Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
5,072 Commits 1 Branch 0 Tags 15 MiB
cf92a576ad
Commit Graph

81 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
3217c3ac4e
Merge remote-tracking branch 'qubesos/pr/156' 
* qubesos/pr/156:
  tests: Add unit tests for pvh virt_mode
  Don't allow attached PCI devices and virt_mode = 'pvh'
 2017-11-20 22:40:53 +01:00
Marek Marczykowski-Górecki
2164a8d7b8
Change license to LGPL v2.1+ 
See this thread for reasoning and acceptance from contributors:
https://groups.google.com/d/topic/qubes-devel/G7KzrfU0lWY/discussion
"Changing qubes-core-admin license to LGPL v2.1+"
 2017-10-12 00:11:50 +02:00
HW42
67c06eb428 Don't allow attached PCI devices and virt_mode = 'pvh' 2017-10-11 21:10:43 +02:00
Marek Marczykowski-Górecki
451cc339c7
ext/block: accept any boolean value for 'read-only' option 
Be consistent with other parts of the Admin API. Especially ...Attach
accept "standard" boolean values for persistent= option.
 2017-10-04 15:24:53 +02:00
Marek Marczykowski-Górecki
3548ee1163
ext/block: properly list devtype=cdrom option 2017-09-29 11:52:59 +02:00
Marek Marczykowski-Górecki
fd5aaa8866
block: fix handling non-existing devices 
Don't yield None as DeviceInfo object. The device-get: event handlers
are expecte to yield anything only when there is a device.
 2017-09-29 11:52:59 +02:00
Marek Marczykowski-Górecki
f6d10ec243
block: improve handling device name and description 
Don't fail when device have no description. Also, handle device name
consistently - there is already name_re defined.
 2017-09-29 11:52:59 +02:00
Marek Marczykowski-Górecki
3f33a7bc2c
fix and enable ServicesExtension 
This extension is responsible for communicating service.* features to
VMs - in other words, qvm-service framework

Fixes QubesOS/qubes-issues#3019
 2017-08-14 02:30:52 +02:00
Marek Marczykowski-Górecki
22f2fe6d69
block: add support for devtype option 
QubesOS/qubes-issues#2951
 2017-08-01 15:20:36 +02:00
Marek Marczykowski-Górecki
8a8674bb57
ext/core_features: add handling 'qubes-firewall' feature request 
VM (template) can announce whether it support enforcing firewall rules
or not.

Fixes QubesOS/qubes-issues#2003
 2017-07-30 18:34:43 +02:00
Marek Marczykowski-Górecki
36f1a3abaf
Merge branch 'services' 
* services:
  tests: check clockvm-related handlers
  doc: include list of extensions
  qubesvm: fix docstring
  ext/services: move exporting 'service.*' features to extensions
  app: update handling features/service os ClockVM
 2017-07-29 05:09:32 +02:00
Marek Marczykowski-Górecki
1a6728cb12
ext/services: move exporting 'service.*' features to extensions 
This means core code will not publish any features by default.
 2017-07-28 16:32:47 +02:00
Marek Marczykowski-Górecki
67c382c8b0
ext/block: make use of QubesDB watch 
Actually use just introduced API.

Also document new `device-list-change:class` event.

QubesOS/qubes-issues#2940
 2017-07-25 05:20:39 +02:00
Marek Marczykowski-Górecki
0fb7c1fbed
Follow change of qubesdb path return type 
It's str/unicode, not bytes now.

QubesOS/qubes-issues#2937
 2017-07-25 05:20:38 +02:00
Marek Marczykowski-Górecki
1759bca00f
Rename vm.qdb to vm.untrusted_qdb 
QubesDB can be freely modified by a VM, so one should take care when
reading any data retrieved from it.

Fixes QubesOS/qubes-issues#2934
 2017-07-24 13:01:55 +02:00
Marek Marczykowski-Górecki
8cb831da29
ext/admin: allow setting 'created-by-*' tags from dom0 
Add an exception for this limit - if for nothing else, to allow full
backup restore (non-paranoid mode).
 2017-07-17 02:42:36 +02:00
Marek Marczykowski-Górecki
cbc7241a93
api/admin: rename mgmt-permission:* event to admin-permission:* 
Be more consistent with Admin API name and method names.
 2017-07-17 02:41:42 +02:00
Wojtek Porczyk
b04f612374 qubes: have "service" features' keys separated by period 2017-07-05 04:16:16 +02:00
Wojtek Porczyk
8c9ce0587b ext/admin: add explanation to PermissionDenied 2017-06-22 13:21:37 +02:00
Wojtek Porczyk
2942f8bcac qubes: admin extension 
for managing tags
 2017-06-21 23:12:54 +02:00
Marek Marczykowski-Górecki
86a935e779
qubes.NotifyTools: ignore '/qubes-tools/version' completely 
It isn't used for anything, so simply ignore it for good.

https://github.com/QubesOS/qubes-core-admin/pull/109#discussion_r121421409
 2017-06-14 10:44:24 +02:00
Marek Marczykowski-Górecki
ee442c754f
api/misc: integrate qubes.NotifyTools logic with qubes.FeaturesRequest 
Make qubes.NotifyTools reuse logic of qubes.FeaturesRequest, then move
actual request processing to 'features-request' event handler. At the
same time implement handling 'qrexec' and 'gui' features request -
allowing to set template features when wasn't already there.
Behavior change: template is no longer allowed to change feature value
(regardless of being True or False). This means the user will always be
able to override what template have set.
 2017-06-12 12:22:39 +02:00
Marek Marczykowski-Górecki
9bb5054e50
ext: BlockDevices extension 
Handle block devices exposed by VMs
 2017-06-05 23:33:58 +02:00
Wojtek Porczyk
bbe757d0a7 Make pylint very ♥ 2017-05-30 15:06:05 +02:00
Wojtek Porczyk
a9755ed76a qubes/ext/gui: remove is-fully-usable and is_guid_running 2017-05-29 17:34:15 +02:00
Marek Marczykowski-Górecki
e54cc11a2c
vm: expose to VM only features with 'service/' prefix 
And place them in /qubes-service/ QubesDB directory. This allows
extensions to easily store some data not exposed to VM, but also have
control what VM will see. And at the same time, it make it compatible
with existing services framework

QubesOS/qubes-issues#1637
 2017-05-26 15:08:19 +02:00
Marek Marczykowski-Górecki
6bc44b43de
pci: adjust PCIDeviceExtension device identifier syntax 
':' is not allowed in device identifier, replace it with '_'.

Warning: this breaks existing qubes.xml
 2017-05-22 17:11:19 +02:00
Marek Marczykowski-Górecki
402afa1925
pci: use device attach options for disabling strict reset 
Since we have now per-device options, it's more logical to use it here,
instead of features with device identifier encoded into feature name.
 2017-05-22 03:21:13 +02:00
Marek Marczykowski-Górecki
227010d433
pci: fix device-pre-attach event signature 
Now it contains also options. PCI extension do not use it, yet.
 2017-05-19 18:49:22 +02:00
Marek Marczykowski-Górecki
da7496794a
events: add support for per-instance handlers 2017-05-12 14:25:32 +02:00
Marek Marczykowski-Górecki
033d2132d3
ext/gui: remove most of it, moved to qvm-start-gui tool... 
...in core-mgmt-client repository. qubesd isn't the right place to start
GUI applications, which will be even more important when GUI domain will
be something different than Dom0.

QubesOS/qubes-issues#833
 2017-05-12 14:25:29 +02:00
Bahtiar `kalkin-` Gadimov
8d60f533c3
PCI extension cache PCIDevice objects 2017-04-15 23:50:11 +02:00
Bahtiar `kalkin-` Gadimov
79407a8717
Make pylint ♥ 2017-04-15 23:50:11 +02:00
Bahtiar `kalkin-` Gadimov
9da28c9c15
device-list-attached event returns a dev/options tupples list 2017-04-15 23:49:40 +02:00
Bahtiar `kalkin-` Gadimov
0b3aebac9f
Update ext/pci to new api 
Signed-off-by: Bahtiar `kalkin-` Gadimov <bahtiar@gadimov.de>
 2017-04-15 18:05:29 +02:00
Bahtiar `kalkin-` Gadimov
9d08e4b792
Fix bug in PCIDeviceExtension: decode buffer to string 2017-04-15 18:05:12 +02:00
Marek Marczykowski-Górecki
96db9a46d1 Fix start-related asyncio integration 
cherry-picked commit 05fc3a4
 2017-04-07 17:46:54 +02:00
Wojtek Porczyk
cce809c2cb qubes/vm/qubesvm: async def start 
QubesOS/qubes-issues#2622
 2017-03-30 23:04:55 +02:00
Marek Marczykowski-Górecki
3726c7d9c3
python: decode xrandr output earlier, don't use regexp on bytes 2017-02-27 02:37:49 +01:00
Marek Marczykowski-Górecki
570cbe5225
qubes: py3k related fixes 2017-02-27 02:37:45 +01:00
Wojtek Porczyk
be53db4db9 qubes/events: they accept only keyword arguments 
Positional arguments are hereby deprecated, with immediate effect.

QubesOS/qubes-issues#2622
 2017-02-21 14:46:42 +01:00
Marek Marczykowski-Górecki
a317e81d7e
qubes/ext/gui: adjust shm.id path 
It's moved to /var/run/qubes and now is built based on $DISPLAY.
 2017-02-15 00:01:33 +01:00
Wojtek Porczyk
d74567d65f qubes: port core to python3 
fixes QubesOS/qubes-issues#2074
 2017-01-20 16:42:51 +01:00
Marek Marczykowski-Górecki
a318d5cea9
Don't fail on DBus connection error or opening log 
Especially in offline mode - like during installation, tests etc.

QubesOS/qubes-issues#2412
 2016-11-26 04:08:59 +01:00
Marek Marczykowski-Górecki
c08766e157
qubes/features: rename 'services/ntpd' to 'service/ntpd' 
It makes much more sense to use singular form here - ntpd is a single
service.
 2016-11-26 04:08:06 +01:00
WetwareLabs
cedd822735 Fix sending monitor layout info when xrandr has one output disconnected 
Signed-off-by: WetwareLabs <marcus@wetwa.re>
 2016-09-29 14:13:38 +02:00
Marek Marczykowski-Górecki
d5b3d971ee
qubes/ext/r3compat: update firewall handling for new API 
QubesOS/qubes-issues#1815
 2016-09-19 20:36:31 +02:00
Marek Marczykowski-Górecki
8ca08c7790
qubes/ext/pci: fix handling dom0 before starting first VM 
Before starting fist VM, backend/pci xenstore directory does not exists.
Do not crash on it

QubesOS/qubes-issues#2257
 2016-09-13 02:15:25 +02:00
Marek Marczykowski-Górecki
aa0674e8bb
qubes/vm: make VM QubesDB interface as much compatible as possible 
All the base keys can be kept easily the same, so do it.

QubesOS/qubes-issues#1812
 2016-09-08 04:17:48 +02:00
Marek Marczykowski-Górecki
c534b68665
qubes/vm: start VM daemons as normal user 
This is migration of core2 commits:

commit d0ba43f253
Author: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Date:   Mon Jun 6 02:21:08 2016 +0200

    core: start guid as normal user even when VM started by root

    Another attempt to avoid permissions-related problems...

    QubesOS/qubes-issues#1768

commit 89d002a031
Author: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Date:   Mon Jun 6 02:19:51 2016 +0200

    core: use runuser instead of sudo for switching root->user

    There are problems with using sudo in early system startup
    (systemd-logind not running yet, pam_systemd timeouts). Since we don't
    need full session here, runuser is good enough (even better: faster).

commit 2265fd3d52
Author: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Date:   Sat Jun 4 17:42:24 2016 +0200

    core: start qubesdb as normal user, even when VM is started by root

    On VM start, old qubesdb-daemon is terminated (if still running). In
    practice it happen only at VM startart (shutdown and quickly start
    again). But in that case, if the VM was started by root, such operation
    would fail.
    So when VM is started by root, make sure that qubesdb-daemon will be
    running as normal user (the first user in group 'qubes' - there should
    be only one).

    Fixes QubesOS/qubes-issues#1745
 2016-09-08 04:17:47 +02:00