Changed location of PROTECTED_FILE_LIST to /etc/qubes/protected-files.d

This commit is contained in:
Jason Mehring 2015-04-24 19:16:54 -04:00 committed by Marek Marczykowski-Górecki
parent 56b0685aaa
commit 4373cda566
6 changed files with 16 additions and 14 deletions

View File

@ -1,2 +1,3 @@
var/lib/qubes var/lib/qubes
lib/modules lib/modules
etc/qubes/protected-files.d

View File

@ -188,11 +188,11 @@ case "${1}" in
fi fi
# Location of files which contains list of protected files # Location of files which contains list of protected files
PROTECTED_FILE_LIST='/var/lib/qubes/protected-files' PROTECTED_FILE_LIST='/etc/qubes/protected-files.d'
# ensure that hostname resolves to 127.0.1.1 resp. ::1 and that /etc/hosts is # ensure that hostname resolves to 127.0.1.1 resp. ::1 and that /etc/hosts is
# in the form expected by qubes-sysinit.sh # in the form expected by qubes-sysinit.sh
if ! grep -q "^/etc/hostname$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then if ! grep -rq "^/etc/hostname$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
for ip in '127\.0\.1\.1' '::1'; do for ip in '127\.0\.1\.1' '::1'; do
if grep -q "^${ip}\(\s\|$\)" /etc/hosts; then if grep -q "^${ip}\(\s\|$\)" /etc/hosts; then
sed -i "/^${ip}\s/,+0s/\(\s`hostname`\)\+\(\s\|$\)/\2/g" /etc/hosts || true sed -i "/^${ip}\s/,+0s/\(\s`hostname`\)\+\(\s\|$\)/\2/g" /etc/hosts || true
@ -205,7 +205,7 @@ case "${1}" in
# remove hostname from 127.0.0.1 line (in debian the hostname is by default # remove hostname from 127.0.0.1 line (in debian the hostname is by default
# resolved to 127.0.1.1) # resolved to 127.0.1.1)
if ! grep -q "^/etc/hosts$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then if ! grep -rq "^/etc/hosts$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
sed -i "/^127\.0\.0\.1\s/,+0s/\(\s`hostname`\)\+\(\s\|$\)/\2/g" /etc/hosts || true sed -i "/^127\.0\.0\.1\s/,+0s/\(\s`hostname`\)\+\(\s\|$\)/\2/g" /etc/hosts || true
fi fi

View File

@ -7,7 +7,7 @@ disablegw=`qubesdb-read /qubes-service/disable-default-route 2> /dev/null`
disabledns=`qubesdb-read /qubes-service/disable-dns-server 2> /dev/null` disabledns=`qubesdb-read /qubes-service/disable-dns-server 2> /dev/null`
# Location of files which contains list of protected files # Location of files which contains list of protected files
PROTECTED_FILE_LIST='/var/lib/qubes/protected-files' PROTECTED_FILE_LIST='/etc/qubes/protected-files.d'
ip=`/usr/bin/qubesdb-read /qubes-ip 2> /dev/null` ip=`/usr/bin/qubesdb-read /qubes-ip 2> /dev/null`
if [ x$ip != x ]; then if [ x$ip != x ]; then
@ -22,7 +22,7 @@ if [ x$ip != x ]; then
fi fi
/sbin/ethtool -K $INTERFACE sg off /sbin/ethtool -K $INTERFACE sg off
/sbin/ethtool -K $INTERFACE tx off /sbin/ethtool -K $INTERFACE tx off
if ! grep -q "^/etc/resolv[.]conf$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then if ! grep -rq "^/etc/resolv[.]conf$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
echo > /etc/resolv.conf echo > /etc/resolv.conf
if [ "x$disabledns" != "x1" ]; then if [ "x$disabledns" != "x1" ]; then
echo "nameserver $gateway" > /etc/resolv.conf echo "nameserver $gateway" > /etc/resolv.conf

View File

@ -240,10 +240,11 @@ fi
sed -i -e '/^exclude = kernel/d' /etc/yum.conf sed -i -e '/^exclude = kernel/d' /etc/yum.conf
# Location of files which contains list of protected files # Location of files which contains list of protected files
PROTECTED_FILE_LIST='/var/lib/qubes/protected-files' mkdir -p /etc/qubes/protected-files.d
PROTECTED_FILE_LIST='/etc/qubes/protected-files.d'
# qubes-core-vm has been broken for some time - it overrides /etc/hosts; restore original content # qubes-core-vm has been broken for some time - it overrides /etc/hosts; restore original content
if ! grep -q "^/etc/hosts$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then if ! grep -rq "^/etc/hosts$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
if ! grep -q localhost /etc/hosts; then if ! grep -q localhost /etc/hosts; then
cat <<EOF > /etc/hosts cat <<EOF > /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 `hostname` 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 `hostname`
@ -254,7 +255,7 @@ fi
# ensure that hostname resolves to 127.0.0.1 resp. ::1 and that /etc/hosts is # ensure that hostname resolves to 127.0.0.1 resp. ::1 and that /etc/hosts is
# in the form expected by qubes-sysinit.sh # in the form expected by qubes-sysinit.sh
if ! grep -q "^/etc/hostname$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then if ! grep -rq "^/etc/hostname$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
for ip in '127\.0\.0\.1' '::1'; do for ip in '127\.0\.0\.1' '::1'; do
if grep -q "^${ip}\(\s\|$\)" /etc/hosts; then if grep -q "^${ip}\(\s\|$\)" /etc/hosts; then
sed -i "/^${ip}\s/,+0s/\(\s`hostname`\)\+\(\s\|$\)/\2/g" /etc/hosts sed -i "/^${ip}\s/,+0s/\(\s`hostname`\)\+\(\s\|$\)/\2/g" /etc/hosts

View File

@ -21,10 +21,10 @@ start()
chmod 0775 /var/run/qubes chmod 0775 /var/run/qubes
# Location of files which contains list of protected files # Location of files which contains list of protected files
PROTECTED_FILE_LIST='/var/lib/qubes/protected-files' PROTECTED_FILE_LIST='/etc/qubes/protected-files.d'
# Set the hostname # Set the hostname
if ! grep -q "^/etc/hostname$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then if ! grep -rq "^/etc/hostname$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
name=$(/usr/bin/qubesdb-read /name) name=$(/usr/bin/qubesdb-read /name)
if ! [ -f /etc/this-is-dvm ] ; then if ! [ -f /etc/this-is-dvm ] ; then
# we don't want to set hostname for DispVM # we don't want to set hostname for DispVM
@ -36,7 +36,7 @@ start()
fi fi
# Set the timezone # Set the timezone
if ! grep -q "^/etc/timezone$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then if ! grep -rq "^/etc/timezone$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
timezone=`/usr/bin/qubesdb-read /qubes-timezone 2> /dev/null` timezone=`/usr/bin/qubesdb-read /qubes-timezone 2> /dev/null`
if [ -n "$timezone" ]; then if [ -n "$timezone" ]; then
ln -f /usr/share/zoneinfo/$timezone /etc/localtime ln -f /usr/share/zoneinfo/$timezone /etc/localtime

View File

@ -11,7 +11,7 @@ QDB_READ=qubesdb-read
QDB_LS=qubesdb-multiread QDB_LS=qubesdb-multiread
# Location of files which contains list of protected files # Location of files which contains list of protected files
PROTECTED_FILE_LIST='/var/lib/qubes/protected-files' PROTECTED_FILE_LIST='/etc/qubes/protected-files.d'
read_service() { read_service() {
$QDB_READ /qubes-service/$1 2> /dev/null $QDB_READ /qubes-service/$1 2> /dev/null
@ -70,7 +70,7 @@ for srv in `$QDB_LS /qubes-service/ 2>/dev/null |grep ' = 0'|cut -f 1 -d ' '`; d
done done
# Set the hostname # Set the hostname
if ! grep -q "^/etc/hostname$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then if ! grep -rq "^/etc/hostname$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
name=`$QDB_READ /name` name=`$QDB_READ /name`
if [ -n "$name" ]; then if [ -n "$name" ]; then
hostname $name hostname $name
@ -85,7 +85,7 @@ if ! grep -q "^/etc/hostname$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
fi fi
# Set the timezone # Set the timezone
if ! grep -q "^/etc/timezone$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then if ! grep -rq "^/etc/timezone$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
timezone=`$QDB_READ /qubes-timezone 2> /dev/null` timezone=`$QDB_READ /qubes-timezone 2> /dev/null`
if [ -n "$timezone" ]; then if [ -n "$timezone" ]; then
cp -p /usr/share/zoneinfo/$timezone /etc/localtime cp -p /usr/share/zoneinfo/$timezone /etc/localtime