Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
3,149 Commits 1 Branch 0 Tags 15 MiB
d2617917be
Commit Graph

3149 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Marek Marczykowski-Górecki
25c425920c qvm-tools: fix error reporting in qvm-kill 2015-01-30 01:38:56 +01:00
Marek Marczykowski-Górecki
73301a67c8 core: fix vm.run(..., passio=False) handling 
Long time ago passio=True was used to replace current process with
qrexec-client directly (qvm-run --pass-io was the called), but this
behaviour is not used anymore (qvm-run was the only user). And this
option was left untouched, with misleading name - one would assume that
using passio=False should disallow any I/O, but this isn't the case.

Especially qvm-sync-clock is calling clockvm.run('...', wait=True),
default value for passio=False. This causes to output data from
untrusted VM, without sanitising terminal sequences, which can be fatal.

This patch changes passio semantic to actually do what it means - when
set to True - VM process will be able to interact with
stdin/stdout/stderr. But when set to False, all those FDs will be
connected to /dev/null.

Conflicts:
	core-modules/000QubesVm.py
 2015-01-30 01:38:52 +01:00
Marek Marczykowski-Górecki
1da8ab5823 core: Add missing import 2015-01-08 03:55:02 +01:00
Marek Marczykowski-Górecki
adff88101a Rework QubesWatch implementation for libvirt events 2014-12-26 02:56:38 +01:00
Marek Marczykowski-Górecki
d4ab70ae9d core: update qvm-block code for HAL API 
Use QubesDB to get list of devices, call libvirt methods to
attach/detach devices.
 2014-12-12 03:59:01 +01:00
Zrubi
b4e0833cb7 qubes-hcl-report v2.2 
- Network devices section added to HCL Info output
 2014-12-05 19:33:17 +01:00
Zrubi
55fce5dd36 qubes-hcl-report v2.1 
- script redesign,
- fixed VT-d, VT-x detection,
- Support File generation is optional,
- the results are kept in dom0 by default,
- version and usage info added.

(cherry picked from commit f5845b2df1db19da37f02ace24f29a82660c39ff)
 2014-12-05 17:06:17 +01:00
Marek Marczykowski-Górecki
7a3bce6c61 core: fix is_paused method 2014-11-29 02:58:47 +01:00
Marek Marczykowski-Górecki
6da608783f version 3.0.0 2014-11-22 16:24:11 +01:00
Marek Marczykowski-Górecki
ebb9a1fcb2 dispvm: fix tray notifications (#874) 
Conflicts:
	dispvm/qfile-daemon-dvm
 2014-11-21 23:46:58 +01:00
Marek Marczykowski-Górecki
592a4901c9 core: import monitorlayoutnotify instead of calling it as external script 
Otherwise deadlock could happen - the script will try to get read lock
on qubes.xml, while the calling tool can already hold the lock. If that
was write lock (which is in case of qfile-daemon-dvm), the deadlock
occurs.
 2014-11-21 21:45:03 +01:00
Marek Marczykowski-Górecki
ce716f9c5a rpm: add R: PyQt4 for guihelpers module 
It was pulled by qubes-manager, but since it is optional, we shouldn't
rely on its dependencies.
 2014-11-21 20:09:57 +01:00
Wojciech Zygmunt Porczyk
6b0a5f9738 storage/xen.py: always initialise args['otherdevs'] 2014-11-19 12:50:32 +01:00
Marek Marczykowski-Górecki
37696b7d43 rpm: move xenconsoled configuration to xen package 2014-11-19 12:50:32 +01:00
Marek Marczykowski-Górecki
1df73d31c6 core: xid is no longer local variable here 2014-11-19 12:50:32 +01:00
Marek Marczykowski-Górecki
9205c5c054 core: fix imports 2014-11-19 12:50:32 +01:00
Marek Marczykowski-Górecki
479ac1e42d core: check libvirt error on specific connection 
Not global last one.
 2014-11-19 12:50:32 +01:00
Rafał Wojdyła
7e8978d278 wni: changed qrexec agent path environment variable name 2014-11-19 12:50:32 +01:00
Rafał Wojdyła
f91d6e93f6 wni: set random password on user creation 2014-11-19 12:50:31 +01:00
Rafał Wojdyła
ccd04c7c8f wni: properly get user profiles directory 2014-11-19 12:50:31 +01:00
Rafał Wojdyła
81fb2b696b wni: vm users can't change their password 2014-11-19 12:50:31 +01:00
Rafał Wojdyła
74d09070fb .gitignore: added *.msm 2014-11-19 12:50:31 +01:00
Rafał Wojdyła
b4d827d5e8 wni: remove user profiles on domain removal 2014-11-19 12:50:31 +01:00
Rafał Wojdyła
97c793ed16 QubesVm.run(): wait for client to exit on Windows 2014-11-19 12:50:31 +01:00
Rafał Wojdyła
b6a379e94a Fixed PyQt4 import in guihelpers 2014-11-19 12:50:31 +01:00
Marek Marczykowski-Górecki
fef2672935 settings-wni: get installation directory from windows registry 2014-11-19 12:50:31 +01:00
Marek Marczykowski-Górecki
8f1ca4ac50 windows/installer: configurable destination directory 2014-11-19 12:50:31 +01:00
Marek Marczykowski-Górecki
3ba424e6ac Use VM name as argument to qrexec-client 
This is the only place where ID was used - all other places uses name.
Linux qrexec-client accepts both ID and name, but sticking to one option
will simplify things (especially Windows qrexec-client/daemon).
 2014-11-19 12:50:31 +01:00
Marek Marczykowski-Górecki
def58ab911 core: typo fix 2014-11-19 12:50:30 +01:00
Marek Marczykowski-Górecki
687e004b1d windows: workaround for windows "behavior" regarding parsing exec() arguments 2014-11-19 12:50:30 +01:00
Marek Marczykowski-Górecki
803e128b8e wni: Add qrexec-client path to WNI settings 2014-11-19 12:50:30 +01:00
Marek Marczykowski-Górecki
071a01d29e guihelpers: Import PyQt only when needed 2014-11-19 12:50:30 +01:00
Marek Marczykowski-Górecki
4bf094a3f8 windows/installer: Fix python registry path 2014-11-19 12:50:30 +01:00
Marek Marczykowski-Górecki
06189b4a5b wni: set path to qrexec-daemon 2014-11-19 12:50:30 +01:00
Marek Marczykowski-Górecki
4bd14f5011 windows: installer 2014-11-19 12:50:30 +01:00
Marek Marczykowski-Górecki
63eccac025 wni: use win32net module for creating new user 
This require UAC disabled (or already started as administrator), but
works much more reliable ("net user" sometimes fails _silently_).
 2014-11-19 12:50:30 +01:00
Marek Marczykowski-Górecki
e5c2448af4 copy & paste error (VM rename fix) 2014-11-19 12:50:30 +01:00
Marek Marczykowski-Górecki
27b031c59f Check for None before calling method (VM rename fix) 2014-11-19 12:50:29 +01:00
Marek Marczykowski-Górecki
39918fa9e2 Makefile: add entries for windows build 2014-11-19 12:50:29 +01:00
Marek Marczykowski-Górecki
c3d9b1971a Handle the case when libvirt object doesn't exists for given VM 
This can be some "virtual" VM (like dom0).
 2014-11-19 12:50:29 +01:00
Marek Marczykowski-Górecki
5763beb898 HVM: do not fail on non-Xen systems (without xenstore) 
Currently getting Stubdom XID is (the last one?) read directly from
Xenstore as there is no libvirt function for it.
This means that even if HVM is running it can have not connection to
Xenstore. For now give -1 in such situation.
 2014-11-19 12:50:29 +01:00
Marek Marczykowski-Górecki
4300d778a5 qvm-toos: import dbus only when needed 
Void import errors when 'dbus' module not really needed.
 2014-11-19 12:50:29 +01:00
Marek Marczykowski-Górecki
d88da1e66b wni: add missing parameter 2014-11-19 12:50:29 +01:00
Marek Marczykowski-Górecki
f6729b4968 wni: use generated password 2014-11-19 12:50:29 +01:00
Marek Marczykowski-Górecki
5dbad01796 Fill some more WNI settings 
Especially use new "wni" libvirt driver.
 2014-11-19 12:50:29 +01:00
Marek Marczykowski-Górecki
7e355c5dad core: ignore error when PCI device already "detached" 
This can be the case at startup, when all network devices are connected
to pciback module by initramfs.
 2014-11-19 12:50:29 +01:00
Marek Marczykowski-Górecki
5b0b62ee5b rpm: fix path 2014-11-19 12:50:28 +01:00
Marek Marczykowski-Górecki
8d0863d40f storage: Force sync after preparing volatile.img 
This makes possible to release d-m partitions devices sooner (so avoid
race with kpartx).
 2014-11-19 12:50:28 +01:00
Marek Marczykowski-Górecki
ea68c6a766 xen: fix template vm storage code 2014-11-19 12:50:28 +01:00
Marek Marczykowski-Górecki
11047bf427 Use platform specific locking method 
None of found existing portable locking module does support RW locks.
Use lowlevel system locking support - both Windows and Linux support
such feature.

Drop locking code in write_firewall_conf() b/c is is called with
QubesVmCollection lock held anyway.
 2014-11-19 12:50:28 +01:00