Commit Graph

513 Commits

Author SHA1 Message Date
Rafal Wojtczuk
d2301ab125 qvm-prefs: allow on the fly netvm switch (#302)
When changing netvm of a running vm, detach/attach eth0.
Some functionality of qubes_core_netvm thus is duplicated in setup_ip.
REQUIRES http://git.qubes-os.org/?p=rafal/xen.git;a=commit;h=42c72e6173586a807f8f153391e2e57352d362b1
2011-08-01 15:06:01 +02:00
Rafal Wojtczuk
f264b76a61 qvm-backup: handle standaloneVM properly
Do not attempt to copy apps.templates; copy apps/ instead.
2011-08-01 11:14:35 +02:00
Joanna Rutkowska
7a6ccae638 Dom0: set metadata_expiry=0 for qubes-dom0-cached repo
This way the list of dowloaded packages (via qvm-dom0-upgrade) will be immediately seen by yum.
2011-07-30 14:07:35 +02:00
Joanna Rutkowska
7a12cbd0e8 Dom0: restart ehci_hcd module on resume for all netvms (#299) 2011-07-30 11:20:11 +02:00
Joanna Rutkowska
71209b5b39 Merge branch 'prebeta2' of git.qubes-os.org:/var/lib/qubes/git/rafal/core 2011-07-30 11:01:23 +02:00
Rafal Wojtczuk
8ecd6134d9 firewall: call iptables-restore once per domain (#311)
qubes.py now places rules for each domain in a separate key under
/local/domain/fw_XID/qubes_iptables_domainrules/
plus the header in /local/domain/fw_XID/qubes_iptables_header.
/local/domain/fw_XID/qubes_iptables is now just a trigger.
So, if iptables-restore fails dues to e.g. error resolving a domain name
in a rules for a domain, then only this domain will not get connectivity,
others will work fine.
2011-07-29 16:50:12 +02:00
Rafal Wojtczuk
4ad919bf6d Correct usage of "date -s" when syncing clock in dom0
Apparently, "date -s" does not like the output of "date +%s.%N".
While at it, add basic date format sanitization.
2011-07-29 12:12:15 +02:00
Rafal Wojtczuk
6fc358bd20 dispvm: honour current choice of template for dispvm
... when auto-refreshing the dispvm savefile.
While at it, also copy dispvm-prerun.sh script in qvm-clone.
2011-07-26 17:09:59 +02:00
Rafal Wojtczuk
3df2e9783d dispvm: when updating savefile on demand, present zenity progress bar 2011-07-26 16:36:59 +02:00
Marek Marczykowski
002fad72c4 dom0+vm: Polishing qvm-dom0-upgrade (#287)
Do not print error message when no package downloaded. Also some more covenient
usage when dowloading new packages (implied --resolve --nogui).
2011-07-25 13:45:36 +02:00
Joanna Rutkowska
5e95380db9 dom0: qvm-prefs: allow to change template for a VM 2011-07-24 23:24:45 +02:00
Joanna Rutkowska
2b2cae61ee Merge branch 'prebeta2' of git.qubes-os.org:/var/lib/qubes/git/rafal/core 2011-07-24 17:20:33 +02:00
Rafal Wojtczuk
dc4d9b32f1 Add comments to policy files. 2011-07-22 16:11:03 +02:00
Rafal Wojtczuk
c23cc480b8 qrexec: use $anyvm and $dispvm symbols 2011-07-22 16:07:06 +02:00
Rafal Wojtczuk
7cfbe1c7d8 qubes.py: postpone qmmeman.close()
There are indications that when parent "xl" process exits, the domain is not
booted completely; and xl actions may interfere with qmemman memory balancing.
Thus, in VM.start(), we delay releasing of qmemman handle until qrexec_daemon
connects successfully.
2011-07-22 15:07:04 +02:00
Rafal Wojtczuk
9192a42b91 qmemman: when balooning, make sure that past mem-set will not steal memory 2011-07-22 13:40:21 +02:00
Rafal Wojtczuk
2fc5d190fd qmemman: calculate dom0 maxmem properly
In fact, set to ALL_PHYS_MEM (and the same for other domains that do not
have static-max key, although there should not be any). Previous method
of using maxmem_kb was broken, as qmemman sets maxmem_kb to the memory target
(which I do not like btw).
2011-07-22 11:33:11 +02:00
Marek Marczykowski
1b1073d1ff dom0: Force NetVM shutdown (#304)
Just allow to shut down netvm and firewallvm at the same time.
2011-07-21 01:01:31 +02:00
Marek Marczykowski
342261ff10 dom0: Do not clone config file with template
Not needed any more
2011-07-21 00:49:03 +02:00
Marek Marczykowski
1b093d5cc4 dom0/qvm-clone-template: *_xen_storage call once again... (#291) 2011-07-21 00:48:57 +02:00
Marek Marczykowski
6fc8d1b811 dom0/qvm-backup: ignore *-dvm VMs (#292) 2011-07-21 00:14:25 +02:00
Marek Marczykowski
fd4821a1ff dom0/qvm-backup: update list of backed up files (#294)
Config and kernel not needed any more, but added appmenus list.
2011-07-21 00:12:54 +02:00
Marek Marczykowski
1dc226aba1 dom0/qvm-backup-restore: remove --recreate-conf-files option (#295)
Now useless, as config files are regenerated at each VM start
2011-07-21 00:04:57 +02:00
Marek Marczykowski
c9ad2314ea dom0: variable names conflict (#290)
uuid is also name of (used here) python module...
2011-07-20 16:12:28 +02:00
Marek Marczykowski
f1153a5413 dom0: initialize vmtype in create_appmenus (#212) 2011-07-20 16:06:22 +02:00
Marek Marczykowski
c1f4fcc172 dom0: qvm-backup-restore change restore loop logic (#212) 2011-07-20 16:02:57 +02:00
Joanna Rutkowska
2c2b7111eb sony-vaio-fixes v1.6.1
* display quirks no longer needed for 2.6.38 kernel
* i8042.nopnp no longer needed for 2.6.38 kernel
2011-07-17 14:15:14 +02:00
Joanna Rutkowska
4044c2da8b dom0: qvm-run: Disable verbose mode when using --pass_io
We should really fix all the qvm-rools to use stderr for diagnastic output instead...
2011-07-17 13:56:09 +02:00
Marek Marczykowski
99dfdd70c3 dom0: Hide some messages from 'xl' tool (#265) 2011-07-17 01:54:27 +02:00
Marek Marczykowski
700aff406f dom0: create link also for dvm.conf (#262) 2011-07-17 01:30:44 +02:00
Marek Marczykowski
e5a0fc4d05 dom0: force permissions on qubes-dom0-cache repo dirs 2011-07-17 01:30:44 +02:00
Marek Marczykowski
906741c361 dom0: do not use os.getlogin()
It doesn't work when VM started from init.d script
2011-07-17 01:30:44 +02:00
Marek Marczykowski
059ecb3224 dom0: run netvm+firewallvm daemons as group qubes
To give them access to X server.
2011-07-17 01:30:44 +02:00
Marek Marczykowski
79d593e191 dom0: Allow UID as parameter to qfile-dom0-unpacker 2011-07-17 01:28:14 +02:00
Marek Marczykowski
4f10835d83 dom0: create directory for rpm updates (#198) 2011-07-17 01:20:13 +02:00
Marek Marczykowski
7c5aa0d3ea dom0: Place DispVM savefile in shm only when exists (#262) 2011-07-17 01:20:13 +02:00
Marek Marczykowski
182e1ccf2b dom0: watch for updates from dom0 (#198)
Additionally synchronize clock every 6h. This is started by xdg-autostart (not
qvm-core) to have running Xorg - needed to prompt user for updates download.
2011-07-17 01:20:13 +02:00
Marek Marczykowski
02ae961bf0 dom0: hide warnings from tar (#265)
Unfortunately tar in Fedora 13 is to old to support --warning option, which
disables only particular kind of warnings..
2011-07-17 01:20:13 +02:00
Marek Marczykowski
4607428c38 dom0: validate downloaded packages names (#198) 2011-07-17 01:20:13 +02:00
Marek Marczykowski
49257d488b dom0+vm: download updates as normal user (#198) 2011-07-17 01:20:13 +02:00
Marek Marczykowski
977b058395 dom0: implement size/file-count limit of downloaded updates (#198)
Currently limit is 2GB and 2048 files, but can be adjusted by env variables
(UPDATES_MAX_BYTES, UPDATES_MAX_FILES).
2011-07-17 01:20:13 +02:00
Marek Marczykowski
60d14758d6 dom0: create xen-hotplug state dir 2011-07-17 01:20:06 +02:00
Marek Marczykowski
8121e80db0 dom0: script for initrd regeneration (#7) 2011-07-15 12:52:01 +02:00
Marek Marczykowski
a68faecc35 dom0: initialize default_kernel parameter 2011-07-15 12:24:27 +02:00
Marek Marczykowski
a5429c31fa dom0: provide explicit config path to xl save
The default behaviour is to take it from /var/lib/xen, where files are created
with mode 600, so unable to read it as normal user.
2011-07-14 02:11:51 +02:00
Marek Marczykowski
7bf51a71e7 dom0: Set correct qubes_vm_type for DispVM (#271) 2011-07-13 01:21:55 +02:00
Marek Marczykowski
8a933a76ec dom0: Fix appmenu-select desktop file name (#266) 2011-07-12 19:46:00 +02:00
Marek Marczykowski
9f67e5de9d dom0: Regenerate appmenus also for TemplateVM in create_appmenus() 2011-07-10 23:39:48 +02:00
Marek Marczykowski
0813f49186 dom0: Clone whitelisted-apps.list with template clone 2011-07-10 23:37:35 +02:00
Marek Marczykowski
817735fc92 dom0: Do not copy obsolete apps-template.templates dir on template clone 2011-07-10 23:36:50 +02:00
Marek Marczykowski
4bab5e8834 dom0: Use appmenu directory template directly from /usr/share/qubes
This allows to use common apps.templates for both AppVM and TemplateVM menu
items.
2011-07-10 23:33:21 +02:00
Marek Marczykowski
1d2680944c dom0: qvm-pci verify PCI device before adding 2011-07-09 23:48:55 +02:00
Marek Marczykowski
87ebdeefd4 dom0: use qrexec_client instead of qvm-run to not start guid
guid doesn't makes sense in /etc/init.d/qubes_netvm
2011-07-09 21:20:36 +02:00
Marek Marczykowski
f6609cb1c4 dom0: minor #252 fix 2011-07-09 20:43:57 +02:00
Marek Marczykowski
7f940cefde dom0: load pciback module (#252) 2011-07-09 20:43:27 +02:00
Marek Marczykowski
3543b0271e dom0: Fix QfileDaemonDvm error message 2011-07-09 17:56:40 +02:00
Marek Marczykowski
973d79e932 dom0: remove calls to not existing *_xen_storage methods in qvm-* 2011-07-09 17:56:06 +02:00
Marek Marczykowski
aa77d13170 dom0: reload firewall rules after DispVM start (#247) 2011-07-09 17:54:23 +02:00
Marek Marczykowski
7e234a4a8d dom0: store dispid in QubesDisposableVm object and generate proper IP (#247) 2011-07-09 17:52:47 +02:00
Marek Marczykowski
ff70ded003 dom0: fix typo in qfile-daemon-dvm 2011-07-09 16:52:55 +02:00
Marek Marczykowski
371fdf5884 Merge branch 'qrexec2' of git://git.qubes-os.org/rafal/core 2011-07-09 16:52:54 +02:00
Marek Marczykowski
202fb0c676 dom0: fix syntax 2011-07-09 00:36:00 +02:00
Marek Marczykowski
3e6bd65b73 Revert "[REMOVEME] Dom0: Add UGLY sleeps hoping they will temporarily prevent the race condition"
This reverts commit 3bd1c700f6.

Conflicts:

	dom0/qvm-core/qubes.py
2011-07-08 21:38:24 +02:00
Marek Marczykowski
3b3929b6a2 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core
Conflicts:
	dom0/qvm-core/qubes.py
2011-07-08 21:37:43 +02:00
Marek Marczykowski
bfe28d5ee6 dom0: Wrap hotplug scripts with flock (#253)
Apparently locking mechanism in xen hotplug scripts isn't working. This is
workaround before it will be fixed in xen...
2011-07-06 23:11:51 +02:00
Rafal Wojtczuk
c80ee3b231 qrexec: allow for more options in the policy files 2011-07-06 18:34:00 +02:00
Rafal Wojtczuk
6366db0ab6 qrexec: adjust updates fetching to the new qrexec api 2011-07-06 14:44:40 +02:00
Rafal Wojtczuk
d46150b8d3 qrexec: adjust appmenu syncing to the new qrexec api 2011-07-06 14:09:36 +02:00
Rafal Wojtczuk
2fdf9761c7 qrexec: adjust DispVM code to the new qrexec API
Note, we have qvm-open-in-vm totally for free.
2011-07-06 12:32:20 +02:00
Rafal Wojtczuk
b7e8c2708c qrexec: adjust intervm file copy code to the new qrexec API 2011-07-06 10:17:58 +02:00
Marek Marczykowski
0de378dafc dom0: automatically bind PCI devices to pciback at VM start (#252) 2011-07-05 22:10:45 +02:00
Marek Marczykowski
5f10e408e0 dom0: stores QubesVm.pcidevs as list (#252)
To easier manage pci devices attached to VM
2011-07-05 22:01:28 +02:00
Marek Marczykowski
82bc4bad0b dom0: always set appmenus_templates_dir for QubesVm
If possible - to reasonable value (vm dir for UpdateableVM or template - for
template-based VM).
2011-07-05 21:26:39 +02:00
Marek Marczykowski
b9e00b2189 dom0: Include default whitelisted-appmenus.list in template (#266) 2011-07-05 21:20:43 +02:00
Marek Marczykowski
d16b6f24f9 dom0: fix cmdline of DispVM guid (#248) 2011-07-02 22:44:49 +02:00
Joanna Rutkowska
3bd1c700f6 [REMOVEME] Dom0: Add UGLY sleeps hoping they will temporarily prevent the race condition 2011-07-02 22:15:43 +02:00
Joanna Rutkowska
fc31161361 Dom0: Fix calling syntax for qrexec_client for updatevm 2011-07-02 22:12:43 +02:00
Marek Marczykowski
4c69dbb7d9 dom0: remove support for netvm=dom0 from init.d/qubes_netvm 2011-07-02 19:22:29 +02:00
Marek Marczykowski
cd7024cad1 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core 2011-07-02 18:49:18 +02:00
Marek Marczykowski
35e18029c1 dom0: use default kernel for new VMs 2011-07-02 18:48:17 +02:00
Joanna Rutkowska
1ef800414a Dom0: qubes.py: honor the verbose flag when printing debuging messages 2011-07-02 13:35:59 +02:00
Joanna Rutkowska
8d926960f5 Dom0: Do not try to load non-existent xen-pciback module...
Load just the pciback, which is how it is named on our kernels, and do not scare the user with weired error messages.
2011-07-02 13:18:11 +02:00
Marek Marczykowski
a1ef7d01ea dom0: Disallow directly setting kernel version for template-based VM 2011-07-02 00:24:37 +02:00
Marek Marczykowski
f447a458f2 dom0+vm: Update VM kernel mechanism (#242)
Get kernel from global kernels dir (/var/lib/qubes/vm-kernels), not per-VM. Can
be configured by qvm-prefs (kernel parameter).
New tool: qvm-set-default-kernel

For backward compatibility kernel=None means kernel in VM dir (kernels subdir).
(possibly empty) modules.img should be created in it.
2011-06-30 01:07:47 +02:00
Marek Marczykowski
f3d908a23b dom0: qvm-sync-appmenus: limit size of retrieved data 2011-06-30 00:56:25 +02:00
Marek Marczykowski
aa18fd2175 dom0: do not require tty in sudo (for /etc/init.d/qubes_netvm start) 2011-06-29 21:22:56 +02:00
Marek Marczykowski
49ac5aa17e dom0: fix leaked file descriptor from qfile-daemon-dvm 2011-06-29 19:32:49 +02:00
Marek Marczykowski
acbc6534bc dom0: Fix uninitialized variable in qubes_restore 2011-06-29 19:24:32 +02:00
Marek Marczykowski
70e73ed710 dom0: qvm-prefs: display VM own root.img path only for non-template based VMs 2011-06-27 21:14:34 +02:00
Marek Marczykowski
9d778d6870 dom0: Use xl tool in qvm-dom0-network-via-netvm 2011-06-27 21:14:34 +02:00
Marek Marczykowski
40c7e32fe9 dom0: Use first FirewallVM as UpdateVM 2011-06-27 21:14:34 +02:00
Marek Marczykowski
c41b60340b dom0: cleanup of qubes_core startup script from xend code 2011-06-27 21:14:24 +02:00
Marek Marczykowski
a0b60af3d6 dom0: Do not use transactions to access xenstore
Unfortunately they aren't reliable... at least for writing ~10 keys at once
from python.
2011-06-25 22:31:22 +02:00
Marek Marczykowski
0f28db380e dom0: QubesVm has no add_to_xen_storage() 2011-06-23 22:03:09 +02:00
Marek Marczykowski
151b15bb8c dom0: Edit xl.conf in %post instead of overriding file (rpm file conflict) 2011-06-23 14:39:17 +02:00
Marek Marczykowski
d9d7a69c27 dom0+vm: Tools for downloading dom0 update by VM (#198)
Mainly 4 parts:
 - scripts for providing rpmdb and yum repos to VM (choosen by qvm-set-updatevm)
 - VM script for downloading updates (qubes_download_dom0_updates.sh)
 - qfile-dom0-unpacker which receive updates, check signatures and place its in dom0 local yum repo
 - qvm-dom0-upgrade which calls all of above and after all yum gpk-update-viewer

Besides qvm-dom0-upgrade, updates are checked every 6h and user is prompted if
want to download it. At dom0 side gpk-update-icon (disabled yet) should notice
new updates in "local" repo.
2011-06-22 00:44:48 +02:00
Marek Marczykowski
6d9fdf4729 dom0: Add shortcut qubes-appmenu-select ("Add more shortcuts...") for each VM (#45) 2011-06-12 01:47:15 +02:00
Marek Marczykowski
b75f89038b dom0: qvm-sync-appmenus output error messages to stderr 2011-06-12 01:47:15 +02:00
Marek Marczykowski
4634a6897c dom0: qvm-sync-appmenus: support for calling by qrexec_client 2011-06-12 00:56:47 +02:00
Marek Marczykowski
a4d1a21b46 dom0: qvm-sync-appmenus - copy *directory.template when needed 2011-06-11 23:09:55 +02:00