Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
3,356 Commits 1 Branch 0 Tags 15 MiB
cf5730934a
Commit Graph

3356 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Marek Marczykowski
5f4fcedf55 Merge branch 'master' of git://git.qubes-os.org/joanna/core 2011-03-23 20:12:13 -04:00
Marek Marczykowski
14e50e983d gitignores 2011-03-23 19:57:48 -04:00
Marek Marczykowski
b95dd0fcaa Enable build on appvm. 2011-03-23 19:55:35 -04:00
Marek Marczykowski
7f94cf2709 Merge branch 'spring-merge' of ssh://git.qubes-os.org/var/lib/qubes/git/rafal/core into spring-merge 2011-03-23 19:45:59 -04:00
Marek Marczykowski
0962eab45a Cmdline tool to grow private.img (#5) 2011-03-23 19:41:58 -04:00
Rafal Wojtczuk
01b75b5987 Enable build on non-appvm. 2011-03-23 17:47:35 +01:00
Joanna Rutkowska
2fdb9057e8 version 1.5.1 2011-03-23 17:19:44 +01:00
Joanna Rutkowska
30df10cf18 Merge branch 'spring-merge' of git.qubes-os.org:/var/lib/qubes/git/rafal/core 2011-03-23 17:15:15 +01:00
Rafal Wojtczuk
25f49bca18 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core into spring-merge 2011-03-23 16:47:05 +01:00
Rafal Wojtczuk
f9b9b1ade6 qvm-create-default-dvm: fix permissions after creating savefile 
So, savefile.img and netvm_id.txt are correctly owned as well.
 2011-03-23 13:40:28 +01:00
Rafal Wojtczuk
a1f8cd9071 When creating disposablevm object, pass non-None dirpath 
QubesVm constructor does not like it.
 2011-03-23 13:26:39 +01:00
Rafal Wojtczuk
0b208e8664 Move libs and /var/run/qubes out of qubes-netvm 
They are already in core-appvm package.
 2011-03-23 11:48:06 +01:00
Rafal Wojtczuk
5350e5cc5b move qrexec_agent out of core-netvm.spec 
It is already in core-appvm.
 2011-03-23 11:46:53 +01:00
Rafal Wojtczuk
dd9f1a6f7f Move execution of qrexec_agent to qubes_core 
Previously it was in both qubes_core_appvm and qubes_core_netvm;
somehow counterintuitively, qubes_core_netvm executes on appvm, too. So
move it to a common place.
 2011-03-23 11:34:01 +01:00
Marek Marczykowski
46190b9d82 Copy kernel for standalone VM 2011-03-23 09:59:59 +01:00
Rafal Wojtczuk
a814b522b9 Fix permissions on the dvm template directory. 
Needed in case default_template-dvm VM was created in init
scripts, and files are not writeble by group qubes.
 2011-03-23 09:36:30 +01:00
Rafal Wojtczuk
4e78284e4f block.qubes: pass arguments correctly to other scripts 2011-03-23 09:31:44 +01:00
Rafal Wojtczuk
105486135b Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/smoku/core into spring-merge 2011-03-23 09:23:38 +01:00
Tomasz Sterna
481e9871c4 Implemented implicit rule to allow ICMP traffic in firewall 2011-03-21 22:06:53 +01:00
Rafal Wojtczuk
488eda21d9 Merge branch 'blockless' into spring-merge 
Conflicts:
	appvm/Makefile
	appvm/qubes_core
	netvm/qubes_core
	rpm_spec/core-appvm.spec
	rpm_spec/core-netvm.spec
 2011-03-21 13:54:35 +01:00
Marek Marczykowski
a5a43cdbc7 Fix missing arg to reset_volatile_storage (#118) 
And do not call it twice...
 2011-03-19 17:05:53 -04:00
Marek Marczykowski
bc383b692d Use clean-volatile.img.tar instead of unpacked one (#118) 
"tar x" is much faster than cp on sparse file
 2011-03-19 17:05:00 -04:00
Marek Marczykowski
a6ee9d66f5 qvm-backup-{,restore} - support for standalone VMs 
Backup root.img instead of (non-existing) root-cow.img
 2011-03-18 22:24:08 -04:00
Marek Marczykowski
c461835ea7 Dont allow to change disable 'updateable' flag of standalone VM 2011-03-18 22:19:03 -04:00
Marek Marczykowski
ee28ca10d4 Indent, blank lines 2011-03-18 22:18:31 -04:00
Marek Marczykowski
823bd1ce0f Use common image for swap and root-cow - volatile.img (#118) 
This reduces xvd* devices count, so speeds up VM start.
Also swap-cow is no longer needed, so remove this additional dm-snapshot layer.
 2011-03-18 22:15:32 -04:00
Marek Marczykowski
74d61e7f9a Autocommit template changes after template shutdown (#96) 2011-03-18 18:54:14 -04:00
Marek Marczykowski
55780b8c15 Indent fix 2011-03-18 18:24:55 -04:00
Tomasz Sterna
aa58bec1d9 Fixed default policy handling in firewall rules 2011-03-18 14:12:19 +01:00
Rafal Wojtczuk
7f6a06c354 qrexec: in write_stdin, remove dependency on write size 
Previous code could barf when write was partial; probably can happen
only if we increase vchan buffer size, but it is better isolated now.
 2011-03-18 11:16:05 +01:00
Rafal Wojtczuk
1d24ef9d1a qrexec: when forgetting about a client/process, flush buffered data 
We need to spawn a child to take care of buffered data flushing, if there
is any. Expensive, but should be needed rarely.
 2011-03-17 18:15:04 +01:00
Rafal Wojtczuk
53b517f6a5 qrexec: move set_nonblock function to write_stdin 
It will be needed there.
 2011-03-17 17:53:33 +01:00
Rafal Wojtczuk
fb71bf968c qrexec_agent: when receiving close from daemon, check buffered data 
We need to wait for buffer flush, so that buffered data is not lost,
and only then close pipe to the child.
 2011-03-17 17:37:35 +01:00
Rafal Wojtczuk
af7fefa73f qrexec: handle buffered writes correctly 
In case when we have a buffered write, always append to the
buffer, even if the pipe happens to be writable now. If not,
in case of certain tight race we might end up writing buffered data in
wrong order.
 2011-03-17 16:53:29 +01:00
Marek Marczykowski
33e7ee3623 Reduce duplicated code in qubes.xml load 
Parse common attrs in separate function.
Side effect: possibility to set custom TemplateVM label
 2011-03-16 20:40:15 -04:00
Marek Marczykowski
bef1ea4c92 Reduce duplicated code in create_xml_entries 2011-03-16 19:42:01 -04:00
Marek Marczykowski
4e68c4cde9 Standalone VM (#98) 
'updateable' property is now read-onlyr; updateable=True means that VM has own
root.img, not persistent root-cow.img.
 2011-03-16 18:45:02 -04:00
Joanna Rutkowska
4c5d9f56c7 Tag RPMs with dist info 2011-03-16 19:14:42 +01:00
Marek Marczykowski
ef6a3e576b Parse tags %MEM% and %VCPUS% in {app,net}vm-template.conf (#115) 2011-03-16 13:39:54 -04:00
Marek Marczykowski
379a5620c8 Fix netvm creation from template 
Missing netvms_conf_file parameter in template
 2011-03-16 13:38:16 -04:00
Rafal Wojtczuk
4087b1d052 Package qvm-copy-to-vm2*, too. 2011-03-16 16:47:32 +01:00
Marek Marczykowski
1892bef66f Require xen 3.4.3-6 with fixed /etc/xen/scripts/block 2011-03-16 11:32:51 -04:00
Marek Marczykowski
2b78538376 Merge git://git.qubes-os.org/joanna/core 2011-03-16 11:29:55 -04:00
Rafal Wojtczuk
e410ad52ba Bloody perror messes with errno; need to save errno. 2011-03-16 16:24:54 +01:00
Marek Marczykowski
343e23d459 Version 1.4.1 2011-03-16 11:20:00 -04:00
Rafal Wojtczuk
d40fb3a2e1 Fifo semantics is hard to get right. 
Finally: we need to close the command pipe at EOF.
 2011-03-16 16:11:05 +01:00
Joanna Rutkowska
e659710d62 version 1.4.1 2011-03-16 15:57:54 +01:00
Rafal Wojtczuk
15bab70eae Handle pipe io in qrexec_agent properly 
Don't reopen pipe after each read - no need, and it could lose events.
 2011-03-16 15:18:37 +01:00
Rafal Wojtczuk
769eedd33a Make qrexec_client wait for its local child before exiting 
If we do not wait and exit imemdiately, qrexec_daemon will decrease
the children count and continue spawning processes, while e.g.
qfile-daemon still waits for kdialog - so dom0 will be DoSed by
multiple processes.
 2011-03-16 14:52:35 +01:00
Rafal Wojtczuk
27cfd6111a qrexec_daemon limits the number of its children 
So that evil VM cannot just send flood of exec qfile-daemon requests,
and DoS dom0.
 2011-03-16 14:21:45 +01:00