From 0a11679afb608623d2960fb9d0ee0ecbf9d1ddff Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Wed, 2 Jun 2010 15:50:22 +0200 Subject: [PATCH 01/16] Quick VM restore support --- appvm/fstab | 2 +- appvm/qubes_core | 64 ++++++++++++++++++++++++++-------------- appvm/qubes_timestamp | 2 ++ rpm_spec/core-appvm.spec | 8 ++++- 4 files changed, 52 insertions(+), 24 deletions(-) create mode 100755 appvm/qubes_timestamp diff --git a/appvm/fstab b/appvm/fstab index ac4eacb..968d9b7 100644 --- a/appvm/fstab +++ b/appvm/fstab @@ -8,7 +8,7 @@ # /dev/mapper/dmroot / ext4 defaults,noatime 1 1 /dev/mapper/dmswap swap swap defaults 0 0 -/dev/xvdb /rw ext4 defaults 0 0 +/dev/xvdb /rw ext4 noauto,defaults 0 0 tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 sysfs /sys sysfs defaults 0 0 diff --git a/appvm/qubes_core b/appvm/qubes_core index f432963..e05b531 100755 --- a/appvm/qubes_core +++ b/appvm/qubes_core @@ -14,6 +14,20 @@ start() echo "ERROR: /usr/bin/xenstore-read not found!" exit 1 fi + if xenstore-read qubes_save_request ; then + dmesg -c >/dev/null +# echo 1 >/proc/sys/vm/drop_caches +# free | grep buffers/cache | +# (read a b c d ; xenstore-write device/qubes_used_mem $c) + free | grep Mem: | + (read a b c d ; xenstore-write device/qubes_used_mem $c) + echo "Waiting for restore" + while ! dmesg -c | grep "using vcpu" ; do usleep 10 ; done + while ! xenstore-read qubes_vm_type 2>/dev/null ; do + usleep 10 + done + echo Back to life. + fi name=$(/usr/bin/xenstore-read name) hostname $name @@ -29,30 +43,36 @@ start() echo "nameserver $secondary_dns" >> /etc/resolv.conf fi - if ! [ -d /rw/home ] ; then - echo - echo "--> Virgin boot of the VM: Linking /home to /rw/home" - mv /home /home.orig - mkdir -p /rw/config - mkdir -p /rw/home - ln -s /rw/home/ /home - cp -a /home.orig/user /home - touch /rw/config/rc.local - rm -fr /home.orig - touch /var/lib/qubes/first_boot_completed - fi + if [ -e /dev/xvdb ] ; then + mount /rw - if ! [ -L /home ] ; then - mv /home /home.orig - ln -s /rw/home /home - fi - if ! [ -L /usr/local ] ; then - mv /usr/local /usr/local.orig - ln -s /rw/usrlocal /usr/local - fi + if ! [ -d /rw/home ] ; then + echo + echo "--> Virgin boot of the VM: Linking /home to /rw/home" + mv /home /home.orig + mkdir -p /rw/config + mkdir -p /rw/home + ln -s /rw/home/ /home + cp -a /home.orig/user /home + touch /rw/config/rc.local + rm -fr /home.orig + touch /var/lib/qubes/first_boot_completed + fi + + if ! [ -L /home ] ; then + mv /home /home.orig + ln -s /rw/home /home + fi + if ! [ -L /usr/local ] ; then + mv /usr/local /usr/local.orig + ln -s /rw/usrlocal /usr/local + fi #make it last, we want all above to work without /rw mounted - if ! [ -d /rw/usrlocal ] ; then - cp -a /usr/local.orig /rw/usrlocal + if ! [ -d /rw/usrlocal ] ; then + cp -a /usr/local.orig /rw/usrlocal + fi + else + ln -sf /home_volatile /home fi [ -x /rw/config/rc.local ] && /rw/config/rc.local diff --git a/appvm/qubes_timestamp b/appvm/qubes_timestamp new file mode 100755 index 0000000..fc3d8d7 --- /dev/null +++ b/appvm/qubes_timestamp @@ -0,0 +1,2 @@ +#!/bin/sh +exec xenstore-write device/qubes_timestamp $(date +%s.%N) diff --git a/rpm_spec/core-appvm.spec b/rpm_spec/core-appvm.spec index 75ce853..0319b3f 100644 --- a/rpm_spec/core-appvm.spec +++ b/rpm_spec/core-appvm.spec @@ -60,7 +60,7 @@ mkdir -p $RPM_BUILD_ROOT/etc/init.d cp qubes_core $RPM_BUILD_ROOT/etc/init.d/ mkdir -p $RPM_BUILD_ROOT/var/lib/qubes mkdir -p $RPM_BUILD_ROOT/usr/bin -cp qubes_add_pendrive_script qubes_penctl qvm-copy-to-vm qvm-copy-to-vm.kde $RPM_BUILD_ROOT/usr/bin +cp qubes_timestamp qubes_add_pendrive_script qubes_penctl qvm-copy-to-vm qvm-copy-to-vm.kde $RPM_BUILD_ROOT/usr/bin mkdir -p $RPM_BUILD_ROOT/%{kde_service_dir} cp qvm-copy.desktop $RPM_BUILD_ROOT/%{kde_service_dir} mkdir -p $RPM_BUILD_ROOT/etc/udev/rules.d @@ -77,6 +77,9 @@ cp ../common/qubes_serial_login $RPM_BUILD_ROOT/sbin mkdir -p $RPM_BUILD_ROOT/etc cp ../common/serial.conf $RPM_BUILD_ROOT/var/lib/qubes/ +mkdir -p $RPM_BUILD_ROOT/home_volatile/user +chown 500:500 $RPM_BUILD_ROOT/home_volatile/user + %triggerin -- initscripts cp /var/lib/qubes/serial.conf /etc/init/serial.conf @@ -186,3 +189,6 @@ rm -rf $RPM_BUILD_ROOT %dir /mnt/removable /etc/yum.repos.d/qubes.repo /sbin/qubes_serial_login +/usr/bin/qubes_timestamp +%dir /home_volatile +%attr(700,user,user) /home_volatile/user From 9a479f81f6e5494d5f9ffe1b5e351d7ff03e4df5 Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Mon, 21 Jun 2010 18:02:05 +0200 Subject: [PATCH 02/16] penctl: 3rd arg is seq --- appvm/qubes_penctl.c | 36 +++++++++++++++++++++++------------- 1 file changed, 23 insertions(+), 13 deletions(-) diff --git a/appvm/qubes_penctl.c b/appvm/qubes_penctl.c index ab373f0..fc890f0 100644 --- a/appvm/qubes_penctl.c +++ b/appvm/qubes_penctl.c @@ -24,7 +24,7 @@ #include #include #include -int check_name(unsigned char *s) +void check_name(unsigned char *s) { int c; for (; *s; s++) { @@ -35,9 +35,16 @@ int check_name(unsigned char *s) continue; if (c == '_' || c == '-') continue; - return 0; + fprintf(stderr, "invalid string %s\n", s); + exit(1); } - return 1; +} + +void usage(char *argv0) +{ + fprintf(stderr, "usage: %s new\n" + "%s send vmname [seq]\n", argv0, argv0); + exit(1); } int main(int argc, char **argv) @@ -50,18 +57,21 @@ int main(int argc, char **argv) perror("xs_domain_open"); exit(1); } - if (argc < 2) { - fprintf(stderr, "usage: %s new\n" - "%s send vmname\n", argv[0], argv[0]); - exit(1); - } - if (argc > 2) { - if (!check_name((unsigned char*)argv[2])) { - fprintf(stderr, "invalid vmname %s\n", argv[2]); - exit(1); - } + switch (argc) { + case 2: + break; + case 3: + check_name((unsigned char *) argv[2]); snprintf(buf, sizeof(buf), "send %s", argv[2]); + break; + case 4: + check_name((unsigned char *) argv[2]); + check_name((unsigned char *) argv[3]); + snprintf(buf, sizeof(buf), "send %s %s", argv[2], argv[3]); + default: + usage(argv[0]); } + if (!xs_write(xs, 0, "device/qpen", buf, strlen(buf))) { perror("xs_write"); exit(1); From ede7fff0fd66906e8f07a545873d2c2994197f6b Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Mon, 28 Jun 2010 18:18:41 +0200 Subject: [PATCH 03/16] touch /etc/this_is_dvm --- appvm/qubes_core | 1 + 1 file changed, 1 insertion(+) diff --git a/appvm/qubes_core b/appvm/qubes_core index e05b531..407c9db 100755 --- a/appvm/qubes_core +++ b/appvm/qubes_core @@ -15,6 +15,7 @@ start() exit 1 fi if xenstore-read qubes_save_request ; then + touch /etc/this_is_dvm dmesg -c >/dev/null # echo 1 >/proc/sys/vm/drop_caches # free | grep buffers/cache | From db8962f748fa6f758a38c595c05bfb38cb7c2d69 Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Tue, 29 Jun 2010 12:16:32 +0200 Subject: [PATCH 04/16] dvm: appvm side code --- appvm/Makefile | 8 +- appvm/dvm.h | 6 + appvm/qubes_add_pendrive_script.c | 174 ++++++++++++++++++++++++++++- appvm/qvm-open-in-dvm.c | 176 ++++++++++++++++++++++++++++++ rpm_spec/core-appvm.spec | 7 +- 5 files changed, 363 insertions(+), 8 deletions(-) create mode 100644 appvm/dvm.h create mode 100644 appvm/qvm-open-in-dvm.c diff --git a/appvm/Makefile b/appvm/Makefile index ef88f08..6bb1dea 100644 --- a/appvm/Makefile +++ b/appvm/Makefile @@ -1,9 +1,11 @@ CC=gcc CFLAGS=-Wall -all: qubes_penctl qubes_add_pendrive_script +all: qubes_penctl qubes_add_pendrive_script qvm-open-in-dvm qubes_penctl: qubes_penctl.o $(CC) -o qubes_penctl qubes_penctl.o -lxenstore qubes_add_pendrive_script: qubes_add_pendrive_script.o - $(CC) -o qubes_add_pendrive_script qubes_add_pendrive_script.o + $(CC) -o qubes_add_pendrive_script qubes_add_pendrive_script.o -lxenstore +qvm-open-in-dvm: qvm-open-in-dvm.o + $(CC) -o qvm-open-in-dvm qvm-open-in-dvm.o -lxenstore clean: - rm -f qubes_penctl qubes_add_pendrive_script *.o *~ + rm -f qubes_penctl qubes_add_pendrive_script qvm-open-in-dvm *.o *~ diff --git a/appvm/dvm.h b/appvm/dvm.h new file mode 100644 index 0000000..b36d53f --- /dev/null +++ b/appvm/dvm.h @@ -0,0 +1,6 @@ +#define DBDIR "/home/user/.dvm" +struct dvm_header { +unsigned long long file_size; +char name[1024-sizeof(unsigned long long)]; +}; + diff --git a/appvm/qubes_add_pendrive_script.c b/appvm/qubes_add_pendrive_script.c index 8c0fb91..1896e5f 100644 --- a/appvm/qubes_add_pendrive_script.c +++ b/appvm/qubes_add_pendrive_script.c @@ -18,17 +18,25 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * */ - +#include +#include #include #include #include #include #include +#include +#include +#include +#include +#include "dvm.h" + int parse_events(char *buf, int len) { int i = 0; while (i < len) { - struct inotify_event *ev = (struct inotify_event *)(buf + i); + struct inotify_event *ev = + (struct inotify_event *) (buf + i); if ((ev->mask & IN_UNMOUNT) || (ev->mask & IN_IGNORED)) return 1; i += sizeof(struct inotify_event) + ev->len; @@ -69,19 +77,177 @@ void background() switch (fork()) { case -1: exit(1); - case 0: break; + case 0: + break; default: exit(0); } } +void check_legal_filename(char *name) +{ + if (index(name, '/')) { + syslog(LOG_DAEMON | LOG_ERR, + "the received filename contains /"); + exit(1); + } +} + +void drop_to_user() +{ + struct passwd *pw = getpwnam("user"); + if (pw) + setuid(pw->pw_uid); +} + +void copy_from_xvdh(int destfd, int srcfd, unsigned long long count) +{ + int n, size; + char buf[4096]; + unsigned long long total = 0; + while (total < count) { + if (count - total > sizeof(buf)) + size = sizeof(buf); + else + size = count - total; + n = read(srcfd, buf, size); + if (n != size) { + syslog(LOG_DAEMON | LOG_ERR, "reading xvdh"); + exit(1); + } + if (write(destfd, buf, size) != size) { + syslog(LOG_DAEMON | LOG_ERR, "writing file"); + exit(1); + } + total += size; + } +} + +void redirect_stderr() +{ + int fd = + open("/var/log/dvm.log", O_CREAT | O_TRUNC | O_WRONLY, 0600); + if (fd < 0) { + syslog(LOG_DAEMON | LOG_ERR, "open dvm.log"); + exit(1); + } + dup2(fd, 2); +} + +void dvm_transaction_request(char *seq, struct xs_handle *xs) +{ + char filename[1024], cmdbuf[1024]; + struct dvm_header header; + int xvdh_fd, file_fd; + char *src_vm; + unsigned int len; + xvdh_fd = open("/dev/xvdh", O_RDONLY); + if (read(xvdh_fd, &header, sizeof(header)) != sizeof(header)) { + syslog(LOG_DAEMON | LOG_ERR, "read dvm_header"); + exit(1); + } + + header.name[sizeof(header.name) - 1] = 0; + check_legal_filename(header.name); + snprintf(filename, sizeof(filename), "/tmp/%s", header.name); + drop_to_user(); + + file_fd = open(filename, O_CREAT | O_TRUNC | O_WRONLY, 0600); + if (file_fd < 0) { + syslog(LOG_DAEMON | LOG_ERR, "open file"); + exit(1); + } + copy_from_xvdh(file_fd, xvdh_fd, header.file_size); + close(xvdh_fd); + close(file_fd); + snprintf(cmdbuf, sizeof(cmdbuf), + "DISPLAY=:0 mimeopen -n '/tmp/%s'", header.name); + system(cmdbuf); + src_vm = xs_read(xs, XBT_NULL, "qubes_blocksrc", &len); + xs_write(xs, XBT_NULL, "device/qpen", "umount", 6); + xs_daemon_close(xs); + execl("/usr/bin/qvm-dvm-transfer", "qvm-dvm-transfer", src_vm, + filename, seq, NULL); + syslog(LOG_DAEMON | LOG_ERR, "execl qvm-dvm-transfer"); + exit(1); +} + +void dvm_transaction_return(char *seq_string, struct xs_handle *xs) +{ + int seq = strtoul(seq_string, 0, 10); + char db_name[1024]; + char file_name[1024]; + int db_fd, file_fd, xvdh_fd; + + struct dvm_header header; + xvdh_fd = open("/dev/xvdh", O_RDONLY); + if (xvdh_fd < 0) { + syslog(LOG_DAEMON | LOG_ERR, "open xvdh"); + exit(1); + } + if (read(xvdh_fd, &header, sizeof(header)) != sizeof(header)) { + syslog(LOG_DAEMON | LOG_ERR, "read dvm_header"); + exit(1); + } + drop_to_user(); + snprintf(db_name, sizeof(db_name), DBDIR "/%d", seq); + db_fd = open(db_name, O_RDONLY); + if (!db_fd) { + syslog(LOG_DAEMON | LOG_ERR, "open db"); + exit(1); + } + if (read(db_fd, file_name, sizeof(file_name)) < 0) { + syslog(LOG_DAEMON | LOG_ERR, "read db"); + exit(1); + } + close(db_fd); + file_fd = open(file_name, O_WRONLY | O_TRUNC); + if (file_fd < 0) { + syslog(LOG_DAEMON | LOG_ERR, "open filename"); + exit(1); + } + copy_from_xvdh(file_fd, xvdh_fd, header.file_size); + close(xvdh_fd); + close(file_fd); + xs_write(xs, XBT_NULL, "device/qpen", "umount", 6); + xs_daemon_close(xs); +} + + + + +void dvm_transaction(char *seq, struct xs_handle *xs) +{ + struct stat st; + redirect_stderr(); + if (stat("/etc/this_is_dvm", &st)) + dvm_transaction_return(seq, xs); + else + dvm_transaction_request(seq, xs); +} #define MOUNTDIR "/mnt/incoming" int main() { + struct xs_handle *xs; + char *seq; + unsigned int len; background(); + openlog("qubes_add_pendrive_script", LOG_CONS | LOG_PID, + LOG_DAEMON); + xs = xs_domain_open(); + if (!xs) { + syslog(LOG_DAEMON | LOG_ERR, "xs_domain_open"); + exit(1); + } + seq = xs_read(xs, XBT_NULL, "qubes_transaction_seq", &len); + if (seq && len > 0 && strcmp(seq, "0")) { + dvm_transaction(seq, xs); + exit(0); + } if (!system("su - user -c 'mount " MOUNTDIR "'")) wait_for_umount(MOUNTDIR "/."); - system("xenstore-write device/qpen umount"); + xs_write(xs, XBT_NULL, "device/qpen", "umount", 6); + xs_daemon_close(xs); return 0; } diff --git a/appvm/qvm-open-in-dvm.c b/appvm/qvm-open-in-dvm.c new file mode 100644 index 0000000..acfa81c --- /dev/null +++ b/appvm/qvm-open-in-dvm.c @@ -0,0 +1,176 @@ +/* + * The Qubes OS Project, http://www.qubes-os.org + * + * Copyright (C) 2010 Rafal Wojtczuk + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + * + */ +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include +#include +#include "dvm.h" + +void check_name(unsigned char *s) +{ + int c; + for (; *s; s++) { + c = *s; + if (c >= 'a' && c <= 'z') + continue; + if (c >= 'A' && c <= 'Z') + continue; + if (c == '_' || c == '-') + continue; + fprintf(stderr, "invalid string %s\n", s); + exit(1); + } +} + +int get_and_set_seq() +{ + int seq_fd, seq, n; + mkdir(DBDIR, 0700); + seq_fd = open(DBDIR "/seq", O_CREAT | O_RDWR, 0600); + if (seq_fd < 0) { + perror("open seq_fd"); + exit(1); + } + n = read(seq_fd, &seq, sizeof(seq)); + if (n < sizeof(seq)) + seq = 0; + seq++; + lseek(seq_fd, 0, SEEK_SET); + write(seq_fd, &seq, sizeof(seq)); + close(seq_fd); + return seq; +} + +void write_db(char *name, int seq) +{ + int db_fd; + char dbname[256]; + struct stat st; + if (!stat("/etc/this_is_dvm", &st)) + return; + snprintf(dbname, sizeof(dbname), DBDIR "/%d", seq); + db_fd = open(dbname, O_CREAT | O_WRONLY | O_TRUNC, 0600); + if (db_fd < 0) { + perror("open dbfile"); + exit(1); + } + if (write(db_fd, name, strlen(name) + 1) != strlen(name) + 1) { + perror("write db"); + exit(1); + } + close(db_fd); +} + +void copy_file(int xvdg_fd, int file_fd) +{ + int n; + char buf[4096]; + + for (;;) { + n = read(file_fd, buf, sizeof(buf)); + if (n < 0) { + perror("read file"); + exit(1); + } + if (n == 0) + break; + if (write(xvdg_fd, buf, n) != n) { + perror("write file"); + exit(1); + } + } +} + +int main(int argc, char **argv) +{ + struct dvm_header header = { 0, }; + struct stat st; + struct xs_handle *xs; + int seq; + int xvdg_fd, file_fd; + char *abs_filename; + char buf[4096]; + + if (argc != 3 && argc != 4) { + fprintf(stderr, "usage: %s vmname file\n", argv[0]); + exit(1); + } + check_name((unsigned char *) argv[1]); + if (argv[2][0] == '/') + abs_filename = argv[2]; + else { + char cwd[4096]; + getcwd(cwd, sizeof(cwd)); + asprintf(&abs_filename, "%s/%s", cwd, argv[2]); + } + if (stat(abs_filename, &st)) { + perror("stat file"); + exit(1); + } + header.file_size = st.st_size; + strncpy(header.name, rindex(abs_filename, '/') + 1, + sizeof(header.name) - 1); + xs = xs_domain_open(); + if (!xs) { + perror("xs_domain_open"); + exit(1); + } + if (!xs_write(xs, 0, "device/qpen", "new", 3)) { + perror("xs_write"); + exit(1); + } + while (stat("/dev/xvdg", &st)) + usleep(100000); + xvdg_fd = open("/dev/xvdg", O_WRONLY); + if (xvdg_fd < 0) { + perror("open xvdg"); + exit(1); + } + setuid(getuid()); + if (argc == 3) + seq = get_and_set_seq(); + else + seq = strtoul(argv[3], 0, 0); + file_fd = open(abs_filename, O_RDONLY); + if (file_fd < 0) { + perror("open file"); + exit(1); + } + if (write(xvdg_fd, &header, sizeof(header)) != sizeof(header)) { + perror("write filesize"); + exit(1); + } + copy_file(xvdg_fd, file_fd); + close(file_fd); + close(xvdg_fd); + snprintf(buf, sizeof(buf), "send %s %d", argv[1], seq); + if (!xs_write(xs, 0, "device/qpen", buf, strlen(buf))) { + perror("xs_write"); + exit(1); + } + write_db(abs_filename, seq); + xs_daemon_close(xs); + return 0; +} diff --git a/rpm_spec/core-appvm.spec b/rpm_spec/core-appvm.spec index 0319b3f..c6cc151 100644 --- a/rpm_spec/core-appvm.spec +++ b/rpm_spec/core-appvm.spec @@ -60,7 +60,10 @@ mkdir -p $RPM_BUILD_ROOT/etc/init.d cp qubes_core $RPM_BUILD_ROOT/etc/init.d/ mkdir -p $RPM_BUILD_ROOT/var/lib/qubes mkdir -p $RPM_BUILD_ROOT/usr/bin -cp qubes_timestamp qubes_add_pendrive_script qubes_penctl qvm-copy-to-vm qvm-copy-to-vm.kde $RPM_BUILD_ROOT/usr/bin +cp qubes_timestamp qubes_add_pendrive_script qubes_penctl \ + qvm-copy-to-vm qvm-copy-to-vm.kde \ + qvm-open-in-dvm $RPM_BUILD_ROOT/usr/bin +ln -s qvm-open-in-dvm $RPM_BUILD_ROOT/usr/bin/qvm-dvm-transfer mkdir -p $RPM_BUILD_ROOT/%{kde_service_dir} cp qvm-copy.desktop $RPM_BUILD_ROOT/%{kde_service_dir} mkdir -p $RPM_BUILD_ROOT/etc/udev/rules.d @@ -178,6 +181,8 @@ rm -rf $RPM_BUILD_ROOT /etc/init.d/qubes_core /usr/bin/qvm-copy-to-vm /usr/bin/qvm-copy-to-vm.kde +%attr(4755,root,root) /usr/bin/qvm-open-in-dvm +/usr/bin/qvm-dvm-transfer %{kde_service_dir}/qvm-copy.desktop %attr(4755,root,root) /usr/bin/qubes_penctl /usr/bin/qubes_add_pendrive_script From 0d05b0ffe91d16109071ee0b3735db486708fb81 Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Tue, 29 Jun 2010 12:45:09 +0200 Subject: [PATCH 05/16] core-appvm requires mimeopen now --- rpm_spec/core-appvm.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/rpm_spec/core-appvm.spec b/rpm_spec/core-appvm.spec index c6cc151..9f2867f 100644 --- a/rpm_spec/core-appvm.spec +++ b/rpm_spec/core-appvm.spec @@ -33,6 +33,7 @@ License: GPL URL: http://www.qubes-os.org Requires: /usr/bin/xenstore-read Requires: fedora-release = 13 +Requires: /usr/bin/mimeopen Provides: qubes-core-vm %define _builddir %(pwd)/appvm From ea9f0f12f9de40ddd0d871ea31748f3ffa5ecd60 Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Tue, 29 Jun 2010 12:54:27 +0200 Subject: [PATCH 06/16] qvm-dvm.desktop entry --- appvm/qvm-dvm.desktop | 10 ++++++++++ rpm_spec/core-appvm.spec | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 appvm/qvm-dvm.desktop diff --git a/appvm/qvm-dvm.desktop b/appvm/qvm-dvm.desktop new file mode 100644 index 0000000..a7f5ad7 --- /dev/null +++ b/appvm/qvm-dvm.desktop @@ -0,0 +1,10 @@ +[Desktop Entry] +Actions=QvmDvm; +Type=Service +X-KDE-ServiceTypes=KonqPopupMenu/Plugin,all/allfiles + +[Desktop Action QvmDvm] +Exec=/usr/bin/qvm-open-in-dvm disposable %U +Icon=kget +Name=Open In DisposableVM + diff --git a/rpm_spec/core-appvm.spec b/rpm_spec/core-appvm.spec index 9f2867f..afce885 100644 --- a/rpm_spec/core-appvm.spec +++ b/rpm_spec/core-appvm.spec @@ -66,7 +66,7 @@ cp qubes_timestamp qubes_add_pendrive_script qubes_penctl \ qvm-open-in-dvm $RPM_BUILD_ROOT/usr/bin ln -s qvm-open-in-dvm $RPM_BUILD_ROOT/usr/bin/qvm-dvm-transfer mkdir -p $RPM_BUILD_ROOT/%{kde_service_dir} -cp qvm-copy.desktop $RPM_BUILD_ROOT/%{kde_service_dir} +cp qvm-copy.desktop qvm-dvm.desktop $RPM_BUILD_ROOT/%{kde_service_dir} mkdir -p $RPM_BUILD_ROOT/etc/udev/rules.d cp qubes.rules $RPM_BUILD_ROOT/etc/udev/rules.d mkdir -p $RPM_BUILD_ROOT/etc/sysconfig From 1baf862455bcbbc8d75288876384ce72e97e2f7b Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Tue, 29 Jun 2010 12:56:09 +0200 Subject: [PATCH 07/16] add qvm-dvm.desktop to rpm files section --- rpm_spec/core-appvm.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/rpm_spec/core-appvm.spec b/rpm_spec/core-appvm.spec index afce885..351e1d2 100644 --- a/rpm_spec/core-appvm.spec +++ b/rpm_spec/core-appvm.spec @@ -185,6 +185,7 @@ rm -rf $RPM_BUILD_ROOT %attr(4755,root,root) /usr/bin/qvm-open-in-dvm /usr/bin/qvm-dvm-transfer %{kde_service_dir}/qvm-copy.desktop +%{kde_service_dir}/qvm-dvm.desktop %attr(4755,root,root) /usr/bin/qubes_penctl /usr/bin/qubes_add_pendrive_script /etc/udev/rules.d/qubes.rules From 63561346b3ceb7c5743d638381b707b36a39cc76 Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Tue, 29 Jun 2010 14:35:20 +0200 Subject: [PATCH 08/16] Always detach xvdh, even on error --- appvm/qubes_add_pendrive_script.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/appvm/qubes_add_pendrive_script.c b/appvm/qubes_add_pendrive_script.c index 1896e5f..f9627ad 100644 --- a/appvm/qubes_add_pendrive_script.c +++ b/appvm/qubes_add_pendrive_script.c @@ -100,7 +100,7 @@ void drop_to_user() setuid(pw->pw_uid); } -void copy_from_xvdh(int destfd, int srcfd, unsigned long long count) +int copy_from_xvdh(int destfd, int srcfd, unsigned long long count) { int n, size; char buf[4096]; @@ -113,14 +113,15 @@ void copy_from_xvdh(int destfd, int srcfd, unsigned long long count) n = read(srcfd, buf, size); if (n != size) { syslog(LOG_DAEMON | LOG_ERR, "reading xvdh"); - exit(1); + return 0; } if (write(destfd, buf, size) != size) { syslog(LOG_DAEMON | LOG_ERR, "writing file"); - exit(1); + return 0; } total += size; } + return 1; } void redirect_stderr() @@ -157,7 +158,8 @@ void dvm_transaction_request(char *seq, struct xs_handle *xs) syslog(LOG_DAEMON | LOG_ERR, "open file"); exit(1); } - copy_from_xvdh(file_fd, xvdh_fd, header.file_size); + if (!copy_from_xvdh(file_fd, xvdh_fd, header.file_size)) + exit(1); close(xvdh_fd); close(file_fd); snprintf(cmdbuf, sizeof(cmdbuf), @@ -183,32 +185,33 @@ void dvm_transaction_return(char *seq_string, struct xs_handle *xs) xvdh_fd = open("/dev/xvdh", O_RDONLY); if (xvdh_fd < 0) { syslog(LOG_DAEMON | LOG_ERR, "open xvdh"); - exit(1); + goto out_err; } if (read(xvdh_fd, &header, sizeof(header)) != sizeof(header)) { syslog(LOG_DAEMON | LOG_ERR, "read dvm_header"); - exit(1); + goto out_err; } drop_to_user(); snprintf(db_name, sizeof(db_name), DBDIR "/%d", seq); db_fd = open(db_name, O_RDONLY); if (!db_fd) { syslog(LOG_DAEMON | LOG_ERR, "open db"); - exit(1); + goto out_err; } if (read(db_fd, file_name, sizeof(file_name)) < 0) { syslog(LOG_DAEMON | LOG_ERR, "read db"); - exit(1); + goto out_err; } close(db_fd); file_fd = open(file_name, O_WRONLY | O_TRUNC); if (file_fd < 0) { syslog(LOG_DAEMON | LOG_ERR, "open filename"); - exit(1); + goto out_err; } copy_from_xvdh(file_fd, xvdh_fd, header.file_size); close(xvdh_fd); close(file_fd); +out_err: xs_write(xs, XBT_NULL, "device/qpen", "umount", 6); xs_daemon_close(xs); } From a3400522f76eb973aba1ebcdba92e6175a15e79b Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Tue, 29 Jun 2010 14:40:00 +0200 Subject: [PATCH 09/16] Allow to call "umount" via qubes_penctl --- appvm/qubes_penctl.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/appvm/qubes_penctl.c b/appvm/qubes_penctl.c index fc890f0..878652e 100644 --- a/appvm/qubes_penctl.c +++ b/appvm/qubes_penctl.c @@ -42,14 +42,14 @@ void check_name(unsigned char *s) void usage(char *argv0) { - fprintf(stderr, "usage: %s new\n" + fprintf(stderr, "usage: %s [new|umount]\n" "%s send vmname [seq]\n", argv0, argv0); exit(1); } int main(int argc, char **argv) { - char buf[256] = "new"; + char buf[256]; struct xs_handle *xs; xs = xs_domain_open(); setuid(getuid()); @@ -59,6 +59,10 @@ int main(int argc, char **argv) } switch (argc) { case 2: + if (!strcmp(argv[1], "umount")) + strcpy(buf, "umount"); + else + strcpy(buf, "new"); break; case 3: check_name((unsigned char *) argv[2]); From a66ff0fcdf54db94a764e6498759d6f484bae74d Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Tue, 29 Jun 2010 14:54:37 +0200 Subject: [PATCH 10/16] Make br0 forward traffic delay short --- netvm/qubes_core | 2 ++ 1 file changed, 2 insertions(+) diff --git a/netvm/qubes_core b/netvm/qubes_core index d63fbe2..4be4f4c 100755 --- a/netvm/qubes_core +++ b/netvm/qubes_core @@ -20,6 +20,8 @@ start() # Setup gateway for all the VMs this netVM is serviceing... brctl addbr br0 + brctl stp br0 off + brctl setfd br0 1 gateway=$(/usr/bin/xenstore-read qubes_netvm_gateway) netmask=$(/usr/bin/xenstore-read qubes_netvm_netmask) network=$(/usr/bin/xenstore-read qubes_netvm_network) From 2b9c4b875f463dbed01a5d9441f1023f128722ed Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Wed, 30 Jun 2010 15:26:49 +0200 Subject: [PATCH 11/16] dvm: notify user when opening a document in dvm failed --- appvm/qubes_add_pendrive_script.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/appvm/qubes_add_pendrive_script.c b/appvm/qubes_add_pendrive_script.c index f9627ad..60939a7 100644 --- a/appvm/qubes_add_pendrive_script.c +++ b/appvm/qubes_add_pendrive_script.c @@ -164,7 +164,8 @@ void dvm_transaction_request(char *seq, struct xs_handle *xs) close(file_fd); snprintf(cmdbuf, sizeof(cmdbuf), "DISPLAY=:0 mimeopen -n '/tmp/%s'", header.name); - system(cmdbuf); + if (system(cmdbuf)) + system("DISPLAY=:0 /usr/bin/kdialog --sorry 'Unable to handle mimetype of the requested file'"); src_vm = xs_read(xs, XBT_NULL, "qubes_blocksrc", &len); xs_write(xs, XBT_NULL, "device/qpen", "umount", 6); xs_daemon_close(xs); From 71e3d61bc374660beda03fd888ff96f395269893 Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Wed, 30 Jun 2010 17:58:07 +0200 Subject: [PATCH 12/16] dvm: graceful exit from add_pendrive on error If something goes wrong, tell qfileexchgd to kill us, instead of plain exiting. Works with dropped privs, and lets qfileexchgd use dvm-debug switch to delay dvm kill. --- appvm/qubes_add_pendrive_script.c | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/appvm/qubes_add_pendrive_script.c b/appvm/qubes_add_pendrive_script.c index 60939a7..4354ccf 100644 --- a/appvm/qubes_add_pendrive_script.c +++ b/appvm/qubes_add_pendrive_script.c @@ -84,13 +84,14 @@ void background() } } -void check_legal_filename(char *name) +int check_legal_filename(char *name) { if (index(name, '/')) { syslog(LOG_DAEMON | LOG_ERR, "the received filename contains /"); - exit(1); + return 0; } + return 1; } void drop_to_user() @@ -135,6 +136,13 @@ void redirect_stderr() dup2(fd, 2); } +void suicide(struct xs_handle *xs) +{ + xs_write(xs, XBT_NULL, "device/qpen", "killme", 6); + xs_daemon_close(xs); + exit(1); +} + void dvm_transaction_request(char *seq, struct xs_handle *xs) { char filename[1024], cmdbuf[1024]; @@ -145,21 +153,22 @@ void dvm_transaction_request(char *seq, struct xs_handle *xs) xvdh_fd = open("/dev/xvdh", O_RDONLY); if (read(xvdh_fd, &header, sizeof(header)) != sizeof(header)) { syslog(LOG_DAEMON | LOG_ERR, "read dvm_header"); - exit(1); + suicide(xs); } header.name[sizeof(header.name) - 1] = 0; - check_legal_filename(header.name); + if (!check_legal_filename(header.name)) + suicide(xs); snprintf(filename, sizeof(filename), "/tmp/%s", header.name); drop_to_user(); file_fd = open(filename, O_CREAT | O_TRUNC | O_WRONLY, 0600); if (file_fd < 0) { syslog(LOG_DAEMON | LOG_ERR, "open file"); - exit(1); + suicide(xs); } if (!copy_from_xvdh(file_fd, xvdh_fd, header.file_size)) - exit(1); + suicide(xs); close(xvdh_fd); close(file_fd); snprintf(cmdbuf, sizeof(cmdbuf), @@ -172,7 +181,7 @@ void dvm_transaction_request(char *seq, struct xs_handle *xs) execl("/usr/bin/qvm-dvm-transfer", "qvm-dvm-transfer", src_vm, filename, seq, NULL); syslog(LOG_DAEMON | LOG_ERR, "execl qvm-dvm-transfer"); - exit(1); + suicide(xs); } void dvm_transaction_return(char *seq_string, struct xs_handle *xs) From 89c09816b40bb72cce94f2da6001761ecac1bc62 Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Wed, 30 Jun 2010 18:15:26 +0200 Subject: [PATCH 13/16] dvm: dont send back the file if not modified --- appvm/qubes_add_pendrive_script.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/appvm/qubes_add_pendrive_script.c b/appvm/qubes_add_pendrive_script.c index 4354ccf..41823ae 100644 --- a/appvm/qubes_add_pendrive_script.c +++ b/appvm/qubes_add_pendrive_script.c @@ -150,6 +150,7 @@ void dvm_transaction_request(char *seq, struct xs_handle *xs) int xvdh_fd, file_fd; char *src_vm; unsigned int len; + struct stat stat_pre, stat_post; xvdh_fd = open("/dev/xvdh", O_RDONLY); if (read(xvdh_fd, &header, sizeof(header)) != sizeof(header)) { syslog(LOG_DAEMON | LOG_ERR, "read dvm_header"); @@ -171,12 +172,22 @@ void dvm_transaction_request(char *seq, struct xs_handle *xs) suicide(xs); close(xvdh_fd); close(file_fd); + if (stat(filename, &stat_pre)) { + syslog(LOG_DAEMON | LOG_ERR, "stat pre"); + suicide(xs); + } snprintf(cmdbuf, sizeof(cmdbuf), "DISPLAY=:0 mimeopen -n '/tmp/%s'", header.name); if (system(cmdbuf)) system("DISPLAY=:0 /usr/bin/kdialog --sorry 'Unable to handle mimetype of the requested file'"); + if (stat(filename, &stat_post)) { + syslog(LOG_DAEMON | LOG_ERR, "stat post"); + suicide(xs); + } src_vm = xs_read(xs, XBT_NULL, "qubes_blocksrc", &len); xs_write(xs, XBT_NULL, "device/qpen", "umount", 6); + if (stat_pre.st_mtime == stat_post.st_mtime) + suicide(xs); xs_daemon_close(xs); execl("/usr/bin/qvm-dvm-transfer", "qvm-dvm-transfer", src_vm, filename, seq, NULL); From c518538f59332631145f73bcd9bc47fb46b90194 Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Wed, 14 Jul 2010 18:50:48 +0200 Subject: [PATCH 14/16] DVM: execute user script before save qubes_prepare_saved_domain.sh now takes optional second argument, the filename. The content of the file will be copied (via xenstore) to DVM and executed just before save. This makes it possible to preload memory with useful apps. --- appvm/qubes_core | 15 ++++++++++++++- rpm_spec/core-appvm.spec | 4 ++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/appvm/qubes_core b/appvm/qubes_core index 407c9db..2b6a159 100755 --- a/appvm/qubes_core +++ b/appvm/qubes_core @@ -6,6 +6,18 @@ # Source function library. . /etc/rc.d/init.d/functions +possibly_run_save_script() +{ + ENCODED_SCRIPT=$(xenstore-read qubes_save_script) + if [ -z "$ENCODED_SCRIPT" ] ; then return ; fi + echo $ENCODED_SCRIPT|perl -e 'use MIME::Base64 qw(decode_base64); local($/) = undef;print decode_base64()' >/tmp/qubes_save_script + chmod 755 /tmp/qubes_save_script + Xorg -config /etc/X11/xorg-preload-apps.conf :0 & + sleep 2 + DISPLAY=:0 su - user -c /tmp/qubes_save_script + killall Xorg +} + start() { echo -n $"Executing Qubes Core scripts:" @@ -14,7 +26,8 @@ start() echo "ERROR: /usr/bin/xenstore-read not found!" exit 1 fi - if xenstore-read qubes_save_request ; then + if xenstore-read qubes_save_request 2>/dev/null ; then + possibly_run_save_script touch /etc/this_is_dvm dmesg -c >/dev/null # echo 1 >/proc/sys/vm/drop_caches diff --git a/rpm_spec/core-appvm.spec b/rpm_spec/core-appvm.spec index 351e1d2..143aa3d 100644 --- a/rpm_spec/core-appvm.spec +++ b/rpm_spec/core-appvm.spec @@ -81,6 +81,9 @@ cp ../common/qubes_serial_login $RPM_BUILD_ROOT/sbin mkdir -p $RPM_BUILD_ROOT/etc cp ../common/serial.conf $RPM_BUILD_ROOT/var/lib/qubes/ +mkdir -p $RPM_BUILD_ROOT/etc/X11 +cp xorg-preload-apps.conf $RPM_BUILD_ROOT/etc/X11 + mkdir -p $RPM_BUILD_ROOT/home_volatile/user chown 500:500 $RPM_BUILD_ROOT/home_volatile/user @@ -199,3 +202,4 @@ rm -rf $RPM_BUILD_ROOT /usr/bin/qubes_timestamp %dir /home_volatile %attr(700,user,user) /home_volatile/user +/etc/X11/xorg-preload-apps.conf From a646ad46b153c5a081bde2ee85c78bb8e4506d4a Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Fri, 16 Jul 2010 10:26:55 +0200 Subject: [PATCH 15/16] Pathnames cleanup Move internal scripts to /usr/lib/qubes plus a couple of similar. --- appvm/qubes.rules | 2 +- appvm/qubes_add_pendrive_script.c | 2 +- appvm/qvm-copy-to-vm | 4 ++-- appvm/qvm-copy.desktop | 2 +- common/qubes_nmhook | 2 +- common/qubes_setup_dnat_to_ns | 2 +- netvm/qubes_core | 6 +++--- rpm_spec/core-appvm.spec | 16 ++++++++-------- rpm_spec/core-netvm.spec | 10 ++++++---- 9 files changed, 24 insertions(+), 22 deletions(-) diff --git a/appvm/qubes.rules b/appvm/qubes.rules index e3fc50e..5b3a502 100644 --- a/appvm/qubes.rules +++ b/appvm/qubes.rules @@ -1 +1 @@ -SUBSYSTEM=="block", KERNEL=="xvdh", ACTION=="add", RUN+="/usr/bin/qubes_add_pendrive_script" +SUBSYSTEM=="block", KERNEL=="xvdh", ACTION=="add", RUN+="/usr/lib/qubes/qubes_add_pendrive_script" diff --git a/appvm/qubes_add_pendrive_script.c b/appvm/qubes_add_pendrive_script.c index 41823ae..bb70861 100644 --- a/appvm/qubes_add_pendrive_script.c +++ b/appvm/qubes_add_pendrive_script.c @@ -189,7 +189,7 @@ void dvm_transaction_request(char *seq, struct xs_handle *xs) if (stat_pre.st_mtime == stat_post.st_mtime) suicide(xs); xs_daemon_close(xs); - execl("/usr/bin/qvm-dvm-transfer", "qvm-dvm-transfer", src_vm, + execl("/usr/lib/qubes/qvm-dvm-transfer", "qvm-dvm-transfer", src_vm, filename, seq, NULL); syslog(LOG_DAEMON | LOG_ERR, "execl qvm-dvm-transfer"); suicide(xs); diff --git a/appvm/qvm-copy-to-vm b/appvm/qvm-copy-to-vm index def32d7..1af03ec 100755 --- a/appvm/qvm-copy-to-vm +++ b/appvm/qvm-copy-to-vm @@ -24,7 +24,7 @@ if [ $# -lt 2 ] ; then echo usage: $0 'vmname file [file]*' exit 1 fi -qubes_penctl new || exit 1 +/usr/lib/qubes/qubes_penctl new || exit 1 echo -n Waiting for the Qubes virtual pendrive while ! [ -e /dev/xvdg ] ; do echo -n . @@ -37,4 +37,4 @@ shift cp -v -a "$@" /mnt/outgoing #sometimes Dolphin lags a bit umount /mnt/outgoing || (sleep 1; umount /mnt/outgoing) || exit 1 -qubes_penctl send $VMNAME || exit 1 +/usr/lib/qubes/qubes_penctl send $VMNAME || exit 1 diff --git a/appvm/qvm-copy.desktop b/appvm/qvm-copy.desktop index 6d7ebc6..5795eb6 100644 --- a/appvm/qvm-copy.desktop +++ b/appvm/qvm-copy.desktop @@ -4,7 +4,7 @@ Type=Service X-KDE-ServiceTypes=KonqPopupMenu/Plugin,inode/directory,all/allfiles [Desktop Action QvmCopy] -Exec=/usr/bin/qvm-copy-to-vm.kde %U +Exec=/usr/lib/qubes/qvm-copy-to-vm.kde %U Icon=kget Name=Send To VM diff --git a/common/qubes_nmhook b/common/qubes_nmhook index d06cd57..b9028de 100755 --- a/common/qubes_nmhook +++ b/common/qubes_nmhook @@ -1,2 +1,2 @@ #!/bin/sh -/usr/bin/qubes_setup_dnat_to_ns +/usr/lib/qubes/qubes_setup_dnat_to_ns diff --git a/common/qubes_setup_dnat_to_ns b/common/qubes_setup_dnat_to_ns index e484191..67a1b90 100755 --- a/common/qubes_setup_dnat_to_ns +++ b/common/qubes_setup_dnat_to_ns @@ -10,7 +10,7 @@ addrule() fi } export PATH=$PATH:/sbin:/bin -source /var/run/qubes_ns +source /var/run/qubes/qubes_ns if [ "X"$NS1 = "X" ] ; then exit ; fi iptables -t nat -F PREROUTING FIRSTONE=yes diff --git a/netvm/qubes_core b/netvm/qubes_core index 4be4f4c..aebf4d7 100755 --- a/netvm/qubes_core +++ b/netvm/qubes_core @@ -28,9 +28,9 @@ start() secondary_dns=$(/usr/bin/xenstore-read qubes_netvm_secondary_dns) ifconfig br0 $gateway netmask $netmask up ifconfig br0:1 $secondary_dns netmask $netmask - echo "NS1=$gateway" > /var/run/qubes_ns - echo "NS2=$secondary_dns" >> /var/run/qubes_ns - qubes_setup_dnat_to_ns + echo "NS1=$gateway" > /var/run/qubes/qubes_ns + echo "NS2=$secondary_dns" >> /var/run/qubes/qubes_ns + /usr/lib/qubes/qubes_setup_dnat_to_ns echo "1" > /proc/sys/net/ipv4/ip_forward #now no need for dnsmasq # dnsmasq --listen-address $gateway --bind-interfaces diff --git a/rpm_spec/core-appvm.spec b/rpm_spec/core-appvm.spec index 143aa3d..a4444f0 100644 --- a/rpm_spec/core-appvm.spec +++ b/rpm_spec/core-appvm.spec @@ -61,10 +61,10 @@ mkdir -p $RPM_BUILD_ROOT/etc/init.d cp qubes_core $RPM_BUILD_ROOT/etc/init.d/ mkdir -p $RPM_BUILD_ROOT/var/lib/qubes mkdir -p $RPM_BUILD_ROOT/usr/bin -cp qubes_timestamp qubes_add_pendrive_script qubes_penctl \ - qvm-copy-to-vm qvm-copy-to-vm.kde \ - qvm-open-in-dvm $RPM_BUILD_ROOT/usr/bin -ln -s qvm-open-in-dvm $RPM_BUILD_ROOT/usr/bin/qvm-dvm-transfer +cp qubes_timestamp qvm-copy-to-vm qvm-open-in-dvm $RPM_BUILD_ROOT/usr/bin +mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes +cp qubes_add_pendrive_script qubes_penctl qvm-copy-to-vm.kde $RPM_BUILD_ROOT/usr/lib/qubes +ln -s /usr/bin/qvm-open-in-dvm $RPM_BUILD_ROOT/usr/lib/qubes/qvm-dvm-transfer mkdir -p $RPM_BUILD_ROOT/%{kde_service_dir} cp qvm-copy.desktop qvm-dvm.desktop $RPM_BUILD_ROOT/%{kde_service_dir} mkdir -p $RPM_BUILD_ROOT/etc/udev/rules.d @@ -184,13 +184,13 @@ rm -rf $RPM_BUILD_ROOT /etc/fstab /etc/init.d/qubes_core /usr/bin/qvm-copy-to-vm -/usr/bin/qvm-copy-to-vm.kde +/usr/lib/qubes/qvm-copy-to-vm.kde %attr(4755,root,root) /usr/bin/qvm-open-in-dvm -/usr/bin/qvm-dvm-transfer +/usr/lib/qubes/qvm-dvm-transfer %{kde_service_dir}/qvm-copy.desktop %{kde_service_dir}/qvm-dvm.desktop -%attr(4755,root,root) /usr/bin/qubes_penctl -/usr/bin/qubes_add_pendrive_script +%attr(4755,root,root) /usr/lib/qubes/qubes_penctl +/usr/lib/qubes/qubes_add_pendrive_script /etc/udev/rules.d/qubes.rules /etc/sysconfig/iptables /var/lib/qubes diff --git a/rpm_spec/core-netvm.spec b/rpm_spec/core-netvm.spec index 4081dbb..5d130e1 100644 --- a/rpm_spec/core-netvm.spec +++ b/rpm_spec/core-netvm.spec @@ -59,10 +59,10 @@ cp fstab $RPM_BUILD_ROOT/etc/fstab mkdir -p $RPM_BUILD_ROOT/etc/init.d cp qubes_core $RPM_BUILD_ROOT/etc/init.d/ mkdir -p $RPM_BUILD_ROOT/var/lib/qubes -mkdir -p $RPM_BUILD_ROOT/usr/bin -cp ../common/qubes_setup_dnat_to_ns $RPM_BUILD_ROOT/usr/bin +mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes +cp ../common/qubes_setup_dnat_to_ns $RPM_BUILD_ROOT/usr/lib/qubes mkdir -p $RPM_BUILD_ROOT/etc/dhclient.d -ln -s /usr/bin/qubes_setup_dnat_to_ns $RPM_BUILD_ROOT/etc/dhclient.d/qubes_setup_dnat_to_ns.sh +ln -s /usr/lib/qubes/qubes_setup_dnat_to_ns $RPM_BUILD_ROOT/etc/dhclient.d/qubes_setup_dnat_to_ns.sh mkdir -p $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/ cp ../common/qubes_nmhook $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/ mkdir -p $RPM_BUILD_ROOT/etc/yum.repos.d @@ -71,6 +71,7 @@ mkdir -p $RPM_BUILD_ROOT/sbin cp ../common/qubes_serial_login $RPM_BUILD_ROOT/sbin mkdir -p $RPM_BUILD_ROOT/etc cp ../common/serial.conf $RPM_BUILD_ROOT/var/lib/qubes/ +mkdir -p $RPM_BUILD_ROOT/var/run/qubes %triggerin -- initscripts cp /var/lib/qubes/serial.conf /etc/init/serial.conf @@ -168,8 +169,9 @@ rm -rf $RPM_BUILD_ROOT /etc/sysconfig/iptables /etc/init.d/qubes_core /var/lib/qubes -/usr/bin/qubes_setup_dnat_to_ns +/usr/lib/qubes/qubes_setup_dnat_to_ns /etc/dhclient.d/qubes_setup_dnat_to_ns.sh /etc/NetworkManager/dispatcher.d/qubes_nmhook /etc/yum.repos.d/qubes.repo /sbin/qubes_serial_login +%dir /var/run/qubes From cc7f78a423add3fdd03364a1bb8ebc844554b126 Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Wed, 21 Jul 2010 13:06:34 +0200 Subject: [PATCH 16/16] appvm/xorg-preload-apps.conf was missing --- appvm/xorg-preload-apps.conf | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 appvm/xorg-preload-apps.conf diff --git a/appvm/xorg-preload-apps.conf b/appvm/xorg-preload-apps.conf new file mode 100644 index 0000000..afa479b --- /dev/null +++ b/appvm/xorg-preload-apps.conf @@ -0,0 +1,30 @@ +Section "ServerLayout" + Identifier "Default Layout" + Screen 0 "Screen0" 0 0 +EndSection + +Section "Device" + Identifier "Videocard0" + Driver "dummy" + VideoRam 4001 +EndSection + +Section "Monitor" + Identifier "Monitor0" + HorizSync 49-50 + VertRefresh 62-63 + Modeline "QB1280x800" 64 1280 1281 1282 1283 800 801 802 803 +EndSection + +Section "Screen" + Identifier "Screen0" + Device "Videocard0" + Monitor "Monitor0" + DefaultDepth 24 + SubSection "Display" + Viewport 0 0 + Depth 24 + Modes "QB1280x800" + EndSubSection +EndSection +