Make sure that even compromised frontend will be cut of (possibly
sensitive - like a webcam) device. On the other hand, if backend domain
is already compromised, it may already compromise frontend domain too,
so none of them would be better to call detach to.
QubesOS/qubes-issues#531
- Use full import paths in qvm-pool
- Add, Remove, Info and List options set `Namespace.command`. This fixes a crash
when `-o dir_path=/mnt/foo` is specified after `-a foo xen`.
- Remove `_List`
- Remove 'added pool' and 'removed pool' messages. Unix tools are quiet
- qvm-pool call app.save()
- Rename create_parser in get_parser
- Rename local_parser variables to just parser
- qvm-pool uses print_table
qrexec-daemon will start new processes for called services, which
include starting new DispVM, starting other required VMs (like backend
GPG VM). Having those processes as root leads to many permissions
problems, like the one linked below. So when VM is started by root, make
sure that qrexec-daemon will be running as normal user (the first user
in group 'qubes' - there should be only one).
QubesOS/qubes-issues#1768
- Remove old qvm-remove
- Remove a log line from Storage, because it prints confusing lines, like:
Removing volume kernel: /var/lib/qubes/vm-kernels/4.1.13-6/modules.img
Add the ability to handle commands having subcommands, like `qvm-block`
Split the ArgumentCheckVisitor in an OptionsCheckVisitor &
SubCommandCheckVisitor. The OptionsCheckVisitor checks options given
in a section named 'Options' (case insensitive), while the
SubCommandCheckVisitor dispatches on a section named 'Commands' (case
insensitive).
This also fixes finding the undocumented command arguments. The previous
solution with depart_document did not work. NodeVisitor does not dispatch to
depart_document() even if it's mentioned in the documentation.
On KDE5 native decoration plugin is used and requires special properties
set (instead of `_QUBES_VMNAME` etc).
Special care needs to be taken when detecting environment, because
environment variables aren't good enough - this script may be running
with cleared environment (through sudo, or from systemd). So check
properties of X11 root window.
QubesOS/qubes-issues#1784
Trim template name to fit full VM name in 31 chars.
At the same time, check if the VM already exists - if so - remove it
first (or error out asking the user to remove it manually - if VM isn't
marked as internal).
Now that VM is created as internal, to skip appmenus creation.
QubesOS/qubes-issues#1910FixesQubesOS/qubes-issues#1655
This behaves better when running multiple VMs. If one need full CPU
power in some VM, it is always possible to increase vCPUs for this
particular VM.
FixesQubesOS/qubes-issues#1891
