Commit Graph

4266 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
d8533bd061 core: do not reset firewal when setting netvm=none
It is no longer needed as qubesos/qubes-issues#862 is implemented.
2015-04-04 21:48:03 +02:00
Marek Marczykowski-Górecki
7516737fae core: Add "dispvm_netvm" property - NetVM for DispVMs started from a VM
This allows to specify tight network isolation for a VM, and finally
close one remaining way for leaking traffic around TorVM. Now when VM is
connected to for example TorVM, its DispVMs will be also connected
there.
The new property can be set to:
 - default (uses_default_dispvm_netvm=True) - use the same NetVM/ProxyVM as the
 calling VM itself - including none it that's the case
 - None - DispVMs will be network-isolated
 - some NetVM/ProxyVM - will be used, even if calling VM is network-isolated

Closes qubesos/qubes-issues#862
2015-04-04 21:47:31 +02:00
Marek Marczykowski-Górecki
a6448e073c block: fix handling non-dom0 backend
The libvirt XML config syntax was changed - the element is named
<backenddomain/>.
2015-04-04 16:18:10 +02:00
Marek Marczykowski-Górecki
b10cead867 version 3.0.4 2015-04-03 11:26:12 +02:00
Marek Marczykowski-Górecki
d76bd0ad1d Use partitioned loop device instead of device-mapper to prepare volatile.img
There was a lot problems with device-mapper, at least it asynchronous
creation, races with udev, problems with cleanup.
2015-04-03 11:24:37 +02:00
Marek Marczykowski-Górecki
1923e366cf version 3.0.3 2015-04-02 01:01:14 +02:00
Marek Marczykowski-Górecki
ea92f5d491 tests: improve clipboard test
To not use gnome-terminal, but much simpler zenity. This fixes some
race-conditions in the test itself.
2015-04-01 05:24:24 +02:00
Marek Marczykowski-Górecki
0727678575 version 3.0.2 2015-04-01 00:12:20 +02:00
Wojtek Porczyk
fbdb2f07ac qmemman: add logging 2015-03-31 20:42:53 +02:00
Wojtek Porczyk
19dfe3d390 core: allow '.' in domain name 2015-03-31 20:42:53 +02:00
Wojtek Porczyk
20b3fdedb8 rename netvm -> sys-net, firewallvm -> sys-firewall 2015-03-31 20:42:53 +02:00
Marek Marczykowski-Górecki
6dac228648 backup: backup any template marked to do so, even if installed by rpm 2015-03-31 05:54:41 +02:00
Marek Marczykowski-Górecki
0b0dbfd1e7 core: default 'include_in_backups' to negative of 'installed_by_rpm'
As we allow to backup template, even if installed by rpm, it makes sense
to not include such templates in backup by default.
2015-03-31 05:49:13 +02:00
Marek Marczykowski-Górecki
b3899ba81a tests: enable long messages by default 2015-03-31 05:14:42 +02:00
Marek Marczykowski-Górecki
d0b3d15212 tests: add a test for secure clipboard 2015-03-31 05:14:18 +02:00
Marek Marczykowski-Górecki
b563cf290e tests: fix firewall test - use the IP, not the ping command... 2015-03-30 22:33:08 +02:00
qjoo
d69b03e5e0 qubes-firewall is not supported in netvms 2015-03-30 22:31:20 +02:00
qjoo
9659c33a09 qvm-service: +disable-dns-server/disable-default-route
The logic for set-default-route/set-dns-server has been inverted.
2015-03-30 22:31:20 +02:00
Marek Marczykowski-Górecki
20c32e7233 tests: give firewallvm more time to apply the rules
Not everyone use fast SSD drive and 4+ core CPU...
2015-03-30 22:31:11 +02:00
Marek Marczykowski-Górecki
961ae3588f tests: force gnome-terminal title, so we can find the window
Debian do not use hostname in gnome-terminal window title by default, so
the test failed there, even when DispVM was started correctly.
Additionally we can't rely on gnome-terminal --title, as it isn't
working on Debian 8...
2015-03-30 21:32:13 +02:00
Marek Marczykowski-Górecki
98ab523da4 Wait for udev to process all the events during volatile.img preparation
Otherwise it could happen that the device will still be opened by udev,
so can't be freed by kpartx
2015-03-30 21:30:58 +02:00
Marek Marczykowski-Górecki
063e2617d6 Cleanup after failed volatile.img preparation 2015-03-30 16:18:52 +02:00
Marek Marczykowski-Górecki
cba8c6430c tests: do not rely on gedit being the default editor
Handle gedit, emacs and vim.
2015-03-30 16:18:09 +02:00
Marek Marczykowski-Górecki
5c59067676 core: treat absence of libvirt domain as 'Halted' state
If the domain isn't defined in libvirt, it surely isn't running. This is
needed for DispVM, which compares with exactly this state.
2015-03-30 05:33:13 +02:00
Marek Marczykowski-Górecki
b61aef2bef dispvm: typos 2015-03-30 05:32:04 +02:00
Marek Marczykowski-Górecki
64755b2d98 dispvm: do not treat DispVMs as Xen-specific
Theoretically it should work (with some minor modifications) on any
hypervisor.
2015-03-30 05:30:52 +02:00
Marek Marczykowski-Górecki
d02aa70e93 dispvm: speedup sparse files handling by using bsdtar
Apparently it is much faster. Especially during savefile preparation -
tar reads the whole file, while bsdtar gets file map and reads only used
regions.
2015-03-30 05:29:14 +02:00
Marek Marczykowski-Górecki
c6f136869e tests: fix handling tests list from cmdline
Previous approach didn't worked for dynamically generated tests.
2015-03-30 01:40:39 +02:00
Marek Marczykowski-Górecki
01e208d5ec utils/QubesWatch: provide domain UUID to domain_callback 2015-03-30 00:08:00 +02:00
Marek Marczykowski-Górecki
9bfcb72722 core: fix setting the VM autostart (#925)
This is actually workaround for systemd bug reported here:
https://bugzilla.redhat.com/show_bug.cgi?id=1181922

Closes qubesos/qubes-issues#925
2015-03-29 23:48:10 +02:00
Marek Marczykowski-Górecki
30fadfa994 core/block: handle any QubesDB exception 2015-03-29 23:47:39 +02:00
Marek Marczykowski-Górecki
2e8624e322 core: add missing import 2015-03-29 23:47:24 +02:00
Marek Marczykowski-Górecki
075f35b873 core: do not assume that libvirt domain is always defined
Define it only when really needed:
 - during VM creation - to generate UUID
 - just before VM startup

As a consequence we must handle possible exception when accessing
vm.libvirt_domain. It would be a good idea to make this field private in
the future. It isn't possible for now because block_* are external for
QubesVm class.

This hopefully fixes race condition when Qubes Manager tries to access
libvirt_domain (using some QubesVm.*) at the same time as other tool is
removing the domain. Additionally if Qubes Manage would loose that race, it could
define the domain again leaving some unused libvirt domain (blocking
that domain name for future use).
2015-03-29 23:38:36 +02:00
Marek Marczykowski-Górecki
e8a1e3469e tests/network: release QubesVmCollection lock before starting any VM 2015-03-29 17:33:34 +02:00
Marek Marczykowski-Górecki
f8ad78d174 core: use absolute imports in qubesutils 2015-03-29 17:33:02 +02:00
Marek Marczykowski-Górecki
bb958fd1c8 core: improve handling dead domains when talking to QubesDB daemon
Provide vm.refresh(), which will force to reconnect do QubesDB daemon,
and also get new libvirt object (including new ID, if any). Use this
method whenever QubesDB call returns DisconnectedError exception. Also
raise that exception when someone is trying to talk to not running
QubesDB - instead of returning None.
2015-03-29 17:22:15 +02:00
Marek Marczykowski-Górecki
124a26ec97 core: do not undefine libvirt domain when not necessary
Libvirt will replace domain XML when trying to define the new one with
the same name and UUID - this is exactly what we need. This fixes race
condition with other processes (especially Qubes Manager), which can try
to access that libvirt domain object at the same time.
2015-03-29 16:31:56 +02:00
Marek Marczykowski-Górecki
1b428f6865 core: fix bogus return value from __init__ 2015-03-29 16:19:50 +02:00
Marek Marczykowski-Górecki
999698bd68 core: rename create_xenstore_entries, get rid of xid parameter
It have nothing to do with xenstore, so change the name to not mislead.
Also get rid of unused "xid" parameter - we should use XID as little as
possible, because it is not a simple task to keep it current.
2015-03-28 22:36:28 +01:00
Marek Marczykowski-Górecki
e92da0e116 version 3.0.1 2015-03-26 23:53:22 +01:00
Marek Marczykowski-Górecki
c878beb25d utils/block: catch an exception when talking to disconnected qubesdb
This can happen for example when domain disappeared in the meantime.
2015-03-26 22:10:49 +01:00
Marek Marczykowski-Górecki
96cd341162 tests: typo fix 2015-03-25 00:48:01 +01:00
Marek Marczykowski-Górecki
55f7556c41 tests: include dom0 update tests by default
Looks like an oversight.
2015-03-25 00:47:56 +01:00
Marek Marczykowski-Górecki
fbd96532e8 tests: automatically iterate tests over templates 2015-03-22 03:32:01 +01:00
Marek Marczykowski-Górecki
20e4e26111 tests: add missing skip if no xdotool installed 2015-03-22 01:40:19 +01:00
Marek Marczykowski-Górecki
4dfb629dd8 Update libvirt config syntax for new version of driver domain patches
Finally accepted patches uses different syntax: <backenddomain name=.../> tag
instead of <source domain=.../>.
2015-03-21 21:12:48 +01:00
Marek Marczykowski-Górecki
246d0f4609 tests: if xdotool is not installed, skip tests that uses it 2015-03-19 23:17:34 +01:00
Marek Marczykowski-Górecki
370057bad3 tests: unlock qubes.xml after creating VMs
Otherwise it could cause deadlocks.
2015-03-19 23:17:20 +01:00
Marek Marczykowski-Górecki
668a2ac62b linux: set sgid for /var/run/qubes
This is much simpler than ensuring proper group set in every qubes
tool.
2015-03-19 10:31:50 +01:00
Marek Marczykowski-Górecki
7463a55f0f dispvm: do not require shmoverride loaded to start gui daemon
This isn't needed anymore because we'll show no window in invisible
mode. This allows to prepare DispVM from firstboot.
2015-03-19 10:30:18 +01:00