Commit Graph

113 Commits

Author SHA1 Message Date
Wojtek Porczyk
8c9ce0587b ext/admin: add explanation to PermissionDenied 2017-06-22 13:21:37 +02:00
Wojtek Porczyk
2942f8bcac qubes: admin extension
for managing tags
2017-06-21 23:12:54 +02:00
Marek Marczykowski-Górecki
86a935e779
qubes.NotifyTools: ignore '/qubes-tools/version' completely
It isn't used for anything, so simply ignore it for good.

https://github.com/QubesOS/qubes-core-admin/pull/109#discussion_r121421409
2017-06-14 10:44:24 +02:00
Marek Marczykowski-Górecki
ee442c754f
api/misc: integrate qubes.NotifyTools logic with qubes.FeaturesRequest
Make qubes.NotifyTools reuse logic of qubes.FeaturesRequest, then move
actual request processing to 'features-request' event handler. At the
same time implement handling 'qrexec' and 'gui' features request -
allowing to set template features when wasn't already there.
Behavior change: template is no longer allowed to change feature value
(regardless of being True or False). This means the user will always be
able to override what template have set.
2017-06-12 12:22:39 +02:00
Marek Marczykowski-Górecki
9bb5054e50
ext: BlockDevices extension
Handle block devices exposed by VMs
2017-06-05 23:33:58 +02:00
Wojtek Porczyk
bbe757d0a7 Make pylint very ♥ 2017-05-30 15:06:05 +02:00
Wojtek Porczyk
a9755ed76a qubes/ext/gui: remove is-fully-usable and is_guid_running 2017-05-29 17:34:15 +02:00
Marek Marczykowski-Górecki
e54cc11a2c
vm: expose to VM only features with 'service/' prefix
And place them in /qubes-service/ QubesDB directory. This allows
extensions to easily store some data not exposed to VM, but also have
control what VM will see. And at the same time, it make it compatible
with existing services framework

QubesOS/qubes-issues#1637
2017-05-26 15:08:19 +02:00
Marek Marczykowski-Górecki
6bc44b43de
pci: adjust PCIDeviceExtension device identifier syntax
':' is not allowed in device identifier, replace it with '_'.

Warning: this breaks existing qubes.xml
2017-05-22 17:11:19 +02:00
Marek Marczykowski-Górecki
402afa1925
pci: use device attach options for disabling strict reset
Since we have now per-device options, it's more logical to use it here,
instead of features with device identifier encoded into feature name.
2017-05-22 03:21:13 +02:00
Marek Marczykowski-Górecki
227010d433
pci: fix device-pre-attach event signature
Now it contains also options. PCI extension do not use it, yet.
2017-05-19 18:49:22 +02:00
Marek Marczykowski-Górecki
da7496794a
events: add support for per-instance handlers 2017-05-12 14:25:32 +02:00
Marek Marczykowski-Górecki
033d2132d3
ext/gui: remove most of it, moved to qvm-start-gui tool...
...in core-mgmt-client repository. qubesd isn't the right place to start
GUI applications, which will be even more important when GUI domain will
be something different than Dom0.

QubesOS/qubes-issues#833
2017-05-12 14:25:29 +02:00
Bahtiar `kalkin-` Gadimov
8d60f533c3
PCI extension cache PCIDevice objects 2017-04-15 23:50:11 +02:00
Bahtiar `kalkin-` Gadimov
79407a8717
Make pylint ♥ 2017-04-15 23:50:11 +02:00
Bahtiar `kalkin-` Gadimov
9da28c9c15
device-list-attached event returns a dev/options tupples list 2017-04-15 23:49:40 +02:00
Bahtiar `kalkin-` Gadimov
0b3aebac9f
Update ext/pci to new api
Signed-off-by: Bahtiar `kalkin-` Gadimov <bahtiar@gadimov.de>
2017-04-15 18:05:29 +02:00
Bahtiar `kalkin-` Gadimov
9d08e4b792
Fix bug in PCIDeviceExtension: decode buffer to string 2017-04-15 18:05:12 +02:00
Marek Marczykowski-Górecki
96db9a46d1 Fix start-related asyncio integration
cherry-picked commit 05fc3a4
2017-04-07 17:46:54 +02:00
Wojtek Porczyk
cce809c2cb qubes/vm/qubesvm: async def start
QubesOS/qubes-issues#2622
2017-03-30 23:04:55 +02:00
Marek Marczykowski-Górecki
3726c7d9c3
python: decode xrandr output earlier, don't use regexp on bytes 2017-02-27 02:37:49 +01:00
Marek Marczykowski-Górecki
570cbe5225
qubes: py3k related fixes 2017-02-27 02:37:45 +01:00
Wojtek Porczyk
be53db4db9 qubes/events: they accept only keyword arguments
Positional arguments are hereby deprecated, with immediate effect.

QubesOS/qubes-issues#2622
2017-02-21 14:46:42 +01:00
Marek Marczykowski-Górecki
a317e81d7e
qubes/ext/gui: adjust shm.id path
It's moved to /var/run/qubes and now is built based on $DISPLAY.
2017-02-15 00:01:33 +01:00
Wojtek Porczyk
d74567d65f qubes: port core to python3
fixes QubesOS/qubes-issues#2074
2017-01-20 16:42:51 +01:00
Marek Marczykowski-Górecki
a318d5cea9
Don't fail on DBus connection error or opening log
Especially in offline mode - like during installation, tests etc.

QubesOS/qubes-issues#2412
2016-11-26 04:08:59 +01:00
Marek Marczykowski-Górecki
c08766e157
qubes/features: rename 'services/ntpd' to 'service/ntpd'
It makes much more sense to use singular form here - ntpd is a single
service.
2016-11-26 04:08:06 +01:00
WetwareLabs
cedd822735 Fix sending monitor layout info when xrandr has one output disconnected
Signed-off-by: WetwareLabs <marcus@wetwa.re>
2016-09-29 14:13:38 +02:00
Marek Marczykowski-Górecki
d5b3d971ee
qubes/ext/r3compat: update firewall handling for new API
QubesOS/qubes-issues#1815
2016-09-19 20:36:31 +02:00
Marek Marczykowski-Górecki
8ca08c7790
qubes/ext/pci: fix handling dom0 before starting first VM
Before starting fist VM, backend/pci xenstore directory does not exists.
Do not crash on it

QubesOS/qubes-issues#2257
2016-09-13 02:15:25 +02:00
Marek Marczykowski-Górecki
aa0674e8bb
qubes/vm: make VM QubesDB interface as much compatible as possible
All the base keys can be kept easily the same, so do it.

QubesOS/qubes-issues#1812
2016-09-08 04:17:48 +02:00
Marek Marczykowski-Górecki
c534b68665
qubes/vm: start VM daemons as normal user
This is migration of core2 commits:

commit d0ba43f253
Author: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Date:   Mon Jun 6 02:21:08 2016 +0200

    core: start guid as normal user even when VM started by root

    Another attempt to avoid permissions-related problems...

    QubesOS/qubes-issues#1768

commit 89d002a031
Author: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Date:   Mon Jun 6 02:19:51 2016 +0200

    core: use runuser instead of sudo for switching root->user

    There are problems with using sudo in early system startup
    (systemd-logind not running yet, pam_systemd timeouts). Since we don't
    need full session here, runuser is good enough (even better: faster).

commit 2265fd3d52
Author: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
Date:   Sat Jun 4 17:42:24 2016 +0200

    core: start qubesdb as normal user, even when VM is started by root

    On VM start, old qubesdb-daemon is terminated (if still running). In
    practice it happen only at VM startart (shutdown and quickly start
    again). But in that case, if the VM was started by root, such operation
    would fail.
    So when VM is started by root, make sure that qubesdb-daemon will be
    running as normal user (the first user in group 'qubes' - there should
    be only one).

    Fixes QubesOS/qubes-issues#1745
2016-09-08 04:17:47 +02:00
Marek Marczykowski-Górecki
19d9edc291
qubes/ext/gui: adjust guid parameters when running on KDE5
Commit from core2:

    commit 94d52a13e7

    core: adjust guid parameters when running on KDE5

    On KDE5 native decoration plugin is used and requires special properties
    set (instead of `_QUBES_VMNAME` etc).
    Special care needs to be taken when detecting environment, because
    environment variables aren't good enough - this script may be running
    with cleared environment (through sudo, or from systemd). So check
    properties of X11 root window.

    QubesOS/qubes-issues#1784
2016-09-08 04:17:47 +02:00
Marek Marczykowski-Górecki
93e88e0c22
qubes/ext/pci: implement pci-no-strict-reset/BDF feature
Instead of old per-VM flag 'pci_strictreset', now implement this as
per-device flag using features. To not fail on particular device
assignment set 'pci-no-strict-reset/DEVICE-BDF' to True. For
example 'pci-no-strict-reset/00:1b.0'.

QubesOS/qubes-issues#2257
2016-09-03 20:41:06 +02:00
Marek Marczykowski-Górecki
5c7f589330
qubes: make pylint happy 2016-09-03 20:41:05 +02:00
Marek Marczykowski-Górecki
aa67a4512e
qubes/ext/pci: move PCI devices handling to an extension
Implement required event handlers according to documentation in
qubes.devices.

A modification of qubes.devices.DeviceInfo is needed to allow dynamic,
read-only properties.

QubesOS/qubes-issues#2257
2016-09-03 20:41:03 +02:00
Marek Marczykowski-Górecki
067cfb7cd6
Send approximate physical screen dimensions to the VM
When properly set, applications will have a chance to automatically
detect HiDPI and act accordingly. This is the case for Fedora 23
template and GNOME apps (maybe even all built on top of GTK).

But for privacy reasons, don't provide real values, only some
approximate one. Give enough information to distinguish DPI above 150,
200 and 300. This is some compromise between privacy and HiDPI support.

QubesOS/qubes-issues#1951

This commit is migrated from gui-daemon repository
(dec462795d14a336bf27cc46948bbd592c307401).
2016-08-08 04:03:00 +02:00
Bahtiar `kalkin-` Gadimov
c18537439f Make pylint really happy ♥♥♥ 2016-07-21 12:21:56 +02:00
Marek Marczykowski-Górecki
9cdf994360
Minor fixes 2016-06-16 17:06:42 +02:00
Wojtek Porczyk
6ade5736d7 pylint fixes 2016-06-10 21:27:29 +02:00
Wojtek Porczyk
7f2f4a4e75 Fix GUI extension 2016-04-27 15:27:01 +02:00
Wojtek Porczyk
fe8fdb264b qubes/vm/qubesvm: move is_guid_running to GUI extension 2016-04-20 13:54:56 +02:00
Wojtek Porczyk
540942de47
qubes/ext: convert extensions to singletons
From now the extensions are instantiated once. They no longer have .app
attribute, but can access it from event handlers via vm.app.
2016-04-11 15:31:41 +02:00
Wojtek Porczyk
a4fa1adb82 qubes/ext/gui: fix sending monitor layout at VM startup
Based on marmarek's commit 4edb42c1 under the same name.
2016-03-21 11:44:59 +01:00
Wojtek Porczyk
04cc2099f7 HVM part 2 2016-03-21 11:44:54 +01:00
Wojtek Porczyk
d766b8e110 qubes: Fix "unify event names" 2016-03-21 11:43:33 +01:00
Marek Marczykowski-Górecki
9567f7b40b vm: rename 'yum-proxy-setup' feature to 'updates-proxy-setup'
The 'yum-proxy-setup' is deprecated since R3.0, so finally remove old
name.
But add it to R3.x compatibility layer.
2016-03-21 11:43:33 +01:00
Marek Marczykowski-Górecki
b6d8c7fb81 ext/r3compatibility: features/services
QubesOS/qubes-issues#1812
2016-03-21 11:43:33 +01:00
Marek Marczykowski-Górecki
c9fd57e7e4 ext/r3compatibility: move old firewall code to R3.x compat layer
QubesOS/qubes-issues#1812
2016-03-21 11:43:33 +01:00
Marek Marczykowski-Górecki
afd4573a02 ext/r3compatibility: create R3.x QubesDB entries
This allows the user to start VM based on "old" system (from R3.x) in
R4.0. For example after restoring from backup, or migration. This also
makes upgrade instruction much easier - no need complex recovery
instruction if one upgrade dom0 before upgrading all the templates.

QubesOS/qubes-issues#1812
2016-03-21 11:43:33 +01:00
Marek Marczykowski-Górecki
a0fa8fcc8e ext/qubesmanager: fix events signature
There is event itself passed just after VM object.
2016-03-21 11:43:33 +01:00
Wojtek Porczyk
0f9ca47d90 qubes/ext/guid: Move gui-related code to extension 2016-03-21 11:43:32 +01:00
Wojtek Porczyk
d09bd5ab6a qubes: Convert QubesVM and Extension discovery to pkg_resources
QubesOS/qubes-issues#1238
2016-03-21 11:43:32 +01:00
Wojtek Porczyk
ea44c0acf3 qubes: pylint fixes
Fix bunch of errors and warnings.
2015-10-05 23:49:39 +02:00
Wojtek Porczyk
fcdb579bab core3: qubesmanager notifying extension
core/notify.py was excavated and tray notifying remnants were moved to
qubes.log. They are unused as yet.

Also extension events are fixed.
2015-10-05 12:46:14 +02:00
Wojtek Porczyk
adb144acfe qubes: pylint fixes (small mistakes and wrong names) 2015-06-29 17:39:27 +02:00
Wojtek Porczyk
bf29d5e5b5 qubes: pylint fixes (disable unfounded messages) 2015-06-29 17:39:27 +02:00
Wojtek Porczyk
ee06e7d7a2 qubes: documentation and licence fixes 2015-06-29 17:39:27 +02:00
Wojtek Porczyk
cdc3df66c8 qubes: pylint fixes (mostly whitespace) 2015-06-29 17:39:27 +02:00
Wojtek Porczyk
99edcb56c1 qubes: fix event framework
Two important fixes are in this commit: handlers from decorators are added when
class is defined (and not when class is instantiated); also multiple events can
be specified in the decorator.
2015-06-29 17:39:25 +02:00
Wojtek Porczyk
855a434879 core3: event framework adjusted for global Qubes object
From now, global events are emitted by qubes.Qubes object and handlers are registered there.
2015-06-29 17:39:24 +02:00
Wojtek Porczyk
65595e3b39 apidoc stub 2015-06-29 17:39:22 +02:00
Wojtek Porczyk
7f27d987cc import framework for core3 2015-06-29 17:39:22 +02:00