Commit Graph

513 Commits

Author SHA1 Message Date
Marek Marczykowski
aa7df98b7e Use half of host memory as maxmem by default. Allow to configure it per VM. 2011-04-29 01:43:41 +02:00
Marek Marczykowski
ac84bbe621 Remove correct lockfile on qubes_setupdvm stop 2011-04-27 23:07:38 +02:00
Marek Marczykowski
98f4028142 Connect vif's to already running VMs on NetVM/ProxyVM startup (#190)
Also cleanup stale vifs using "xm network-detach ... -f"
Fix iptables rules to support not only first vif of VM
2011-04-23 03:05:27 +02:00
Marek Marczykowski
0b66804a7b Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/smoku/core 2011-04-21 23:56:41 +02:00
Marek Marczykowski
50af1d15b3 Catch more exceptions during VM restore (#212) 2011-04-20 20:05:58 +02:00
Tomasz Sterna
5001b7c9d7 Save VM updatable state in qubes_vm_updateable 2011-04-20 01:01:38 +02:00
Marek Marczykowski
8a9bbbfc98 Fix usage info (and args check) for remove_appvm_appmenus.sh (#225) 2011-04-19 18:06:01 +02:00
Marek Marczykowski
e7190d0239 Clean appmenus on template remove (#225) 2011-04-19 17:55:06 +02:00
Marek Marczykowski
ccecb27b5b Use any directory template when creating appmenus (#225) 2011-04-19 16:52:31 +02:00
Marek Marczykowski
6eb39106bb Include appmenus template for TemplateVM when clonning template files (#225) 2011-04-19 16:09:11 +02:00
Marek Marczykowski
067165e030 Link to icon on template clone (#225) 2011-04-19 15:56:00 +02:00
Marek Marczykowski
1e53115eab Create appmenus not only for AppVM (#225)
Needed also by TemplateVM, and maybe others (service VMs)
For TemplateVM uses separate appmenus template (apps-template.templates).
2011-04-19 15:54:36 +02:00
Marek Marczykowski
ae661a6148 Down net ifaces on suspend (#146)
NetworkManager stop isn't enough
2011-04-19 12:53:57 +02:00
Marek Marczykowski
1e923e3cb5 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core 2011-04-19 09:32:45 +02:00
Marek Marczykowski
860bab5662 Rename xenstore-watch to xenstore-watch-qubes
Xen 4.1.0 provides own xenstore-watch with diffrent args. We can't use it by
default, because we still support xen 3.4.
2011-04-19 01:38:07 +02:00
Marek Marczykowski
3f310e5f3e Adopt vchan to xen-libs-4.1.0 API.
Add #ifdefs to support new and old API
2011-04-19 01:21:48 +02:00
Joanna Rutkowska
ce7fa7474f vaio_fixes: pass special option to snd-hda-intel module (required to get sound on Vaio Z) 2011-04-11 11:35:25 +02:00
Joanna Rutkowska
cc83e31047 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2011-04-10 22:52:07 +02:00
Marek Marczykowski
8dc50df12b Missing vm name in message 2011-04-10 21:49:13 +02:00
Rafal Wojtczuk
7b43755f33 qfile-daemon-dvm: increase timeout of tray notification 2011-04-10 15:39:35 +02:00
Rafal Wojtczuk
e6cc7b84d8 qubes_setupdvm: preserve mtime of the default savefile copy in shm
Otherwise, if the savefile is stale, we would use it instead of
recreating.
2011-04-10 15:18:17 +02:00
Joanna Rutkowska
1d97d1bd0f Don't create DispVM savefile in initd script 2011-04-08 23:00:10 +02:00
Joanna Rutkowska
b9f6962716 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2011-04-08 22:50:57 +02:00
Marek Marczykowski
4ae804b3ec Wait for qubes-session initialization before executing GUI application (#208) 2011-04-08 22:35:31 +02:00
Marek Marczykowski
0dc4fb929e Backup kernel+initrd of StandaloneVM (#213) 2011-04-08 20:03:38 +02:00
Joanna Rutkowska
304c27313a qubes.py: handle nicely situation when create_appmenus exits with error 2011-04-08 16:00:14 +02:00
Joanna Rutkowska
670f034ee9 Igonre the 'run as root' warning for qvm-create-default-dvm 2011-04-08 11:03:00 +02:00
Joanna Rutkowska
f6d4f86edc Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core
Conflicts:
	rpm_spec/core-dom0.spec
2011-04-07 19:39:42 +02:00
Joanna Rutkowska
7097cfa2ac Add explanations why we don't isolate root from user in VMs and in Dom0 2011-04-07 19:38:02 +02:00
Marek Marczykowski
a610ec51d0 Automaticaly start qubes_guid for all VMs when user logon
This is needed ex for NetVM, which is started without qubes_guid
2011-04-07 19:23:23 +02:00
Joanna Rutkowska
2230e67a39 Optional package with suspend fixes for Vaio Z laptops 2011-04-07 13:34:17 +02:00
Marek Marczykowski
e9c6dc387e Fixed getting VMs connected to NetVM (#172) 2011-04-07 10:42:24 +02:00
Marek Marczykowski
086f2720df Add missing import (#200) 2011-04-06 23:55:16 +02:00
Marek Marczykowski
c569d4070e Warning the user if calling qvm-{create,remove} as root (#200) 2011-04-06 23:52:39 +02:00
Marek Marczykowski
d1abb37a5f Do not fail if cannot remove VM from xen store just before adding it again (#204) 2011-04-06 23:30:14 +02:00
Joanna Rutkowska
d01489b486 Use 200MB by default for NetVM and ProxyVM 2011-04-06 13:34:03 +02:00
Joanna Rutkowska
102d5735e7 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2011-04-06 10:40:51 +02:00
Marek Marczykowski
d4e80e7984 Deny inter-VM traffic in ProxyVM 2011-04-06 10:32:20 +02:00
Joanna Rutkowska
c80a1c18ac Add qubes group to suders that can do everything
(The file in /etc/sudoers.d/ cannot have '.' in its name!)
2011-04-05 18:01:03 +02:00
Joanna Rutkowska
a7ac3a089c Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2011-04-05 14:41:52 +02:00
Marek Marczykowski
c8acca0eb6 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core
Conflicts:
	dom0/qvm-core/qubes.py
2011-04-05 14:39:40 +02:00
Marek Marczykowski
ffaa518c5a Fix checking if there is AppVMs based on template (#154) 2011-04-05 14:33:51 +02:00
Joanna Rutkowska
cc5d0e016d Use priority 8x for qubes services, allowing for more flexibility 2011-04-05 14:31:19 +02:00
Joanna Rutkowska
97ca67c974 Merge branch 'spring-merge' of git.qubes-os.org:/var/lib/qubes/git/rafal/core 2011-04-05 14:24:52 +02:00
Marek Marczykowski
c2498a33e2 Uninstall appmenus only if present in VM dir (#192) 2011-04-05 11:58:21 +02:00
Rafal Wojtczuk
37e06d19e4 qmemman: handle requests for small pieces correctly
There seems to be a problem with xm mem-set, when executed for a value
very close to the current value - the request is ignored; apparently, the
domU kernel imposes some granularity on the request size.
So, if qmemman is asked for, say 470MB, and there is 469MB free, it will try
to milk 1MB from all domains - and this will fail. REQ_SAFETY_NET_FACTOR
does not help in this scenario.
The logs show
req= 1110016 avail= 2503727104.0 donors [('11', 194375270.40000001),...
borrow 90484.1597129 from 11 - so, beg for 90K from a domain
borrow 132239.288652 from 10
borrow 537099.316089 from 0
borrow 148004.024941 from 7
borrow 139834.21573 from 9
borrow 117855.794876 from 8
and then we fail when a domain does not provide this lousy 90KB.

The solution is to ask for actual_need+XEN_FREE_MEM_LEFT, but return if we already
have actual_need+XEN_FREE_MEM_MIN (the latter is 25MB smaller).
2011-04-05 10:52:53 +02:00
Marek Marczykowski
449bcb09ac Don't remove VM dir, when qvm-create failed
It can contain user data (copied here by hand)
2011-04-05 00:12:32 +02:00
Marek Marczykowski
1b0f198999 Don't pause AppVMs when connecting network to dom0
There is no point in this, because we have firewall in NetVM. If someone
compromise NetVM to controll firewall, he could also reach dom0 by network.
2011-04-04 20:02:07 +02:00
Marek Marczykowski
2aec07dd60 Store VM collection connected to NetVM 2011-04-04 19:08:40 +02:00
Joanna Rutkowska
a88e104b6e Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2011-04-04 18:47:08 +02:00
Marek Marczykowski
a6d079594b Don't set template on StandaloneVM - only use it when copying template files (#189) 2011-04-04 18:41:02 +02:00
Rafal Wojtczuk
02514b1347 If the firewall rules file does not exist, assume ALLOW (#188)
So that newly created appvms have net access.
2011-04-04 17:07:46 +02:00
Joanna Rutkowska
b779fadda6 Revert "Start qrexec daemon when VM is running (but qrexec not)"
This functionality has already been implemented by:

d6bdb85883

This reverts commit 97403a8e45.
2011-04-04 09:35:48 +02:00
Joanna Rutkowska
3f31a5f3a7 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2011-04-04 09:33:31 +02:00
Marek Marczykowski
c10f7ef70b Add missing coma (#155) 2011-04-04 00:08:24 +02:00
Marek Marczykowski
398734dad2 Internal VMs (hidden in qubes-manager, menus etc) - used for DispVM template (#155) 2011-04-03 17:47:20 +02:00
Marek Marczykowski
fa703c536f Generate firewall rules only for VMs connected to this firewall (#158) 2011-04-03 01:54:04 +02:00
Marek Marczykowski
ab244d803f Detect if VMs is outdated (#168)
If so - VMs restart is required to see latest template changes.
2011-04-02 02:11:41 +02:00
Marek Marczykowski
5e3b3fe922 Store and load from qubes.xml memory, vcpus and pcidevs
Needed to recreate correct xen config files (ex after template package upgrade)
2011-04-02 00:37:38 +02:00
Marek Marczykowski
e22f303f79 Warn user when restoring backup as root (#159) 2011-04-01 02:11:40 +02:00
Marek Marczykowski
136a65e0be Fix indentation - duplicate VMs warning message (#159) 2011-04-01 02:10:50 +02:00
Marek Marczykowski
156778fcd7 Set template field before check its correctness.
Backup from Aplha3 with updateable VMs contains case, when updateable VM have template.
So set this template (to make qvm-backup-restore working), but give error message.

Also fix typo.
2011-04-01 02:06:22 +02:00
Marek Marczykowski
97403a8e45 Start qrexec daemon when VM is running (but qrexec not)
This takes place ex. when VM started from qubes-manager.
There is little sense in implementing full start procedure in every qubes tool,
so start it here, not in qubes-manager.
2011-04-01 01:23:57 +02:00
Marek Marczykowski
f0716c2498 Setup firewall for every VM with FW configuration (no only AppVM) (#167) 2011-04-01 01:17:38 +02:00
Marek Marczykowski
97393c54a5 Really block 'updateable' flag change 2011-04-01 01:17:18 +02:00
Marek Marczykowski
1f5c03da3f Remove QubesCowVm class
StandaloneVM isn't really CowVM; also most AppVM/CowVM features applies also to TemplateVM.
So CowVM class is meaningless.
2011-04-01 01:14:18 +02:00
Rafal Wojtczuk
d6bdb85883 Start qrexec_daemon in vm.start()
Instead of three separate places - qvm-start, qvm-run, manager.
2011-03-31 11:11:39 +02:00
Rafal Wojtczuk
5978f7a724 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core into spring-merge 2011-03-31 09:44:30 +02:00
Marek Marczykowski
3a5cc0cc21 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core 2011-03-31 02:51:34 +02:00
Marek Marczykowski
ece8cfa9f0 Show output from resize2fs, when running it in AppVM (#5) 2011-03-31 02:40:45 +02:00
Marek Marczykowski
6273c42faf Recursive stop VMs, when stopping NetVM (#172)
Dependency resolving in qvm-core, recursive stopping only in qvm-run for now.
2011-03-31 02:35:02 +02:00
Marek Marczykowski
01ef2aff9e Wait for device size change, before resize2fs (#5) 2011-03-31 00:44:58 +02:00
Marek Marczykowski
212fd13957 Stop only NM on suspend. (#146)
Also remove ip_forward setting from sysctl, so NM will not reset it on restart
2011-03-31 00:19:41 +02:00
Joanna Rutkowska
23f4806c7d Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2011-03-29 13:25:07 +02:00
Marek Marczykowski
464337a24e Ignore exit status from netvm pm-scripts (#146) 2011-03-29 12:22:31 +02:00
Marek Marczykowski
2bcbc1742e Run pm-utils scripts in netvm on suspend (#146) 2011-03-29 12:20:50 +02:00
Rafal Wojtczuk
50af4bd8a0 qfile-daemon-dvm: lock around possible savefile recreate 2011-03-28 17:39:21 +02:00
Rafal Wojtczuk
df9549a7db Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/smoku/core into spring-merge 2011-03-28 17:28:24 +02:00
Tomasz Sterna
04a6b01b1b Do not allow NEW connection to VM through ProxyVM. #136 2011-03-27 17:24:17 +02:00
Marek Marczykowski
0d52b037f1 Changed network addresses to 10.137.0.0/16 (#73)
Also limit qid to 254 - should be enough and fits in one byte (in IP address)
2011-03-27 12:58:38 +02:00
Tomasz Sterna
efcff5cc3a Added plymouth progress handling to qubes_setupdvm init script. 2011-03-26 11:33:04 +01:00
Tomasz Sterna
5efee35654 Fix ownership and rights when creating DVM during boot. 2011-03-26 11:33:04 +01:00
Tomasz Sterna
e2d9673713 Fixed qubes_setupdvm whitespace. 2011-03-26 11:33:04 +01:00
Marek Marczykowski
14f0141214 Fix to long label for standalone VM 2011-03-24 21:56:59 -04:00
Marek Marczykowski
f2567cbf71 Check if template_vm is set when recreating config files (#131) 2011-03-24 21:44:07 -04:00
Marek Marczykowski
24b5c24c25 create_appmenus() on standalone VM -> only register existing apps in menu
Needed for example on backup-restore
2011-03-24 21:41:10 -04:00
Marek Marczykowski
9aa5638dcf Create template_vm property in every VM (defaults to None)
Simplify template based VM detection.
2011-03-24 21:39:13 -04:00
Marek Marczykowski
7dca7a5a32 Support for backup standalone VMs (add root.img, apps/); add firewall.xml to backup 2011-03-24 21:37:30 -04:00
Marek Marczykowski
8bdbed7bb8 Fix error handling in qvm-backup-restore 2011-03-24 21:35:46 -04:00
Marek Marczykowski
4723b9e2ef Template name change option, reset config files, standalone vm restore (#103)
Recreate config file when requested but also when template name changed.
Restore full AppVM dir from backup - not only selected files.
2011-03-24 21:34:04 -04:00
Marek Marczykowski
d87265851c Merge branch 'spring-merge' of ssh://git.qubes-os.org/var/lib/qubes/git/rafal/core 2011-03-24 16:43:13 -04:00
Rafal Wojtczuk
57fd6c49bb Removed obsolete code, dom0 side
Just like the previous commit, it is related to switch to
qrexec-based file copy.
2011-03-24 17:18:10 +01:00
Rafal Wojtczuk
fcfc1c498d Change permissions on Dispvm template files only if we are root
Otherwise, it makes no sense, and thus we do not unnecessarily
warn.
2011-03-24 16:57:43 +01:00
Rafal Wojtczuk
4401c5a2cb Limit Dispvm to 1 vcpu
Because a restored domain with multiple cpus, ehrrm, hardly works,
at least with current Xen+kernel combination.
2011-03-24 16:53:40 +01:00
Marek Marczykowski
7f94cf2709 Merge branch 'spring-merge' of ssh://git.qubes-os.org/var/lib/qubes/git/rafal/core into spring-merge 2011-03-23 19:45:59 -04:00
Marek Marczykowski
0962eab45a Cmdline tool to grow private.img (#5) 2011-03-23 19:41:58 -04:00
Rafal Wojtczuk
25f49bca18 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core into spring-merge 2011-03-23 16:47:05 +01:00
Rafal Wojtczuk
f9b9b1ade6 qvm-create-default-dvm: fix permissions after creating savefile
So, savefile.img and netvm_id.txt are correctly owned as well.
2011-03-23 13:40:28 +01:00
Rafal Wojtczuk
a1f8cd9071 When creating disposablevm object, pass non-None dirpath
QubesVm constructor does not like it.
2011-03-23 13:26:39 +01:00
Marek Marczykowski
46190b9d82 Copy kernel for standalone VM 2011-03-23 09:59:59 +01:00
Rafal Wojtczuk
a814b522b9 Fix permissions on the dvm template directory.
Needed in case default_template-dvm VM was created in init
scripts, and files are not writeble by group qubes.
2011-03-23 09:36:30 +01:00
Rafal Wojtczuk
4e78284e4f block.qubes: pass arguments correctly to other scripts 2011-03-23 09:31:44 +01:00
Rafal Wojtczuk
105486135b Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/smoku/core into spring-merge 2011-03-23 09:23:38 +01:00
Tomasz Sterna
481e9871c4 Implemented implicit rule to allow ICMP traffic in firewall 2011-03-21 22:06:53 +01:00
Rafal Wojtczuk
488eda21d9 Merge branch 'blockless' into spring-merge
Conflicts:
	appvm/Makefile
	appvm/qubes_core
	netvm/qubes_core
	rpm_spec/core-appvm.spec
	rpm_spec/core-netvm.spec
2011-03-21 13:54:35 +01:00
Marek Marczykowski
a5a43cdbc7 Fix missing arg to reset_volatile_storage (#118)
And do not call it twice...
2011-03-19 17:05:53 -04:00
Marek Marczykowski
bc383b692d Use clean-volatile.img.tar instead of unpacked one (#118)
"tar x" is much faster than cp on sparse file
2011-03-19 17:05:00 -04:00
Marek Marczykowski
a6ee9d66f5 qvm-backup-{,restore} - support for standalone VMs
Backup root.img instead of (non-existing) root-cow.img
2011-03-18 22:24:08 -04:00
Marek Marczykowski
c461835ea7 Dont allow to change disable 'updateable' flag of standalone VM 2011-03-18 22:19:03 -04:00
Marek Marczykowski
ee28ca10d4 Indent, blank lines 2011-03-18 22:18:31 -04:00
Marek Marczykowski
823bd1ce0f Use common image for swap and root-cow - volatile.img (#118)
This reduces xvd* devices count, so speeds up VM start.
Also swap-cow is no longer needed, so remove this additional dm-snapshot layer.
2011-03-18 22:15:32 -04:00
Tomasz Sterna
aa58bec1d9 Fixed default policy handling in firewall rules 2011-03-18 14:12:19 +01:00
Marek Marczykowski
33e7ee3623 Reduce duplicated code in qubes.xml load
Parse common attrs in separate function.
Side effect: possibility to set custom TemplateVM label
2011-03-16 20:40:15 -04:00
Marek Marczykowski
bef1ea4c92 Reduce duplicated code in create_xml_entries 2011-03-16 19:42:01 -04:00
Marek Marczykowski
4e68c4cde9 Standalone VM (#98)
'updateable' property is now read-onlyr; updateable=True means that VM has own
root.img, not persistent root-cow.img.
2011-03-16 18:45:02 -04:00
Marek Marczykowski
ef6a3e576b Parse tags %MEM% and %VCPUS% in {app,net}vm-template.conf (#115) 2011-03-16 13:39:54 -04:00
Marek Marczykowski
379a5620c8 Fix netvm creation from template
Missing netvms_conf_file parameter in template
2011-03-16 13:38:16 -04:00
Marek Marczykowski
2b78538376 Merge git://git.qubes-os.org/joanna/core 2011-03-16 11:29:55 -04:00
Marek Marczykowski
5e2dd1c6ce Revert "Do not add new vm to xen storage in qvm-create - it is done by core"
This reverts commit 72ddb5aae1.
2011-03-16 11:44:25 +01:00
Marek Marczykowski
72ddb5aae1 Do not add new vm to xen storage in qvm-create - it is done by core 2011-03-16 11:41:18 +01:00
Marek Marczykowski
5acc4610b4 Allow installed_by_rpm=False in NetVM and ProxyVM 2011-03-16 11:41:18 +01:00
Marek Marczykowski
7dbe6e1731 Create NetVM xen config from separate template (netvm-template.conf) 2011-03-16 11:41:18 +01:00
Joanna Rutkowska
fa7e13c602 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2011-03-15 22:57:27 +01:00
Marek Marczykowski
63b06516b7 Do not add new vm to xen storage in qvm-create - it is done by core 2011-03-15 18:51:31 +01:00
Marek Marczykowski
14c48f5253 Merge commit '00ba6dd5b7441cf10f87f527f4ac7eb459cb0a08' 2011-03-15 18:33:01 +01:00
Marek Marczykowski
993d34e7d5 Allow labels for NetVM/ProxyVM. Require it in qvm-create. 2011-03-15 18:28:28 +01:00
Joanna Rutkowska
5e1a808648 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2011-03-15 18:16:33 +01:00
Marek Marczykowski
588f4b91c8 Fix Firewall -> Proxy... 2011-03-15 17:40:23 +01:00
Rafal Wojtczuk
8ce0e0f39b Fixed permissions of qfile-daemon 2011-03-15 16:48:17 +01:00
Rafal Wojtczuk
84b1a186ff Added qfile-unpacker and qfile-daemon 2011-03-15 16:43:43 +01:00
Joanna Rutkowska
f83daa49f9 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/smoku/core 2011-03-14 22:44:04 +01:00
Tomasz Sterna
d82001819d Properly call QubesProxyVm superclass 2011-03-14 20:57:08 +01:00
Tomasz Sterna
00ba6dd5b7 Properly find root netvm in netvm chain 2011-03-14 20:44:17 +01:00
Tomasz Sterna
c92a2bf25f Properly create default firewall configuration 2011-03-14 20:43:56 +01:00
Joanna Rutkowska
b8d98403ff Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2011-03-14 13:15:48 +01:00
Rafal Wojtczuk
5d3c43e4fa created qfile-daemon-dvm
Mostly code from qfilexchgd; it will be removed soon.
2011-03-14 10:43:09 +01:00
Marek Marczykowski
d6181d21cf Merge commit 'e2d52a27e810522c41720bb17b1f4f52f1fe2e6a'
Conflicts:
	dom0/qvm-core/qubes.py
	fwvm/init.d/qubes_firewall
2011-03-11 23:32:13 +01:00
Marek Marczykowski
65a758029e Revert "Requiest external_ip permission at start, not create"
This reverts commit 53b8e5aacf.
2011-03-11 23:21:23 +01:00
Tomasz Sterna
dc8325f564 Use DNS IPs in firewall rules 2011-03-11 19:39:26 +01:00
Marek Marczykowski
2a72b293c4 ProxyVM type in qvm-ls 2011-03-11 02:44:11 +01:00
Marek Marczykowski
53b8e5aacf Requiest external_ip permission at start, not create 2011-03-11 02:22:26 +01:00
Marek Marczykowski
344b257d87 Missing coma 2011-03-11 02:12:23 +01:00
Marek Marczykowski
48613fb911 Check if netvm is set for ProxyVM before using it... 2011-03-11 02:11:05 +01:00
Marek Marczykowski
41800eb879 Store default_fw_netvm in qubes.xml 2011-03-11 02:10:51 +01:00
Marek Marczykowski
5c2e676fa1 Set netvm reference only after NetVMs/ProxyVMs load - ProxyVM 2011-03-11 02:00:42 +01:00
Marek Marczykowski
a3d8778841 arameters for add_new_*, variables loaded from qubes.xml
Cow based VMs doesn't have root_img param, but private_img.
2011-03-11 01:59:56 +01:00
Marek Marczykowski
8928e55215 Swap COW for all CowVMs, not only AppVM 2011-03-11 01:55:29 +01:00
Marek Marczykowski
3043a391e0 'templete' typo again 2011-03-11 01:52:09 +01:00
Marek Marczykowski
969b14b5ed qvm-create: support for netvm and proxyvm
Move PCI config from qvm-add-netvm to qvm-core.
Remove qvm-add-netvm as useless when netvm is template-based
2011-03-11 01:48:27 +01:00
Marek Marczykowski
c7a832a279 NetVM, AppVM, ProxyVM from single template - VM side
Modify VM packages to:
- do not conflicts
- starts services if its VM type need it

Added core-proxyvm (firewall) and core-commonvm (common parts) packages.
2011-03-11 01:38:04 +01:00
Marek Marczykowski
4c14652245 Add preparing_dvm param to TemplateVM.start (to start it as any other VM) 2011-03-10 17:24:56 +01:00
Marek Marczykowski
9895665f2c fwvm -> proxyvm rename fix 2011-03-10 16:16:39 +01:00
Marek Marczykowski
a21e0d37c6 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/smoku/core
Conflicts:
	dom0/qvm-core/qubes.py
2011-03-10 16:05:48 +01:00
Marek Marczykowski
a10abc5c9d Merge tag 'smk_a8cef51b' of ssh://git.qubes-os.org/var/lib/qubes/git/smoku/core
Conflicts:
	dom0/qvm-core/qubes.py
	dom0/qvm-tools/qvm-ls
2011-03-10 14:14:48 +01:00
Tomasz Sterna
ae2d170a7e Fixed external_ip permissions setting and netvm_domid entry handling. 2011-03-10 13:38:49 +01:00
Tomasz Sterna
afbdfe8ae4 Store netvm domid in FwVM. 2011-03-09 20:38:29 +01:00
Tomasz Sterna
58a4b4c82b Implemented qubes_netvm_external_ip feature. 2011-03-09 20:38:29 +01:00
Tomasz Sterna
87ff30fe26 Fixed xenstore-chmod call syntax 2011-03-09 19:47:08 +01:00
Tomasz Sterna
6ad91617a7 Store the state of FwVM rules 2011-03-09 18:07:22 +01:00
Tomasz Sterna
fd8ecca9bd Create qubes_iptables_error xenstore file in FwVM and set its permissions. 2011-03-09 17:51:05 +01:00
Tomasz Sterna
ca81f0103d Update firewall rules on VM start 2011-03-09 17:51:05 +01:00
Marek Marczykowski
1914854e88 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/marmarek/core
Conflicts:
	dom0/qvm-core/qubes.py
	dom0/qvm-tools/qvm-prefs
	dom0/qvm-tools/qvm-template-commit
2011-03-09 17:23:32 +01:00
Marek Marczykowski
e35fccef35 Fix AppVm constructior 2011-03-09 15:24:54 +01:00
Rafal Wojtczuk
a7cc09071f Make qubes_restore rexec-aware. 2011-03-08 13:03:55 +01:00
Rafal Wojtczuk
eb7821771e In qvm-start, check $DISPLAY existence, too. 2011-03-07 16:05:36 +01:00
Rafal Wojtczuk
62d0127647 Integrate qrexec with qvm-run. 2011-03-07 15:58:04 +01:00
Marek Marczykowski
c1bd86142c NetVM and ProxyVM based on template: part 1 (core) 2011-03-06 17:06:45 +01:00
Marek Marczykowski
13c3a04755 Fix typo 'templete' 2011-03-06 14:06:24 +01:00
Tomasz Sterna
e9bd19299f Update firewall iptables file during VM start 2011-03-06 14:06:24 +01:00
Tomasz Sterna
f33fcff372 Implemented iptables rules file generator 2011-03-06 14:06:24 +01:00
Tomasz Sterna
0c1b6ca4b0 Store firewal rules in Python data structure 2011-03-06 14:06:24 +01:00
Tomasz Sterna
aa536fdbda Properly set FwVM xenstore files 2011-03-06 14:06:24 +01:00
Tomasz Sterna
bd05975a53 Removed trailing whitespace 2011-03-06 14:06:24 +01:00
Tomasz Sterna
8e465a13b5 Implemented firewall_conf storage 2011-03-06 14:06:24 +01:00
Tomasz Sterna
026a109d1f Fixed setting netvm of FWVM 2011-03-06 14:06:24 +01:00
Tomasz Sterna
60caf9af7f Refactored QubesVm.is_*vm() methods 2011-03-06 14:06:24 +01:00
Tomasz Sterna
cba89a8747 Show FirewallVMs in qvm-ls 2011-03-06 14:06:24 +01:00
Tomasz Sterna
d207ecacea Implemented QubesFirewallVm subclass of QubesNetVm 2011-03-06 14:06:24 +01:00
Marek Marczykowski
24c0778154 gitignore files - add build products 2011-03-06 14:06:24 +01:00
Marek Marczykowski
b778fa3210 Add typo in qvm-template-commit
As in original classes...
2011-03-06 14:06:24 +01:00
Marek Marczykowski
14aaccbc5f Update TemplateVM with running AppVM: part 2
- support for template modify in qvm-core
- tool for commit changes to template
2011-03-06 14:06:15 +01:00
Rafal Wojtczuk
d6f327492d Start qrexec daemon and agent 2011-03-04 17:19:51 +01:00
Tomasz Sterna
a8cef51b67 Use new, simplified firewall rules data scheme 2011-03-03 22:40:36 +01:00
Tomasz Sterna
0a8249d83f Update firewall iptables file during VM start 2011-03-02 15:04:11 +01:00
Tomasz Sterna
45f84b1713 Implemented iptables rules file generator 2011-03-02 15:03:21 +01:00
Tomasz Sterna
6083384e6d Store firewal rules in Python data structure 2011-03-02 15:02:46 +01:00
Tomasz Sterna
353f04e186 Properly set FwVM xenstore files 2011-03-02 15:01:30 +01:00
Tomasz Sterna
d758eb8258 Removed trailing whitespace 2011-03-02 15:00:19 +01:00
Marek Marczykowski
c3bf11062f gitignore files - add build products 2011-03-02 11:58:22 +01:00
Marek Marczykowski
143f1519a8 Add typo in qvm-template-commit
As in original classes...
2011-03-02 11:52:19 +01:00
Marek Marczykowski
6db640dbfe Update TemplateVM with running AppVM: part 2
- support for template modify in qvm-core
- tool for commit changes to template
2011-03-02 11:33:22 +01:00
Tomasz Sterna
a450e51126 Implemented firewall_conf storage 2011-02-21 18:13:27 +01:00
Tomasz Sterna
a088e14244 Fixed setting netvm of FWVM 2011-02-11 00:34:46 +01:00
Tomasz Sterna
053ca36ca8 Refactored QubesVm.is_*vm() methods 2011-02-11 00:34:46 +01:00
Tomasz Sterna
4297c1284a Show FirewallVMs in qvm-ls 2011-02-09 21:21:41 +01:00
Tomasz Sterna
8c82361f5e Implemented QubesFirewallVm subclass of QubesNetVm 2011-02-09 21:21:14 +01:00
Joanna Rutkowska
a5c4a1626e qvm-backup-restore: support for --skip-conflicting option 2010-12-18 07:25:47 +01:00
Joanna Rutkowska
751e0b380a qvm-backup: support --exclude option 2010-11-28 16:30:26 +01:00
Rafal Wojtczuk
1fccf9c309 Use delayed_transaction_seq from sender, not receiver.
Apparently, qvm-copy-to-vm when receiver already has an incoming pendrive
worked only by coincidence.
2010-10-28 12:39:03 +02:00
Rafal Wojtczuk
7c1babe8aa Do not error when qvm-get-default-netvm returns empty string.
It happens when installing qubes-core-dom0 for the first time.
2010-10-06 10:55:32 +02:00
Joanna Rutkowska
18dc0b67c7 dom0: do not do mem-set for dom0 in init.d/qubes_core 2010-10-04 15:20:41 +02:00
Joanna Rutkowska
e91ee0acb3 dom0 init.d/qubes_core: kill some processes on stop() 2010-10-04 15:20:09 +02:00
Rafal Wojtczuk
862bd1f11c DVM: do not mem-set 400
qmemman will do the job automagically.
2010-09-30 18:26:35 +02:00
Rafal Wojtczuk
28fbb48845 Attach/detach pci devices from netvm upon resume/suspend 2010-09-30 18:22:26 +02:00
Rafal Wojtczuk
ece96ba3fb Make qfilexchgd listen for change in /vm to detect vm start/stop
... instead of watching /local/domain, which changes whenever meminfo-wwriter
pushes data.
2010-09-27 17:42:34 +02:00
Rafal Wojtczuk
90e3f4ffd8 Add reset_vm_configs.py script 2010-09-27 16:58:02 +02:00
Rafal Wojtczuk
2244ea95bf Separate create_config_file() function in qubes.py 2010-09-27 16:53:17 +02:00
Joanna Rutkowska
ba59ac733e Merge branch 'qmemman' of git://qubes-os.org/rafal/core
Conflicts:
	dom0/qvm-core/qubes.py
2010-09-23 12:31:25 +02:00
Rafal Wojtczuk
11eafede31 Make qubes_prepare_saved_domain.sh output less scary for [normal] users 2010-09-22 11:15:22 +02:00
Rafal Wojtczuk
0217dba40e Completed dvm->setupdvm name transition 2010-09-22 10:24:57 +02:00
Rafal Wojtczuk
7aa55affcf renamed: qubes_dvm -> qubes_setupdvm 2010-09-22 10:22:45 +02:00
Rafal Wojtczuk
2a4abafd1b Removed empty function from qubes_dvm 2010-09-22 10:21:54 +02:00
Rafal Wojtczuk
4e067aa503 Slightly change the savefile update notification message. 2010-09-21 22:28:14 +02:00
Rafal Wojtczuk
c0656720ab DVM: if needed, qfileexchgd will recreate DVM savefile
It would be nice to have some progress notification, as dvm setup is
slow.
2010-09-21 22:23:38 +02:00
Rafal Wojtczuk
e13e5027c3 qubes_dvm init.d script
We want to set up a default dvm if needed at boot time; for this,
the default netvm must have been already started. Therefore, we
need a qubes_dvm script, that executes after qubes_netvm.
2010-09-21 21:46:11 +02:00
Rafal Wojtczuk
c22a6ebb84 DVM: make qvm-get-default-template use the default template, if asked
Via options --default-template and --default-script
2010-09-21 18:40:15 +02:00
Rafal Wojtczuk
c0cac005ec Tiny logging fix in qfileexchgd
...that is impossible to happen, naturally.
2010-09-21 16:00:40 +02:00
Rafal Wojtczuk
ca1122cd6a Add QubesDisposableVm and use class 2010-09-21 15:59:22 +02:00
Rafal Wojtczuk
6afdffa96f qvm-dom0-network-via-netvm script (ticket #20) 2010-09-21 13:36:46 +02:00
Rafal Wojtczuk
885d747272 qmmemman: force static_memory_max to be as much as total RAM
Not including netvm, it causes some issues with it.
2010-09-20 11:24:56 +02:00
Joanna Rutkowska
4e7ce5f90c qubes.py: another small fix to QubesHost :) 2010-09-16 20:11:35 +02:00
Joanna Rutkowska
8292c25713 Merge branch 'qmemman' of git://qubes-os.org/rafal/core 2010-09-16 20:01:40 +02:00
Joanna Rutkowska
157a18c244 qubes.py: a small fix to QubesHost 2010-09-16 18:47:05 +02:00
Joanna Rutkowska
268789fc4c dom0/qvm-core/qubes.py: added QubesHost class 2010-09-16 17:52:52 +02:00
Rafal Wojtczuk
c411519220 qmemman: do not trim the mem-set value too much
We used to mem-set the domain to 0.995*calculated_value; 5 promils of 4GB
is ca 19MB, and it is too visible. Use 0.999 instead of 0.995
2010-09-16 16:40:09 +02:00
Rafal Wojtczuk
eea01fba3b qmemman: in is_balance_req_significant(), account for Xen free memory 2010-09-16 16:00:07 +02:00
Rafal Wojtczuk
e476531b0e Leave XEN_FREE_MEM_LEFT of Xen free memory.
Needed for driver domain, to be able to get contiguous memory for
its drivers.
2010-09-16 15:57:11 +02:00
Joanna Rutkowska
0f1700ef3d Merge branch 'comment1' of git://qubes-os.org/rafal/core
Conflicts:
	dom0/restore/qubes_restore.c
2010-09-16 15:55:35 +02:00
Joanna Rutkowska
70f8a7401c Make 'make clean' clean all the object files 2010-09-15 15:36:04 +02:00
Joanna Rutkowska
9b8c018bc2 Merge branch 'qmemman' of git://qubes-os.org/rafal/core 2010-09-13 15:05:13 +02:00
Rafal Wojtczuk
0c1f21a28e qmemman: when a AppVM is low on memory, allow small adjustments
A small AppVM (say, with 100MB total) can go below prefmem, and
still not be assigned memory, because of the MIN_TOTAL_MEMORY_TRANSFER
threshold.
So, if AppVM is below prefmem, allow for smaller mem-sets.
2010-09-10 11:35:30 +02:00
Rafal Wojtczuk
f6e3607d2d qmemman: offload some processing to meminfo-writer
Make meminfo-writer compute used memory, and report to qmemman only if
it has changed significantly enough. As it is written in C, its code is
much faster that qmemman-server; also in the idle case, it saves on xenstore
communication overhead. Allows to send updates up to 10 times per second,
with CPU load on the VM below 0.1%.
2010-09-09 17:51:53 +02:00
Rafal Wojtczuk
51e14fc8bb qmemman: trigger do_balance() on receiving /proc/meminfo data 2010-09-09 12:36:18 +02:00
Rafal Wojtczuk
f4e46b63a4 qmemman: in client code, set FD_CLOEXEC on qmmemman.socket 2010-09-09 12:33:48 +02:00
Rafal Wojtczuk
7545789a26 qmemman: now parse_meminfo takes a single argument 2010-09-09 11:30:02 +02:00
Rafal Wojtczuk
9c609a23bf qmemman: move /proc/meminfo parsing to qmemman_algo
Just cosmetics, to make code layout more coherent.
2010-09-09 11:24:04 +02:00
Rafal Wojtczuk
24b3baf063 qmemman: use 'Memtotal' from /proc/meminfo to calculate used memory
Previously, memory_actual (retrieved from xen) was used; it can be inconsistent.
'Memtotal' can be spoofed, but anyway we rely on other fields from /proc/meminfo.
2010-09-09 11:08:20 +02:00
Rafal Wojtczuk
5a33ed71ce qmemman: use the fact that balloon driver retries
Apparently even if there is not enough xen memory to balloon up,
balloon driver will try to fulfill the request later, when
some memory is freed. Thus, in do_balloon, do not limit mem_set
to the available memory.
2010-09-09 10:36:13 +02:00
Rafal Wojtczuk
87d1e973c7 qmemman: print balance stats only when updating 2010-09-09 10:29:35 +02:00
Rafal Wojtczuk
8d377d19dc DVM: added missing fix_savefile_all 2010-09-07 17:45:52 +02:00
Rafal Wojtczuk
6472e8c926 DVM: fix savefile to contain ip address
needed for routed networking
2010-09-07 17:36:28 +02:00
Rafal Wojtczuk
2dd9bab23a DVM: add --dvm option to qvm-start
Currently it only forces to use a fake IP address, which can be
replaced during restore time.
2010-09-07 16:15:24 +02:00
Rafal Wojtczuk
5be12f8459 qmemman: switch off memory balancing when doing xm save
Apparently, it interferes:
INFO (XendCheckpoint:417) ERROR Internal error: Could not get vcpu context
INFO (XendCheckpoint:417) ERROR Internal error: Failed to map/save the p2m frame list
2010-09-07 16:00:14 +02:00
Rafal Wojtczuk
11abef3439 qmemman: xc.domain_set_target_mem can throw exceptions, too 2010-09-07 13:10:48 +02:00
Rafal Wojtczuk
a013973806 Use vif-route-qubes. 2010-09-06 17:24:12 +02:00
Rafal Wojtczuk
31e7e96056 Switch to routed VM network (instead of bridging)
No headache from layer 2 attacks.
2010-09-06 17:07:42 +02:00
Rafal Wojtczuk
64e8013dc2 Unify dom0 and netvm sysconfig/iptables
Plus:
- dedicated chain for DNAT to nameservers
- prevent intervm networking. Can be conveniently overriden in necessary cases
by inserting ACCEPT clauses (per VM, probably) at the top of FORWARD
2010-09-06 15:10:01 +02:00
Rafal Wojtczuk
22df517425 qmemman: detect domain list change by watching /vm, not /local/domain
The latter triggers on every memory/meminfo key update, which needlessly
adds xenstore requests.
2010-09-06 10:46:36 +02:00
Rafal Wojtczuk
7dcb7cb196 qmemman: don't use xenapi, use hypercalls to do mem-set 2010-09-03 16:19:48 +02:00
Rafal Wojtczuk
10408d61db qmemman: when low on memory, do not make a VM go below prefmem
Now the balance() has two different cases: enough memory and low_on_memory.
In the former, distribute memory proportianally; in the former, dont do this, as this
makes a VM go below prefmem.
2010-09-01 12:40:02 +02:00