Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,002 Commits 1 Branch 0 Tags 15 MiB
e6585a85a6
Commit Graph

525 Commits

Author SHA1 Message Date
Joanna Rutkowska
59f71f634a dom0: Fix xenstore permissions qubes_netvm_external_ip 
We should ensure that the first expression in the permisions list
is nX, where X is the owning domain, and not rX or wX, as otherwise
we would be granting all other VMs read access to the key.

This is explained in more detail here:

http://wiki.xensource.com/xenwiki/XenBus

In practice the perms problem applied only to the qubes_netvm_external_ip key
that is exposed by each NetVM to corresponding Proxy VMs. Before this fix,
the key was readable by any VM in the system, which might not be desired in some
more advanced networking setups, such as with Tor Proxy VM.
 2011-09-26 17:24:11 +02:00
Rafal Wojtczuk
2950ee7170 Make qubes-receive-updates more defensive (#356) 2011-09-16 17:05:41 +02:00
Marek Marczykowski
5f702e9a8a dom0/clock-sync: fix test type (socket vs file) 2011-09-15 14:54:35 +02:00
Marek Marczykowski
9f14be6eed dom0: sync dom0 clock more frequent; start it from init.d script 2011-09-15 14:43:02 +02:00
Marek Marczykowski
633b21bb26 dom0: do not sync rpmdb with UpdateVM after each pkg installation 
This doesn't make sense sice at every qvm-dom0-update we begin with sync rpmdb.
Also this allow embedding sync_rpmdb_updatevm.sh into qvm-dom0-update.
 2011-09-15 13:37:34 +02:00
Marek Marczykowski
e4e661ac51 dom0: reduce watching tool to dom0 clock sync only 
Do not watch for updates for now, it will be implemented later.
 2011-09-15 13:32:06 +02:00
Marek Marczykowski
59ab2a0e91 dom0/watch-updates: get rid for pkgcount from dom0 update notify 
This is useless information...
 2011-09-15 01:09:11 +02:00
Marek Marczykowski
c6b3a13b49 dom0/watch-updates: typo fix (dom0 notify condition) 2011-09-15 01:08:02 +02:00
Marek Marczykowski
855664e6e5 dom0+vm: use qubes_download_dom0_updates.sh instead of qubes_check_for_updates.sh 
Remove code duplication. Implemented required --check-only option to
qubes_download_dom0_updates.sh.
 2011-09-15 00:18:56 +02:00
Marek Marczykowski
3dd6d654ea dom0/qvm-dom0-update: Check if running as root at the beginning 2011-09-14 16:44:43 +02:00
Marek Marczykowski
93832b29db Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core 2011-09-14 16:43:23 +02:00
Marek Marczykowski
558d1ee582 dom+vm: Copy dom0 yum.conf to UpdateVM 
At least to use dom0 'exclude' options, not VM one. Especially to not exlude
kernel and xorg updates...
 2011-09-14 00:47:13 +02:00
Joanna Rutkowska
d5576ce77f Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2011-09-13 19:22:16 +02:00
Marek Marczykowski
0ce7336cad dom0: Distinguish 'Halting','Crashed' state from simple 'Halted' (#314) 2011-09-13 18:39:09 +02:00
Marek Marczykowski
dbf8c11ad6 dom0/qvm-backup-restore: Distinguish ProxyVM from NetVM (#345) 2011-09-13 15:50:14 +02:00
Marek Marczykowski
5d6ac01111 dom0/qvm-backup: Don't backup internal VMs (instead of *-dvm) (#352) 2011-09-13 11:30:04 +02:00
Joanna Rutkowska
099e8a47a9 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 
Conflicts:
	dom0/qvm-tools/qvm-backup-restore
 2011-09-13 10:33:42 +02:00
Marek Marczykowski
813b626d27 dom0/qvm-backup: include icon only for AppVM (#345) 2011-09-12 16:40:17 +02:00
Marek Marczykowski
ade25b8c8d dom0/qvm-backup: exclude dom0 from backup 2011-09-12 16:38:33 +02:00
Marek Marczykowski
029e3fc098 dom0/qvm-dom0-update: Filter yum options in dom0 
Eg. don't pass --enablerepo to yum install.
 2011-09-12 16:35:44 +02:00
Marek Marczykowski
fde8bc35fa dom0/qvm-backup: Support for NetVMs backup (#345) 2011-09-12 15:25:31 +02:00
Marek Marczykowski
2107191ca9 dom0/qvm-dom0-update: do not use GUI when called from cmdline 2011-09-12 15:05:26 +02:00
Marek Marczykowski
2bbdb93594 dom0/qvm-dom0-update: replace gpk-update-viewer with yum update (#347) 2011-09-12 15:04:27 +02:00
Marek Marczykowski
9395ea239c dom0: qvm-dom0-update --help (#349) 2011-09-12 14:57:38 +02:00
Marek Marczykowski
972ab21d5f dom0: rename qvm-dom0-upgrade tool (#350) 2011-09-12 14:37:52 +02:00
Joanna Rutkowska
0863244561 dom0: qvm-backup-restore: also restore appmenus for template VMs 2011-09-12 14:28:44 +02:00
Joanna Rutkowska
f2770e2d03 dom0: Fix create_xenstore_entries in other classes to not require xid argument 2011-09-09 18:49:15 +02:00
Marek Marczykowski
2319083631 dom0: use default kernel opts when custom opts isn't set 
This can happen after rpm upgrade.
 2011-09-09 14:24:17 +02:00
Joanna Rutkowska
583720c676 dom0: qvm-dom0-upgrade: actually check if running as root only when used 'manually' 2011-09-08 14:12:56 +02:00
Joanna Rutkowska
89d532ef11 dom0: qubes.py: do not use pci=nomsi as a default argument for passthrough VM kernels anymore 2011-09-08 14:09:03 +02:00
Joanna Rutkowska
b2a3515f4f dom0: qvm-dom0-upgrade: fail when run as non-root user 2011-09-08 13:55:33 +02:00
Marek Marczykowski
f9fcd3393e dom0: set static-max for dom0 
To make 'xl mem-set 0 <size>' happy.
 2011-09-08 01:19:59 +02:00
Marek Marczykowski
5e09af2b46 dom0: limit default swiotlb size for NetVM (#342) 2011-09-08 01:19:25 +02:00
Marek Marczykowski
6b4cf305d8 dom0/qvm-backup: include custom kernel of StandaloneVM 2011-09-06 01:52:48 +02:00
Marek Marczykowski
320847de91 dom0: correctly remove appmenus for ServiceVM (if any) 2011-09-06 01:17:09 +02:00
Marek Marczykowski
77ec31d164 dom0: appmenus templates handling for StandaloneVM (#317) 
StandaloneVM also needs apps.templates dir in order to qubes-appmenu-select
works. Also can be helpful for backup/restore.
 2011-09-06 01:15:35 +02:00
Marek Marczykowski
c1f0296e66 dom0: automatically determine domain xid in create_xenstore_entries 2011-09-06 01:14:49 +02:00
Marek Marczykowski
2d97c3399e dom0/qvm-dom0-upgrade: Run yum after downloading new packages 
yum will ask for confirmation.
 2011-09-03 16:43:22 +02:00
Marek Marczykowski
f85fcc06aa dom0: replace obsolete swiotlb=force with iommu=soft 2011-09-03 16:15:02 +02:00
Marek Marczykowski
5cb6cd2aa7 dom0: fix uses_default_kernelopts typo 2011-09-03 16:14:51 +02:00
Marek Marczykowski
07dc5d1430 dom0: detach vif at qvm-dom0-network-via-netvm down 2011-09-03 16:14:12 +02:00
Marek Marczykowski
2b26350cb2 dom0/qvm-prefs: remove message duplication 2011-09-03 16:13:35 +02:00
Marek Marczykowski
58985193e7 dom0: move network-attach logic to qubes.py 
Main reason is to remove code duplication.
Also fixes #260 and workaround (by sleep...) some race at NetVM restart
(fronted driver does not noticed vif-detach+vif-attach).
 2011-09-03 16:13:14 +02:00
Marek Marczykowski
5fe147729d dom0: copy only selected files for StandaloneVM kernel 
Especially ignore modules dir - already included in modules.img
 2011-09-03 16:04:25 +02:00
Marek Marczykowski
7f24727b2b dom0: fix waiting for vif detach 2011-09-03 16:01:22 +02:00
Marek Marczykowski
73fc87efa2 dom0: replace obsolete xencons=hvc with console=hvc0 2011-09-03 16:00:21 +02:00
Joanna Rutkowska
16a46f9a9c Use proper dracut module and conf files... 
... instead of the ugly and incompatible /usr/share/qubes/regenerate_initramfs.sh script
 2011-09-02 16:55:39 +02:00
Marek Marczykowski
11da1633d3 dom0: Copy default template kernel to StandaloneVM dir (#333) 
Just prepare kernel for qvm-set -s <vmname> kernel none
 2011-09-01 15:01:37 +02:00
Marek Marczykowski
ac917ef1d8 dom0: Set modules.img device R/W for StandaloneVM (#333) 2011-09-01 14:56:23 +02:00
Marek Marczykowski
577dd2b076 dom0: when cleaning up network devices, wait for actual device destroy 
Otherwise subsequent network-attach will not be noticed by frontend driver.
 2011-09-01 00:01:53 +02:00