Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
59f71f634a
core-admin/dom0
History
Joanna Rutkowska 59f71f634a dom0: Fix xenstore permissions qubes_netvm_external_ip 
We should ensure that the first expression in the permisions list
is nX, where X is the owning domain, and not rX or wX, as otherwise
we would be granting all other VMs read access to the key.

This is explained in more detail here:

http://wiki.xensource.com/xenwiki/XenBus

In practice the perms problem applied only to the qubes_netvm_external_ip key
that is exposed by each NetVM to corresponding Proxy VMs. Before this fix,
the key was readable by any VM in the system, which might not be desired in some
more advanced networking setups, such as with Tor Proxy VM.
2011-09-26 17:24:11 +02:00
..
aux-tools Make qubes-receive-updates more defensive (#356) 2011-09-16 17:05:41 +02:00
clipboard_notifier Initial public commit. 2010-04-05 20:58:57 +02:00
dracut Use proper dracut module and conf files... 2011-09-02 16:55:39 +02:00
icons Added qubes.png icon 2010-05-07 16:06:38 +02:00
init.d dom0: sync dom0 clock more frequent; start it from init.d script 2011-09-15 14:43:02 +02:00
misc dom0: reduce watching tool to dom0 clock sync only 2011-09-15 13:32:06 +02:00
pm-utils Dom0: restart ehci_hcd module on resume for all netvms (#299) 2011-07-30 11:20:11 +02:00
qmemman qmemman: when balooning, make sure that past mem-set will not steal memory 2011-07-25 01:49:24 +02:00
qvm-core dom0: Fix xenstore permissions qubes_netvm_external_ip 2011-09-26 17:24:11 +02:00
qvm-tools dom0: do not sync rpmdb with UpdateVM after each pkg installation 2011-09-15 13:37:34 +02:00
restore dispvm: honour current choice of template for dispvm 2011-07-26 17:09:59 +02:00
vaio_fixes sony-vaio-fixes v1.6.1 2011-07-17 14:15:14 +02:00
qubes-cached.repo Dom0: set metadata_expiry=0 for qubes-dom0-cached repo 2011-07-30 14:07:35 +02:00
qubes-guid.desktop Automaticaly start qubes_guid for all VMs when user logon 2011-04-07 19:23:23 +02:00
qubes.repo Make qubes-testing repos disabled by default 2010-07-06 16:35:10 +02:00
qubes.sudoers dom0: do not require tty in sudo (for /etc/init.d/qubes_netvm start) 2011-06-29 21:22:56 +02:00
qubes.SyncAppMenus qrexec: adjust appmenu syncing to the new qrexec api 2011-07-06 14:09:36 +02:00
qubes.SyncAppMenus.policy Add comments to policy files. 2011-07-22 16:11:03 +02:00