoneinfo file (instead of
symlink) and more than one zoneinfo file is hardlinked to this inode,
appVMs will get invalid timezone, e.g. "Europe/Warsaw\x0aPoland".
Reported by @yaqu, fix provided by @yaqu
FixesQubesOS/qubes-issues#1315