Marek Marczykowski
c26e21d883
dom0/qrexec: tunable connect timeout, prompt the user on timeout ( #27 pro)
2012-09-25 03:26:24 +02:00
Marek Marczykowski
d1620d9a32
dom0/qrexec: kill child process on connect timeout
...
Sometimes vchan can not detect dead target domain so kill it explicit to not
leave a mess.
2012-09-25 03:23:54 +02:00
Marek Marczykowski
e6da68dae2
dom0/qrexec: use DEFAULT user feature of qrexec_daemon in policy parser
2012-08-30 17:48:19 +02:00
Marek Marczykowski
3f5a34f635
Revert "dom0/qrexec: use default user from VM settings"
...
This reverts commit b1ccc9a510e465b8b59f12bafb7735664c4101d0.
This can be handled by qrexec_daemon itself.
Conflicts:
qrexec/qrexec_policy
2012-08-30 17:47:32 +02:00
Marek Marczykowski
46fd664ba3
dom0/qrexec: implement default user handling in qrexec_daemon
...
This will simplify using qrexec from utilities which doen't load qubes.xml
normally (like qrexec_policy, gui daemon).
2012-08-30 17:44:52 +02:00
Marek Marczykowski
3bce6047b5
dom0/qrexec: properly process data after client terminated one way of transfer
...
Instead of removing client from list at EPIPE error from write, assume that
client does not wish read future data, but still can write something.
2012-08-27 00:49:45 +02:00
Marek Marczykowski
f79101d114
dom0/qrexec: fix the case when client disconnected while sending cmdline
...
Previously there was not cleaned up entry in clients table. Not critical, as
will be reset to known state at new client connect, but still fix it.
2012-08-27 00:48:36 +02:00
Marek Marczykowski
89ab002db1
dom0/qrexec: minor FD leak fix
...
qrexec_client will be shortly terminated after that, but still fix it.
2012-08-27 00:48:36 +02:00
Marek Marczykowski
6984c4d795
vm/qrexec: better handle the case when child process closes its stdin
...
Instead of assuming process termination (because of write returned EPIPE), just
do not write to the process pipe, but still process the data in opposite
direction until EOF received.
2012-08-27 00:48:22 +02:00
Marek Marczykowski
798d239c15
vm/qrexec: fix race between child cleanup and select call
...
reap_children() can close FD, which was already added to FD_SET for select.
This can lead to EBADF and agent termination.
2012-08-27 00:20:25 +02:00
Marek Marczykowski
1c04920833
vm/qrexec: log exit code in "sending exit code" message
2012-08-27 00:18:35 +02:00
Marek Marczykowski
c9a43f66ed
dom0/qrexec: do not exit client before all data in both direction transfered
...
When qrexec_client cannot write to its stdout, this doesn't necessary mean that
there is no data in opposite direction.
Simple example is RPC service: when process in destination VM closes its stdin,
it can still send some data to triggering VM.
2012-08-25 01:17:50 +02:00
Marek Marczykowski
77b2758c93
vm/qubes-rpc: move set_(non)?block to ioall.c as can be used not only in qrexec
2012-08-25 01:11:22 +02:00
Marek Marczykowski
7c1dfe9266
dom0/qrexec: implement standalone policy evaluation ( #12 pro)
...
This change will allow to use the same policy mechanism to control clipboard
copy between domains.
2012-08-18 22:08:26 +02:00
Marek Marczykowski
11e142adb3
dom0/qrexec: use default user from VM settings
2012-08-18 21:42:54 +02:00
Marek Marczykowski
7745e23137
dom0/qrexec: use QUBESRPC instead of direct multiplexer path
2012-08-18 21:21:20 +02:00
Marek Marczykowski
7e3ffabd78
dom0+vm: execute qrexec service as shell script
...
This will allow to pass quoted arguments and some variable expansion. Basically
one-line shell command service can be embeded in the configuration.
In previus version use of "command path with spaces" whould result in try to
execute '"command' with arguments 'path', 'with' and 'spaces"'.
2012-07-14 23:03:43 +02:00
Marek Marczykowski
2b5ce31eeb
dom0+vm/qrexec-services: pass remote domain via env variable not argument
...
Most qrexec services doesn't use remote domain name, as policy is enforced
earlier. So pass it in way that will allow use of generic command as qrexec
service.
2012-07-14 22:54:23 +02:00
Marek Marczykowski
28ca836e14
vm: support for magic QUBESRPC command
...
Previously dom0 had to know full path of qubes_rpc_multiplexer in VM, which can
differ between VMs (eg totally different on Windows). This commit enables dom0
to magic keyword instead of full path.
2012-06-22 22:16:08 +02:00
Marek Marczykowski
65a94681b2
vm/qrexec: removed obsolete "directly:" command prefix support
...
This was used for launching DispVM editor in pre-qrexec-RPC times.
2012-06-01 20:46:23 +02:00
Marek Marczykowski
05123c09f2
qrexec: describe msg types in header file
2012-05-24 12:11:03 +02:00
Marek Marczykowski
adc0b6eff5
vm(+dom0): major rearrage VM files in repo; merge core-*vm packages
2012-01-06 21:31:12 +01:00
Marek Marczykowski
b8b5cf0a17
vm: force meminfo-writer to wait for the first user process ( #392 )
...
meminfo-writer will wait for SIGUSR1 - send by qrexec-agent on the first
qvm-run from dom0.
2011-12-26 23:39:25 +01:00
Marek Marczykowski
ce82303c16
dom0/qrexec: add missing space
2011-10-28 00:19:29 +02:00
Marek Marczykowski
1b42142e05
dom0/qrexec: change qrexec startup timeout to 60s ( #373 )
2011-10-18 00:09:34 +02:00
Marek Marczykowski
ede96353af
dom0/qrexec: Add always allow option in qrexec confirmation dialog ( #278 )
2011-10-12 00:08:28 +02:00
Joanna Rutkowska
7d5609a80a
dom0: qrexec_daemon: use 30s connect timeout instead of 120s
2011-09-09 16:34:41 +02:00
Marek Marczykowski
e2aeceb230
qrexec: Use pselect instead of select ( #241 )
...
Details here: http://wiki.qubes-os.org/trac/ticket/241
2011-09-01 14:56:19 +02:00
Rafal Wojtczuk
850cf003ce
Add comments to policy files.
2011-07-25 01:49:25 +02:00
Rafal Wojtczuk
259d08a83e
qrexec: use $anyvm and $dispvm symbols
2011-07-25 01:49:25 +02:00
Rafal Wojtczuk
abd8b79864
qrexec: impose startup time limit for qrexec_daemon
2011-07-25 01:49:24 +02:00
Marek Marczykowski
3e2c427953
gitignore
2011-07-10 12:47:09 +02:00
Rafal Wojtczuk
af92ce3e48
qrexec: added qrexec/README.rpc file
...
Short introduction to the new features.
2011-07-07 11:14:04 +02:00
Rafal Wojtczuk
2600134e3b
qrexec: tiny corrections to rpc autostart code
2011-07-07 10:38:15 +02:00
Rafal Wojtczuk
77f21e08a4
qrexec: corrected stupid typo
2011-07-07 10:06:45 +02:00
Rafal Wojtczuk
65fe9e1b93
qrexec: manually autostart target rpc domain
...
option 2) from the previous commit comment
2011-07-07 10:05:41 +02:00
Rafal Wojtczuk
11c1cb0aa2
qrexec: temporarily disable auto executing domains upon rpc request
...
There are two problems with qvm-run -a:
1) even with -q flag, it spits to stdout (actually, "xl create" does it), and
this garbage is received by rpc client
2) even with -q flag, it steals input (actually, "qrexec ... wait for session")
These two can be manually fixed (by passing /dev/null appropriately); hovewer,
this is prone to disaster if qvm-run is enhanced/broken later.
We could do
if is_domain_running() ; then
run qrexec client
else
qvm-run -a domain true </dev/null >/dev/null
run qrexec client
fi
which looks safer; but is_domain_running() is a bit expensive even in "running"
case - we need to xl_context.list_domains anyway.
Gotta decide on one of these.
2011-07-07 09:13:51 +02:00
Rafal Wojtczuk
c80ee3b231
qrexec: allow for more options in the policy files
2011-07-06 18:34:00 +02:00
Rafal Wojtczuk
7b39b15f6d
qrexec: enforce strict character set in TRIGGER_EXEC message
2011-07-06 17:07:40 +02:00
Rafal Wojtczuk
ab6aeb0bca
qrexec: in qrexec_client_vm, need to preserve absolute exe name before execv
2011-07-06 16:51:56 +02:00
Rafal Wojtczuk
b3ce35b5e2
qrexec: change qrexec_client_vm syntax to be nicer to read
...
Now the local_program is just before arguments, which is nicer.
2011-07-06 14:21:35 +02:00
Rafal Wojtczuk
7d79a15c4b
qrexec: support for rpc with dom0 as target
2011-07-06 13:56:57 +02:00
Rafal Wojtczuk
2fdf9761c7
qrexec: adjust DispVM code to the new qrexec API
...
Note, we have qvm-open-in-vm totally for free.
2011-07-06 12:32:20 +02:00
Rafal Wojtczuk
b7e8c2708c
qrexec: adjust intervm file copy code to the new qrexec API
2011-07-06 10:17:58 +02:00
Rafal Wojtczuk
5b78e8f983
qrexec: dup old stdin/out fds, pass the dup-ed fds in SAVED_FD_%d env var
2011-07-05 20:01:28 +02:00
Rafal Wojtczuk
ecf200dca3
qrexec: last two missing pieces of the new rpc infrastructure
2011-07-05 18:35:03 +02:00
Rafal Wojtczuk
1e355f11d2
qrexec: in agent, use nonzero "fake" pid for existing process
...
Because 0 means invalid entry.
Also make sure that the rest of code handles -1 pid fine.
2011-07-05 13:04:34 +02:00
Rafal Wojtczuk
2c23891856
Revert "qrexec: in agent, use nonzero "fake" pid for existing process"
...
This reverts commit 9e77e8831e
.
2011-07-05 12:58:27 +02:00
Rafal Wojtczuk
9e77e8831e
qrexec: in agent, use nonzero "fake" pid for existing process
...
Because 0 means invalid entry.
2011-07-05 12:49:06 +02:00
Rafal Wojtczuk
9ac98a77b9
qrexec: in agent, handle CONNECT_EXISTING the way convenient for client
2011-07-05 12:46:33 +02:00