Qubes/core-admin
1
0
Форкнуть 0
Код Задачи Запросы на слияние Релизы Вики Активность
1 945 коммитов 1 ветка 0 Теги 20 MiB
f271ad8463
Граф коммитов

92 Коммитов

Автор SHA1 Сообщение Дата
Marek Marczykowski
e6da68dae2 dom0/qrexec: use DEFAULT user feature of qrexec_daemon in policy parser 2012-08-30 17:48:19 +02:00
Marek Marczykowski
3f5a34f635 Revert "dom0/qrexec: use default user from VM settings" 
This reverts commit b1ccc9a510e465b8b59f12bafb7735664c4101d0.
This can be handled by qrexec_daemon itself.

Conflicts:

	qrexec/qrexec_policy
 2012-08-30 17:47:32 +02:00
Marek Marczykowski
46fd664ba3 dom0/qrexec: implement default user handling in qrexec_daemon 
This will simplify using qrexec from utilities which doen't load qubes.xml
normally (like qrexec_policy, gui daemon).
 2012-08-30 17:44:52 +02:00
Marek Marczykowski
3bce6047b5 dom0/qrexec: properly process data after client terminated one way of transfer 
Instead of removing client from list at EPIPE error from write, assume that
client does not wish read future data, but still can write something.
 2012-08-27 00:49:45 +02:00
Marek Marczykowski
f79101d114 dom0/qrexec: fix the case when client disconnected while sending cmdline 
Previously there was not cleaned up entry in clients table. Not critical, as
will be reset to known state at new client connect, but still fix it.
 2012-08-27 00:48:36 +02:00
Marek Marczykowski
89ab002db1 dom0/qrexec: minor FD leak fix 
qrexec_client will be shortly terminated after that, but still fix it.
 2012-08-27 00:48:36 +02:00
Marek Marczykowski
6984c4d795 vm/qrexec: better handle the case when child process closes its stdin 
Instead of assuming process termination (because of write returned EPIPE), just
do not write to the process pipe, but still process the data in opposite
direction until EOF received.
 2012-08-27 00:48:22 +02:00
Marek Marczykowski
798d239c15 vm/qrexec: fix race between child cleanup and select call 
reap_children() can close FD, which was already added to FD_SET for select.
This can lead to EBADF and agent termination.
 2012-08-27 00:20:25 +02:00
Marek Marczykowski
1c04920833 vm/qrexec: log exit code in "sending exit code" message 2012-08-27 00:18:35 +02:00
Marek Marczykowski
c9a43f66ed dom0/qrexec: do not exit client before all data in both direction transfered 
When qrexec_client cannot write to its stdout, this doesn't necessary mean that
there is no data in opposite direction.
Simple example is RPC service: when process in destination VM closes its stdin,
it can still send some data to triggering VM.
 2012-08-25 01:17:50 +02:00
Marek Marczykowski
77b2758c93 vm/qubes-rpc: move set_(non)?block to ioall.c as can be used not only in qrexec 2012-08-25 01:11:22 +02:00
Marek Marczykowski
7c1dfe9266 dom0/qrexec: implement standalone policy evaluation (#12 pro) 
This change will allow to use the same policy mechanism to control clipboard
copy between domains.
 2012-08-18 22:08:26 +02:00
Marek Marczykowski
11e142adb3 dom0/qrexec: use default user from VM settings 2012-08-18 21:42:54 +02:00
Marek Marczykowski
7745e23137 dom0/qrexec: use QUBESRPC instead of direct multiplexer path 2012-08-18 21:21:20 +02:00
Marek Marczykowski
7e3ffabd78 dom0+vm: execute qrexec service as shell script 
This will allow to pass quoted arguments and some variable expansion. Basically
one-line shell command service can be embeded in the configuration.
In previus version use of "command path with spaces" whould result in try to
execute '"command' with arguments 'path', 'with' and 'spaces"'.
 2012-07-14 23:03:43 +02:00
Marek Marczykowski
2b5ce31eeb dom0+vm/qrexec-services: pass remote domain via env variable not argument 
Most qrexec services doesn't use remote domain name, as policy is enforced
earlier. So pass it in way that will allow use of generic command as qrexec
service.
 2012-07-14 22:54:23 +02:00
Marek Marczykowski
28ca836e14 vm: support for magic QUBESRPC command 
Previously dom0 had to know full path of qubes_rpc_multiplexer in VM, which can
differ between VMs (eg totally different on Windows). This commit enables dom0
to magic keyword instead of full path.
 2012-06-22 22:16:08 +02:00
Marek Marczykowski
65a94681b2 vm/qrexec: removed obsolete "directly:" command prefix support 
This was used for launching DispVM editor in pre-qrexec-RPC times.
 2012-06-01 20:46:23 +02:00
Marek Marczykowski
05123c09f2 qrexec: describe msg types in header file 2012-05-24 12:11:03 +02:00
Marek Marczykowski
adc0b6eff5 vm(+dom0): major rearrage VM files in repo; merge core-*vm packages 2012-01-06 21:31:12 +01:00
Marek Marczykowski
b8b5cf0a17 vm: force meminfo-writer to wait for the first user process (#392) 
meminfo-writer will wait for SIGUSR1 - send by qrexec-agent on the first
qvm-run from dom0.
 2011-12-26 23:39:25 +01:00
Marek Marczykowski
ce82303c16 dom0/qrexec: add missing space 2011-10-28 00:19:29 +02:00
Marek Marczykowski
1b42142e05 dom0/qrexec: change qrexec startup timeout to 60s (#373) 2011-10-18 00:09:34 +02:00
Marek Marczykowski
ede96353af dom0/qrexec: Add always allow option in qrexec confirmation dialog (#278) 2011-10-12 00:08:28 +02:00
Joanna Rutkowska
7d5609a80a dom0: qrexec_daemon: use 30s connect timeout instead of 120s 2011-09-09 16:34:41 +02:00
Marek Marczykowski
e2aeceb230 qrexec: Use pselect instead of select (#241) 
Details here: http://wiki.qubes-os.org/trac/ticket/241
 2011-09-01 14:56:19 +02:00
Rafal Wojtczuk
850cf003ce Add comments to policy files. 2011-07-25 01:49:25 +02:00
Rafal Wojtczuk
259d08a83e qrexec: use $anyvm and $dispvm symbols 2011-07-25 01:49:25 +02:00
Rafal Wojtczuk
abd8b79864 qrexec: impose startup time limit for qrexec_daemon 2011-07-25 01:49:24 +02:00
Marek Marczykowski
3e2c427953 gitignore 2011-07-10 12:47:09 +02:00
Rafal Wojtczuk
af92ce3e48 qrexec: added qrexec/README.rpc file 
Short introduction to the new features.
 2011-07-07 11:14:04 +02:00
Rafal Wojtczuk
2600134e3b qrexec: tiny corrections to rpc autostart code 2011-07-07 10:38:15 +02:00
Rafal Wojtczuk
77f21e08a4 qrexec: corrected stupid typo 2011-07-07 10:06:45 +02:00
Rafal Wojtczuk
65fe9e1b93 qrexec: manually autostart target rpc domain 
option 2) from the previous commit comment
 2011-07-07 10:05:41 +02:00
Rafal Wojtczuk
11c1cb0aa2 qrexec: temporarily disable auto executing domains upon rpc request 
There are two problems with qvm-run -a:
1) even with -q flag, it spits to stdout (actually, "xl create" does it), and
this garbage is received by rpc client
2) even with -q flag, it steals input (actually, "qrexec ... wait for session")

These two can be manually fixed (by passing /dev/null appropriately); hovewer,
this is prone to disaster if qvm-run is enhanced/broken later.

We could do
if is_domain_running() ; then
	run qrexec client
else
	qvm-run -a domain true </dev/null >/dev/null
	run qrexec client
fi
which looks safer; but is_domain_running() is a bit expensive even in "running"
case - we need to xl_context.list_domains anyway.

Gotta decide on one of these.
 2011-07-07 09:13:51 +02:00
Rafal Wojtczuk
c80ee3b231 qrexec: allow for more options in the policy files 2011-07-06 18:34:00 +02:00
Rafal Wojtczuk
7b39b15f6d qrexec: enforce strict character set in TRIGGER_EXEC message 2011-07-06 17:07:40 +02:00
Rafal Wojtczuk
ab6aeb0bca qrexec: in qrexec_client_vm, need to preserve absolute exe name before execv 2011-07-06 16:51:56 +02:00
Rafal Wojtczuk
b3ce35b5e2 qrexec: change qrexec_client_vm syntax to be nicer to read 
Now the local_program is just before arguments, which is nicer.
 2011-07-06 14:21:35 +02:00
Rafal Wojtczuk
7d79a15c4b qrexec: support for rpc with dom0 as target 2011-07-06 13:56:57 +02:00
Rafal Wojtczuk
2fdf9761c7 qrexec: adjust DispVM code to the new qrexec API 
Note, we have qvm-open-in-vm totally for free.
 2011-07-06 12:32:20 +02:00
Rafal Wojtczuk
b7e8c2708c qrexec: adjust intervm file copy code to the new qrexec API 2011-07-06 10:17:58 +02:00
Rafal Wojtczuk
5b78e8f983 qrexec: dup old stdin/out fds, pass the dup-ed fds in SAVED_FD_%d env var 2011-07-05 20:01:28 +02:00
Rafal Wojtczuk
ecf200dca3 qrexec: last two missing pieces of the new rpc infrastructure 2011-07-05 18:35:03 +02:00
Rafal Wojtczuk
1e355f11d2 qrexec: in agent, use nonzero "fake" pid for existing process 
Because 0 means invalid entry.
Also make sure that the rest of code handles -1 pid fine.
 2011-07-05 13:04:34 +02:00
Rafal Wojtczuk
2c23891856 Revert "qrexec: in agent, use nonzero "fake" pid for existing process" 
This reverts commit 9e77e8831e.
 2011-07-05 12:58:27 +02:00
Rafal Wojtczuk
9e77e8831e qrexec: in agent, use nonzero "fake" pid for existing process 
Because 0 means invalid entry.
 2011-07-05 12:49:06 +02:00
Rafal Wojtczuk
9ac98a77b9 qrexec: in agent, handle CONNECT_EXISTING the way convenient for client 2011-07-05 12:46:33 +02:00
Rafal Wojtczuk
703cedc708 qrexec: fixed qrexec_client getopt handling 2011-07-05 11:04:44 +02:00
Rafal Wojtczuk
9c7eb81a23 qrexec: add qrexec_client_vm.c 2011-07-05 11:03:31 +02:00