Commit Graph

35 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
c5aaf8cdd7
Merge branch 'remove-qrexec' 2019-06-07 05:10:54 +02:00
Frédéric Pierret (fepitre)
c0de16c940
TODO: handle 'admin-permission' event in admin.vm.Console
QubesOS/qubes-issues#5030
2019-05-11 12:34:50 +02:00
Frédéric Pierret (fepitre)
ce3cb1b603
admin.vm.Console: check if requested VM exists/is_running 2019-05-11 12:11:31 +02:00
Frédéric Pierret (fepitre)
1c09a2c77e
Rename and fix from Marek's comments 2019-05-07 15:03:34 +02:00
Frédéric Pierret (fepitre)
518d0edc94
Rename qubes.ShowTerminal to admin.vm.Terminal 2019-04-30 17:25:23 +02:00
Frédéric Pierret (fepitre)
baef139c00
Add qubes.ShowTerminal service 2019-04-30 11:23:23 +02:00
Marek Marczykowski-Górecki
1949b0c777
Remove qrexec related files - moved to core-qrexec repository
QubesOS/qubes-issues#4955
2019-04-11 04:29:04 +02:00
Marek Marczykowski-Górecki
bda9264e19
Add qubes.GetDate proxy service
This enable two things:
1. Follow global clockvm setting, without adjusting qrexec policy.
2. Avoid starting clockvm by arbitrary VM.

Fixes QubesOS/qubes-issues#3588
2018-03-03 03:50:58 +01:00
Marek Marczykowski-Górecki
658f7565db
Merge remote-tracking branch 'qubesos/pr/169'
* qubesos/pr/169:
  volume.Import: write data with sufficient privs
2017-12-06 00:46:15 +01:00
Wojtek Porczyk
bdaf92f9dc qubes-rpc/policy.RegisterArgument: readability fixes
Thanks, @rootkovska and @marmarek.
2017-11-30 16:05:06 +01:00
Wojtek Porczyk
61c164e1c3 qubes-rpc: policy.RegisterArgument
This qrexec is meant for services, which require some kind of
"registering" before use. After registering, the backend should invoke
this call with frontend as the intended destination, with the actual
service in argument of this call and the argument as the payload.

By default this qrexec is disabled by policy.

Signed-off-by: Wojtek Porczyk <woju@invisiblethingslab.com>
2017-11-30 00:26:21 +01:00
Jean-Philippe Ouellet
21c3c2507e
volume.Import: write data with sufficient privs
Not sure how this ever worked before, if it did.

The device nodes pointed to by /dev/qubes_dom0/* are owned by
root:disk with perms 660, qubes user is not in disk group,
and service is invoked as qubes user, not root.
2017-11-21 03:01:03 -05:00
Marek Marczykowski-Górecki
0327b6cd98
api/admin: hide dd statistics in admin.vm.volume.Import call
But still show errors, if occurs.
2017-11-07 02:57:59 +01:00
Marek Marczykowski-Górecki
2164a8d7b8
Change license to LGPL v2.1+
See this thread for reasoning and acceptance from contributors:
https://groups.google.com/d/topic/qubes-devel/G7KzrfU0lWY/discussion
"Changing qubes-core-admin license to LGPL v2.1+"
2017-10-12 00:11:50 +02:00
Marek Marczykowski-Górecki
b25cf4b085
Add explanation why admin.vm.volume.Import is a custom script
Cc @rootkovska
2017-07-25 05:20:38 +02:00
Marek Marczykowski-Górecki
28737d16ce
Migrate qubes.NotifyTools, qubes.FeaturesRequest, qubes.NotifyUpdates
Make them call into qubesd. Create separate socket for "misc" calls - VM
accessible, but not part of Admin API.
2017-06-06 03:33:30 +02:00
Marek Marczykowski-Górecki
866d908b6d
qubesd-query-fast: fix compile warnings, enable -Werror 2017-06-05 23:33:58 +02:00
Wojtek Porczyk
0fdcbfc237 qubes-rpc/admin.vm.volume.Import: fix dd flags
QubesOS/qubes-issues#2622
2017-05-29 17:34:15 +02:00
Marek Marczykowski-Górecki
3cacf290bb
admin: implement admin.vm.volume.Import
Implement this in two parts:
1. Permissions checks, getting a path from appropriate storage pool
2. Actual data import

The first part is done by qubesd in a standard way, but then, instead of
accepting all the data (which may be several GB), return a path to which
a shell script (in practice: `dd` command) will write the data.
Then the script call back to qubesd again to report success/failure and
qubesd response from that call is actually returned to the user.

This way we do not pass all the data through qubesd, but still can
control the process from there in a meaningful way. Note that the last
part (second call to qubesd) may perform all kind of verification (like
a signature check on the data, or so) and can also prevent VM from
starting (hooking also domain-pre-start event) from not verified image.

QubesOS/qubes-issues#2622
2017-05-26 15:08:14 +02:00
Marek Marczykowski-Górecki
f42cd28901
admin-api: create and install actual Admin API RPC endpoints
Install files in /etc/qubes-rpc for all methods defined in API
documentation, even if not yet implemented (qubesd will handle it
raising appropriate exception).
Use minimal program written in C (qubesd-query-fast), instead of
qubesd-query in python for performance reasons:
 - a single qubesd-query run: ~300ms
 - equivalent in shell (echo | nc -U): ~40ms
 - qubesd-query-fast: ~20ms

Many tools makes multiple API calls, so performance here do matter. For
example qvm-ls (from VM) currently takes about 60s on a system with 24
VMs.

Also make use of `$include:` directive in policy file, to make it easier
defining a VM with full Admin API access.

QubesOS/qubes-issues#853
2017-05-23 03:24:15 +02:00
Wojtek Porczyk
e757444c35 qubes/tools/qvm-features: add tool for managing qvm-features
QubesOS/qubes-issues#1637
2016-05-19 03:02:24 +02:00
Patrick Schleizer
524888d2fd
use shuf rather than od because it is more readable
Thanks to @marmarek for the suggestion!

https://github.com/QubesOS/qubes-core-admin/pull/23/files#r55930643
2016-03-13 01:52:03 +00:00
Patrick Schleizer
e33b958bdd
implemented dom0 qubes.GetRandomizedTime
Required for fixing 'sys-whonix doesn't connect to Tor after system suspend'.

https://github.com/QubesOS/qubes-issues/issues/1764
2016-03-13 01:15:46 +00:00
Patrick Schleizer
c2b5630637 typo 2015-10-21 20:57:30 +00:00
Marek Marczykowski-Górecki
063b436b03
notify-updates: ignore chown error
If running as normal user, chown will fail. This isn't a problem,
because the file is probably already owned by the correct user. The
whole point about this chown is to give access to the file for normal
user, so if the write succeeded, it isn't needed.
2015-10-10 05:22:43 +02:00
Marek Marczykowski-Górecki
e3ae3cdf34
hvm: update appmenus only on the first qubes.NotifyTools call
Or more precisely - only when qrexec_installed value is changed from
False to True.
Previously it was called at each VM startup.
2015-08-09 21:21:47 +02:00
Marek Marczykowski-Górecki
6d19a9c2cc Do not hold the lock while retrieving application icons (qubes.NotifyTools)
This can take quite a long time, so do not block the whole system.
2015-07-01 07:03:52 +02:00
Marek Marczykowski-Górecki
df509cb780 Fix qubes.NotifyTools service (not import xenstore) 2015-07-01 04:47:52 +02:00
Marek Marczykowski-Górecki
df20a67a6c Convert qubes.NotifyTools service to use qubesdb 2015-06-23 00:14:57 +02:00
Marek Marczykowski-Górecki
72e415a807 move qubes-notify-* to libexec 2014-11-19 12:50:25 +01:00
Wojciech Zygmunt Porczyk
45318ecb43 regexp fixes and validation (#829) 2014-05-16 18:35:59 +02:00
Marek Marczykowski-Górecki
3891913d1b hvm: fetch and recreate appmenus when VM reports tools presence (#56 pro) 2013-12-04 03:02:39 +01:00
Marek Marczykowski-Górecki
8200b15c61 NotifyTools: handle default user setting
If the VM provides 'default-user' setting - save it to the VM settings.
2013-11-01 02:32:32 +01:00
Marek Marczykowski-Górecki
e2c43d2292 Allow HVM to notify dom0 about tools installation
HVM can set some xenstore entries (in qubes-tools/ subtree) to pass
informations about installed tools to dom0. qubes.NotifyTools service
triggers update of VM properties (like qrexec_installed).
This way, after installation of Qubes Windows Tools, the user doesn't need
to change any VM settings to use the tools.
2013-10-28 05:09:54 +01:00
Marek Marczykowski
a84886db07 Move all files one level up 2013-03-16 19:56:51 +01:00