Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
2,637 Commits 1 Branch 0 Tags 20 MiB
e2f3446f22
Commit Graph

76 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
f4deddbbdf core: do not run commands on paused VM 2014-04-16 16:44:42 +02:00
Marek Marczykowski-Górecki
b17bf72b8a hvm: do not kill stubdom GUI in debug mode 2014-04-16 12:54:24 +02:00
Marek Marczykowski-Górecki
ac7746feed qvm-run: add color output and filtering escape sequences 
This makes VM output clearly distinguishable
 2014-04-15 03:19:48 +02:00
Marek Marczykowski-Górecki
5704b41a45 hvm: seamless_gui_mode setting, including runtime change support (#810) 2014-04-01 01:12:35 +02:00
Marek Marczykowski-Górecki
12d897cd3e hvm: fix startup of HVM without Qubes Tools 
Do not pollute environment of calling process, otherwise all VMs started
from Qubes Manager afterwards will get QREXEC_STARTUP_NOWAIT, which
will cause wait_for_session not working.
 2014-04-01 01:07:57 +02:00
Marek Marczykowski-Górecki
2eaf649eed core: add simple 'run_service' function 2014-04-01 01:07:23 +02:00
Marek Marczykowski-Górecki
72d277c56b core: add QubesVm.get_prefmem (#788) 
Expose 'prefmem' property used by qmemman.
 2014-03-31 03:45:16 +02:00
Marek Marczykowski-Górecki
242590902a firewall: minor improvements 
Do not require ports specified in rule - useful for "any" protocol where
ports doesn't have sense.
 2014-03-28 02:55:35 +01:00
Marek Marczykowski-Górecki
e90e1c62ec proxyvm: add support for rules with expire time (#760) 2014-03-28 02:54:59 +01:00
Marek Marczykowski-Górecki
d1fbd9c59d proxyvm: use "conntrack" iptables module instead of deprecated "state" 2014-03-27 17:16:36 +01:00
Marek Marczykowski-Górecki
04f86c7059 core: use functions instead of evals for storing attributes to qubes.xml 2014-03-27 17:15:15 +01:00
Marek Marczykowski-Górecki
e9fe890acb core: rewrite "eval" to "func" attribute handlers 2014-03-26 04:41:28 +01:00
Marek Marczykowski-Górecki
5141aba741 core: support functions instead of evals in attribute config 
eval still supported, but once all the code will be converted to
functions, the support will be removed.
 2014-03-26 04:40:45 +01:00
Marek Marczykowski-Górecki
91428ebaa1 core: method to resize root.img (#699) 2014-03-21 18:43:13 +01:00
Marek Marczykowski-Górecki
9768b38ffc core: handle errors with xenstore access during VM shutdown 
When netvm and firewallvm is shut down, netvm handling code will
try to revoke firewallvm access to external IP. But if netvm shutdown
happens in the meantime, xenstore will throw ENOENT error.
 2014-03-13 18:32:13 +01:00
Marek Marczykowski-Górecki
840dc38730 core: do not mark DispVMs as included in backups 2014-03-10 04:29:59 +01:00
Marek Marczykowski-Górecki
09652cb0f8 core: store date of last backup for each VM 2014-03-10 04:29:14 +01:00
Marek Marczykowski-Górecki
c5e2ba03bd core: notify xenstored about domain resume 
Otherwise it will not fire further domain suspend/death watches against
this domain - so xl will not cleanup the domain.
 2014-03-05 03:39:49 +01:00
Marek Marczykowski-Górecki
f7b43d1f34 hvm: check for qrexec presence 2014-03-01 15:17:41 +01:00
Marek Marczykowski-Górecki
17e0a62a10 hvm: fix drive option parse 2014-03-01 15:17:17 +01:00
Marek Marczykowski-Górecki
9e3cd62d12 hvm: move 'drive' parameter *parsing* to property setter 2014-02-17 00:55:59 +01:00
Marek Marczykowski-Górecki
6fece6347f core: call xl destroy as root 
In case the VM has PCI devices, it need to access sysfs (as root).
 2014-02-16 11:15:06 +01:00
Marek Marczykowski-Górecki
1e2459c210 core: include 'default_user' in cloned attributes 2014-02-10 12:59:46 +01:00
Marek Marczykowski-Górecki
62457da085 Merge branch 'appicons' 2014-02-07 05:52:36 +01:00
Marek Marczykowski-Górecki
86d3e2f4dd core: Do not kill the VM when qrexec connect timed out (#790) 
In such case show an error to the user (via tray notification, not
dialog box!) and leave the VM in "transient" state. The user can wait
some more time for VM startup, check what VM is doing, or kill it
manually.
 2014-02-05 03:31:36 +01:00
Marek Marczykowski-Górecki
f4a2fcc8ae core: remove dead "xm console" code 2014-02-05 03:31:32 +01:00
Marek Marczykowski-Górecki
d25482ad29 Add one more method to get system timezone 
Some programs (like KDE system settings) makes /etc/localtime hardlink
instead of symlink. Handle this case. Hopefully there will be less and
less such applications...
 2014-01-23 02:33:05 +01:00
Marek Marczykowski-Górecki
4ea600c8d3 core/proxyvm: allow TCP traffic to DNS servers 
Some DNS queries requires TCP - namely those with response not fitting
in 512 bytes.
 2014-01-21 04:45:41 +01:00
Marek Marczykowski-Górecki
8dda7cf884 core: improve VM name validation 
Do not allow 'special' names.
 2014-01-21 00:41:01 +01:00
Wojciech Porczyk
962d3da42e
appicons 
labels need to be specified with colour code
also fixed duplicate QubesDispVmLabels
 2014-01-11 00:07:55 +01:00
Marek Marczykowski-Górecki
5f38ff916a hvm: one more fix for start() return value 2013-12-19 13:46:30 +01:00
Marek Marczykowski-Górecki
cdd031cea5 hvm: fix return value of vm.start() 2013-12-17 23:59:05 +01:00
Olivier MEDOC
2576e5000e hvm: copy template private.img during hvm creation if hvm is template based 2013-12-14 03:58:01 +01:00
Marek Marczykowski-Górecki
73c38d8d1c hvm: propagate qrexec/guiagent setting from template 
Do it only in one way - i.e. support the situation where template
doesn't have tools installed, but child VM does.
 2013-12-13 22:47:20 +01:00
Marek Marczykowski-Górecki
e4d6be3a4b hvm: start guid for HVM without guiagent installed 
This is fix for commit "ebf0a27 hvm: start fullscreen guid only if no
guiagent installed or in debug mode"
 2013-12-09 19:10:25 +01:00
Marek Marczykowski-Górecki
ebf0a275a1 hvm: start fullscreen guid only if no guiagent installed or in debug mode 2013-12-06 06:35:30 +01:00
Marek Marczykowski-Górecki
76aa93e94b hvm: start stubdom guid regardless of guiagent_installed (#60 pro) 
Alway start stubdom guid, then if guiagent_installed set - start the
target one and when connects, kill stubdom one. This allow the user to
see startup messages so prevent the impression of hang VM.

Note 1: this doesn't work when VM disables SVGA output (just after
windows boot splash screen).
Note 2: gui-daemon sometimes hangs after receiving SIGTERM (libvchan_wait
during libvchan_close). This looks to be stubdom gui agent problem.
 2013-12-03 06:18:23 +01:00
Marek Marczykowski-Górecki
4ce3acd64d hvm: always use qrexec for clipboard operations 
This is temporary solution until Windows GUI agent will handle
MSG_CLIPBOARD_* commands.

Also fix code style - wrap long lines
 2013-12-02 03:47:49 +01:00
Marek Marczykowski-Górecki
27f6f0e64e Merge branch 'new-backups' 
Conflicts:
	core-modules/000QubesVm.py
 2013-11-29 04:00:58 +01:00
Marek Marczykowski-Górecki
b73970c62d core: rename QubesDom0NetVm to QubesAdminVm 
This is somehow related to #757, but only first (easier) step. Actual
change of QubesAdminVm base class requires somehow more changes, for
example qvm-ls needs to know how to display this type of VM (none of
template, appvm, netvm).

Make this first step change now, because starting with R2Beta3 dom0 will
be stored in qubes.xml (for new backups purposes) so this rename would
be complicated later.
 2013-11-29 03:42:56 +01:00
Marek Marczykowski-Górecki
3c99ac1d07 Performance optimization regarding xenstore access 
Reduce number of xenstore access during checking current domain XID.
 2013-11-26 20:16:10 +01:00
Marek Marczykowski-Górecki
dc55720738 core: QubesTemplateHVm.is_appvm = False 2013-11-25 07:22:21 +01:00
Marek Marczykowski-Górecki
09393734a3 core: refuse to set template for standalone VM 2013-11-25 07:18:01 +01:00
Marek Marczykowski-Górecki
5033b53543 core: split HVM template into separate class 2013-11-25 07:18:01 +01:00
Marek Marczykowski-Górecki
dc6fd3c8f3 core: store dom0 info in qubes.xml 
At least to have there info about its backup.
 2013-11-24 23:50:39 +01:00
Marek Marczykowski-Górecki
1b83e5c687 hvm: default to template's MAC in MAC auto mode (#755) 2013-11-21 14:49:42 +01:00
Marek Marczykowski-Górecki
aeb83d1a45 hvm: do not reset root.img to template state when debug mode enabled 2013-11-21 04:36:53 +01:00
Marek Marczykowski-Górecki
a457b62728 core: more flexible mechanism for template compatibility check 
Using class method allow the users (Qubes Manager at least) to check
for compatibility without having any particular VM instance - useful
while creating the VM.
 2013-11-21 03:42:31 +01:00
Marek Marczykowski-Górecki
efeb284ab1 core: do not call resize2fs on private.img in dom0 
Do not parse VM data (filesystem metadata in this case) in dom0, as this
expose dom0 for potential attack.
 2013-11-21 03:38:12 +01:00
Marek Marczykowski-Górecki
6fddae3b9b Support for autostart VMs (#724) 2013-11-20 02:57:17 +01:00