From 4b5332081e1eec84b94e6ca721b11098d8322b07 Mon Sep 17 00:00:00 2001 From: Olivier MEDOC Date: Fri, 6 Nov 2015 19:36:52 +0100 Subject: [PATCH 1/3] add DROPINS for org.cups.cupsd systemd files. --- Makefile | 1 + rpm_spec/core-vm.spec | 3 +++ vm-systemd/org.cups.cupsd.path.d/30_qubes.conf | 2 ++ vm-systemd/org.cups.cupsd.service.d/30_qubes.conf | 2 ++ vm-systemd/org.cups.cupsd.socket.d/30_qubes.conf | 2 ++ 5 files changed, 10 insertions(+) create mode 100644 vm-systemd/org.cups.cupsd.path.d/30_qubes.conf create mode 100644 vm-systemd/org.cups.cupsd.service.d/30_qubes.conf create mode 100644 vm-systemd/org.cups.cupsd.socket.d/30_qubes.conf diff --git a/Makefile b/Makefile index 888cf95..540ba80 100644 --- a/Makefile +++ b/Makefile @@ -51,6 +51,7 @@ DROPIN_DIR ?= "lib/systemd/system" DROPINS := chronyd.service crond.service cups.service cups.path cups.socket ModemManager.service DROPINS += NetworkManager.service NetworkManager-wait-online.service ntpd.service getty@tty.service DROPINS += tmp.mount +DROPINS += org.cups.cupsd.service org.cups.cupsd.path org.cups.cupsd.socket # Debian Dropins ifeq ($(shell lsb_release -is), Debian) diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec index 2835b82..e8b4747 100644 --- a/rpm_spec/core-vm.spec +++ b/rpm_spec/core-vm.spec @@ -517,6 +517,9 @@ The Qubes core startup configuration for SystemD init. /lib/systemd/system/cups.service.d/30_qubes.conf /lib/systemd/system/cups.socket.d/30_qubes.conf /lib/systemd/system/cups.path.d/30_qubes.conf +/lib/systemd/system/org.cups.cupsd.service.d/30_qubes.conf +/lib/systemd/system/org.cups.cupsd.socket.d/30_qubes.conf +/lib/systemd/system/org.cups.cupsd.path.d/30_qubes.conf /lib/systemd/system/getty@tty.service.d/30_qubes.conf /lib/systemd/system/ModemManager.service.d/30_qubes.conf /lib/systemd/system/NetworkManager.service.d/30_qubes.conf diff --git a/vm-systemd/org.cups.cupsd.path.d/30_qubes.conf b/vm-systemd/org.cups.cupsd.path.d/30_qubes.conf new file mode 100644 index 0000000..7762255 --- /dev/null +++ b/vm-systemd/org.cups.cupsd.path.d/30_qubes.conf @@ -0,0 +1,2 @@ +[Unit] +ConditionPathExists=/var/run/qubes-service/cups diff --git a/vm-systemd/org.cups.cupsd.service.d/30_qubes.conf b/vm-systemd/org.cups.cupsd.service.d/30_qubes.conf new file mode 100644 index 0000000..7762255 --- /dev/null +++ b/vm-systemd/org.cups.cupsd.service.d/30_qubes.conf @@ -0,0 +1,2 @@ +[Unit] +ConditionPathExists=/var/run/qubes-service/cups diff --git a/vm-systemd/org.cups.cupsd.socket.d/30_qubes.conf b/vm-systemd/org.cups.cupsd.socket.d/30_qubes.conf new file mode 100644 index 0000000..7762255 --- /dev/null +++ b/vm-systemd/org.cups.cupsd.socket.d/30_qubes.conf @@ -0,0 +1,2 @@ +[Unit] +ConditionPathExists=/var/run/qubes-service/cups From ce4725523f215bcb2351b571be2248264edba636 Mon Sep 17 00:00:00 2001 From: Olivier MEDOC Date: Sat, 7 Nov 2015 13:25:21 +0100 Subject: [PATCH 2/3] dropins: make current systemd dropins specific to systemd-system in order to introduce dropins for systemd-user --- Makefile | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/Makefile b/Makefile index 540ba80..68c3800 100644 --- a/Makefile +++ b/Makefile @@ -45,34 +45,35 @@ all: make -C qubes-rpc # Dropin Directory -DROPIN_DIR ?= "lib/systemd/system" +DROPIN_DIR ?= "lib/systemd" -# Fedora Dropins -DROPINS := chronyd.service crond.service cups.service cups.path cups.socket ModemManager.service -DROPINS += NetworkManager.service NetworkManager-wait-online.service ntpd.service getty@tty.service -DROPINS += tmp.mount -DROPINS += org.cups.cupsd.service org.cups.cupsd.path org.cups.cupsd.socket +# Fedora System Dropins +SYSTEM_DROPINS := chronyd.service crond.service cups.service cups.path cups.socket ModemManager.service +SYSTEM_DROPINS += NetworkManager.service NetworkManager-wait-online.service ntpd.service getty@tty.service +SYSTEM_DROPINS += tmp.mount +SYSTEM_DROPINS += org.cups.cupsd.service org.cups.cupsd.path org.cups.cupsd.socket # Debian Dropins ifeq ($(shell lsb_release -is), Debian) # Don't have 'ntpd' in Debian - DROPINS := $(filter-out ntpd.service, $(DROPINS)) + SYSTEM_DROPINS := $(filter-out ntpd.service, $(SYSTEM_DROPINS)) # 'crond.service' is named 'cron.service in Debian - DROPINS := $(strip $(patsubst crond.service, cron.service, $(DROPINS))) + SYSTEM_DROPINS := $(strip $(patsubst crond.service, cron.service, $(SYSTEM_DROPINS))) - # Wheezy Dropins + # Wheezy System Dropins # Disable sysinit 'network-manager.service' since systemd 'NetworkManager.service' is already installed - DROPINS += $(strip $(if $(filter wheezy, $(shell lsb_release -cs)), network-manager.service,)) + SYSTEM_DROPINS += $(strip $(if $(filter wheezy, $(shell lsb_release -cs)), network-manager.service,)) # handled by qubes-iptables service now - DROPINS += netfilter-persistent.service + SYSTEM_DROPINS += netfilter-persistent.service endif install-systemd-dropins: - @for dropin in $(DROPINS); do \ - install -d $(DESTDIR)/$(DROPIN_DIR)/$${dropin}.d ;\ - install -m 0644 vm-systemd/$${dropin}.d/*.conf $(DESTDIR)/$(DROPIN_DIR)/$${dropin}.d/ ;\ + # Install system dropins + @for dropin in $(SYSTEM_DROPINS); do \ + install -d $(DESTDIR)/$(DROPIN_DIR)/system/$${dropin}.d ;\ + install -m 0644 vm-systemd/$${dropin}.d/*.conf $(DESTDIR)/$(DROPIN_DIR)/system/$${dropin}.d/ ;\ done install-systemd: From 0c33c73b8e5176903c7dcd36500556c612d3ed72 Mon Sep 17 00:00:00 2001 From: Olivier MEDOC Date: Sat, 7 Nov 2015 18:28:45 +0100 Subject: [PATCH 3/3] dropins: implement dropins for systemd user starting with pulseaudio systemd service and socket masking Conflicts: Makefile --- Makefile | 9 +++++++++ rpm_spec/core-vm.spec | 2 ++ vm-systemd/user/pulseaudio.service.d/30_qubes.conf | 4 ++++ vm-systemd/user/pulseaudio.socket.d/30_qubes.conf | 4 ++++ 4 files changed, 19 insertions(+) create mode 100644 vm-systemd/user/pulseaudio.service.d/30_qubes.conf create mode 100644 vm-systemd/user/pulseaudio.socket.d/30_qubes.conf diff --git a/Makefile b/Makefile index 68c3800..171d12f 100644 --- a/Makefile +++ b/Makefile @@ -53,6 +53,9 @@ SYSTEM_DROPINS += NetworkManager.service NetworkManager-wait-online.service ntpd SYSTEM_DROPINS += tmp.mount SYSTEM_DROPINS += org.cups.cupsd.service org.cups.cupsd.path org.cups.cupsd.socket +# Fedora User Dropins +USER_DROPINS := pulseaudio.service pulseaudio.socket + # Debian Dropins ifeq ($(shell lsb_release -is), Debian) # Don't have 'ntpd' in Debian @@ -75,6 +78,12 @@ install-systemd-dropins: install -d $(DESTDIR)/$(DROPIN_DIR)/system/$${dropin}.d ;\ install -m 0644 vm-systemd/$${dropin}.d/*.conf $(DESTDIR)/$(DROPIN_DIR)/system/$${dropin}.d/ ;\ done + + # Install user dropins + @for dropin in $(USER_DROPINS); do \ + install -d $(DESTDIR)/$(DROPIN_DIR)/user/$${dropin}.d ;\ + install -m 0644 vm-systemd/user/$${dropin}.d/*.conf $(DESTDIR)/$(DROPIN_DIR)/user/$${dropin}.d/ ;\ + done install-systemd: install -d $(DESTDIR)$(SYSLIBDIR)/systemd/system{,-preset} $(DESTDIR)$(LIBDIR)/qubes/init $(DESTDIR)$(SYSLIBDIR)/modules-load.d diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec index e8b4747..921b1a7 100644 --- a/rpm_spec/core-vm.spec +++ b/rpm_spec/core-vm.spec @@ -526,6 +526,8 @@ The Qubes core startup configuration for SystemD init. /lib/systemd/system/NetworkManager-wait-online.service.d/30_qubes.conf /lib/systemd/system/ntpd.service.d/30_qubes.conf /lib/systemd/system/tmp.mount.d/30_qubes.conf +/lib/systemd/user/pulseaudio.service.d/30_qubes.conf +/lib/systemd/user/pulseaudio.socket.d/30_qubes.conf %post systemd diff --git a/vm-systemd/user/pulseaudio.service.d/30_qubes.conf b/vm-systemd/user/pulseaudio.service.d/30_qubes.conf new file mode 100644 index 0000000..f29a0da --- /dev/null +++ b/vm-systemd/user/pulseaudio.service.d/30_qubes.conf @@ -0,0 +1,4 @@ +[Unit] +#ConditionNull=false +ConditionPathExists=/var/run/qubes-service/pulseaudio-vanilla-broken + diff --git a/vm-systemd/user/pulseaudio.socket.d/30_qubes.conf b/vm-systemd/user/pulseaudio.socket.d/30_qubes.conf new file mode 100644 index 0000000..f29a0da --- /dev/null +++ b/vm-systemd/user/pulseaudio.socket.d/30_qubes.conf @@ -0,0 +1,4 @@ +[Unit] +#ConditionNull=false +ConditionPathExists=/var/run/qubes-service/pulseaudio-vanilla-broken +