Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
2,338 Commits 1 Branch 0 Tags 20 MiB
e6012a8fd2
Commit Graph

2338 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Marek Marczykowski
7a485ab7f9 vm/file-editor: connect /dev/null as stdin (#657) 
If stdin is closed (not connected to /dev/null) first opened file will get fd=0
and will be treated as stdin.
 2012-10-04 05:44:19 +02:00
Marek Marczykowski
303d4ab042 dom0/iptables: block IPv6 traffic 
Dom0 is network isolated anyway, but apply also firewall in case of use
qubes-dom0-network-via-netvm.
 2012-10-04 05:44:19 +02:00
Marek Marczykowski
9c3f8417d4 vm/iptables: block IPv6 traffic 
This isn't properly handled by Qubes VMs yet, so block it in all the VMs.
Also restrict access to firewall config.
 2012-10-04 05:44:19 +02:00
Marek Marczykowski
56e0359cfb vm/yum-proxy: one more regexp fix 2012-10-04 05:44:19 +02:00
Marek Marczykowski
551cc8b186 vm/yum-proxy: filter regexp: add missing ^$ marks, remove unneded .* at the beginning 
Reported-by: Igor Bukanov <igor@mir2.org>
 2012-10-04 05:44:19 +02:00
Marek Marczykowski
0cf7c03ea5 vm/systemd: early user-configurable init script 2012-10-04 05:44:19 +02:00
Marek Marczykowski
04e57db419 vm/yum-proxy: allow pkgtags repodata 2012-10-04 05:44:19 +02:00
Marek Marczykowski
397f2912f0 dom0/core: allow '_' in VM name 2012-10-04 05:44:18 +02:00
Marek Marczykowski
d172fa72f1 vm/qrexec: fix race between child cleanup and select call 
reap_children() can close FD, which was already added to FD_SET for select.
This can lead to EBADF and agent termination.
 2012-10-04 05:44:18 +02:00
Marek Marczykowski
9519d843d8 dom0/spec: mark qrexec policy as config files 
Prevent override on upgrade, when user makes some own changes (especially
"always allow" feature).
 2012-10-04 05:44:18 +02:00
Marek Marczykowski
92747285c7 dom0/qvm-block: rework device name parsing to better support c0p1 name style 2012-10-04 05:44:18 +02:00
Marek Marczykowski
38fc566e52 vm/spec: fix adding yum-proxy configuration 
Do not add entry if already present.
 2012-10-04 05:29:58 +02:00
Marek Marczykowski
6419fea4ce vm/spec: fix adding yum-proxy configuration 
Do not add entry if already present.
 2012-10-04 05:29:10 +02:00
Marek Marczykowski
349331251d Merge branch 'hvm' of git://gitpro.qubes-os.org/joanna/core into hvm 2012-10-04 05:14:42 +02:00
Marek Marczykowski
19a60eff55 dom0/core: fix icon handling on VM clone 2012-10-03 22:28:49 +02:00
Marek Marczykowski
1b25d77504 dom0/core: recreate appmenus after rename for any VM, not only AppVM (#659) 2012-10-03 21:36:52 +02:00
Marek Marczykowski
45639096fa dom0/core: include net/proxy VM default appmenus list in cloned template 2012-10-03 21:12:18 +02:00
Olivier Médoc
9a90f499bc dom0/qvm-sync-clock: use timestamp in RFC2822 format to avoid locale issues 2012-10-03 14:55:05 +02:00
Bruce A Downs
cbf05999fb vm: Added 'most recently used' feature to 'copy to vm' dialog 
* replaced zenity to qvm-mru-entry in qubes_rpc/qvm-copy-to-vm.gnome
* added python script qubes_rpc/qvm-mru-entry
* added /usr/bin/qvm-mru-entry to rpm_spec/core-vm.spec
 2012-09-28 00:57:08 +02:00
Bruce A Downs
6f35c13be2 vm/spec: mod to core-vm.spec to add test for files 
core rpm was failing during uninstall attempting to move non-existent files
* /var/lib/qubes/fstab.orig
* /var/lib/qubes/serial.orig
 2012-09-28 00:57:08 +02:00
Joanna Rutkowska
cd66ee2ce1 version 1.7.46 2012-09-27 11:03:26 +02:00
Marek Marczykowski
47e1665096 vm/file-editor: connect /dev/null as stdin (#657) 
If stdin is closed (not connected to /dev/null) first opened file will get fd=0
and will be treated as stdin.
 2012-09-27 02:06:26 +02:00
Marek Marczykowski
286339dd82 dom0/iptables: block IPv6 traffic 
Dom0 is network isolated anyway, but apply also firewall in case of use
qubes-dom0-network-via-netvm.
 2012-09-25 16:14:31 +02:00
Marek Marczykowski
a90a21b8ff vm/iptables: block IPv6 traffic 
This isn't properly handled by Qubes VMs yet, so block it in all the VMs.
Also restrict access to firewall config.
 2012-09-25 16:14:06 +02:00
Marek Marczykowski
decf7ef648 vm/yum-proxy: one more regexp fix 2012-09-25 15:08:06 +02:00
Marek Marczykowski
f710531f68 vm/yum-proxy: filter regexp: add missing ^$ marks, remove unneded .* at the beginning 
Reported-by: Igor Bukanov <igor@mir2.org>
 2012-09-25 13:37:59 +02:00
Marek Marczykowski
c1214bfef9 dom0/core: VM property for qrexec startup timeout (#27 pro) 2012-09-25 03:26:44 +02:00
Marek Marczykowski
c26e21d883 dom0/qrexec: tunable connect timeout, prompt the user on timeout (#27 pro) 2012-09-25 03:26:24 +02:00
Marek Marczykowski
d1620d9a32 dom0/qrexec: kill child process on connect timeout 
Sometimes vchan can not detect dead target domain so kill it explicit to not
leave a mess.
 2012-09-25 03:23:54 +02:00
Marek Marczykowski
96199058d1 dom0/core: wait for user session on HVM start (#31 pro) 2012-09-25 00:23:35 +02:00
Marek Marczykowski
f271ad8463 dom0/core: fix return value of QubesHVM.run() 2012-09-25 00:23:20 +02:00
Marek Marczykowski
9db9d8b6c2 dom0/core: allow passing stdin to QubesVM.run() 2012-09-25 00:22:31 +02:00
Marek Marczykowski
11ae1f45fc vm/systemd: early user-configurable init script 2012-09-23 23:28:58 +02:00
Marek Marczykowski
dd7fe532ae vm/yum-proxy: allow pkgtags repodata 2012-09-19 12:55:45 +02:00
Marek Marczykowski
cb5479666c win/vchan: reset the evtchn buffer in case of overflow 
In case of evtchn buffer overflow (received more than 1024 events between
libvchan_wait calls) further reads returns ERROR_IO_DEVICE. The only way to
recover from that is to reset the buffer. Because vchan code doesn't take care
of number of fired events - only the fact that some event was fired - lost
events here shouldn't break anything. Events reported _after_ libvchan_wait
call will be collected and reported correctly.

Some more comments in the code (here and in qrexec-agent in the next commit).
 2012-09-16 23:32:56 +02:00
Marek Marczykowski
3ecc031603 dom0/core: allow '_' in VM name 2012-09-14 12:58:00 +02:00
Marek Marczykowski
2444603ef5 dom0/core: allow '_' in VM name 2012-09-14 12:57:25 +02:00
Marek Marczykowski
900a21db72 dom0/init.d: hide some missleading error 2012-09-04 19:24:01 +02:00
Marek Marczykowski
b7eaf9a30d dom0/core: do not use hardcoded "user" in qvm-sync-clock 2012-08-31 00:53:50 +02:00
Marek Marczykowski
e6da68dae2 dom0/qrexec: use DEFAULT user feature of qrexec_daemon in policy parser 2012-08-30 17:48:19 +02:00
Marek Marczykowski
3f5a34f635 Revert "dom0/qrexec: use default user from VM settings" 
This reverts commit b1ccc9a510e465b8b59f12bafb7735664c4101d0.
This can be handled by qrexec_daemon itself.

Conflicts:

	qrexec/qrexec_policy
 2012-08-30 17:47:32 +02:00
Marek Marczykowski
46fd664ba3 dom0/qrexec: implement default user handling in qrexec_daemon 
This will simplify using qrexec from utilities which doen't load qubes.xml
normally (like qrexec_policy, gui daemon).
 2012-08-30 17:44:52 +02:00
Joanna Rutkowska
614573d0a3 version 1.7.45 2012-08-29 10:48:23 +02:00
Joanna Rutkowska
23f3f424e5 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2012-08-29 10:46:02 +02:00
Marek Marczykowski
629ae5317c vm/qrexec: fix race between child cleanup and select call 
reap_children() can close FD, which was already added to FD_SET for select.
This can lead to EBADF and agent termination.
 2012-08-27 01:26:12 +02:00
Marek Marczykowski
e80ff6bdeb dom0/spec: mark qrexec policy as config files 
Prevent override on upgrade, when user makes some own changes (especially
"always allow" feature).
 2012-08-27 01:25:39 +02:00
Marek Marczykowski
4e2f47d95c dom0/spec: mark qrexec policy as config files 
Prevent override on upgrade, when user makes some own changes (especially
"always allow" feature).
 2012-08-27 00:53:58 +02:00
Marek Marczykowski
3bce6047b5 dom0/qrexec: properly process data after client terminated one way of transfer 
Instead of removing client from list at EPIPE error from write, assume that
client does not wish read future data, but still can write something.
 2012-08-27 00:49:45 +02:00
Marek Marczykowski
f79101d114 dom0/qrexec: fix the case when client disconnected while sending cmdline 
Previously there was not cleaned up entry in clients table. Not critical, as
will be reset to known state at new client connect, but still fix it.
 2012-08-27 00:48:36 +02:00
Marek Marczykowski
89ab002db1 dom0/qrexec: minor FD leak fix 
qrexec_client will be shortly terminated after that, but still fix it.
 2012-08-27 00:48:36 +02:00