Changed location of PROTECTED_FILE_LIST to /etc/qubes/protected-files.d
This commit is contained in:
parent
56b0685aaa
commit
4373cda566
1
debian/qubes-core-agent.dirs
vendored
1
debian/qubes-core-agent.dirs
vendored
@ -1,2 +1,3 @@
|
|||||||
var/lib/qubes
|
var/lib/qubes
|
||||||
lib/modules
|
lib/modules
|
||||||
|
etc/qubes/protected-files.d
|
||||||
|
6
debian/qubes-core-agent.postinst
vendored
6
debian/qubes-core-agent.postinst
vendored
@ -188,11 +188,11 @@ case "${1}" in
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Location of files which contains list of protected files
|
# Location of files which contains list of protected files
|
||||||
PROTECTED_FILE_LIST='/var/lib/qubes/protected-files'
|
PROTECTED_FILE_LIST='/etc/qubes/protected-files.d'
|
||||||
|
|
||||||
# ensure that hostname resolves to 127.0.1.1 resp. ::1 and that /etc/hosts is
|
# ensure that hostname resolves to 127.0.1.1 resp. ::1 and that /etc/hosts is
|
||||||
# in the form expected by qubes-sysinit.sh
|
# in the form expected by qubes-sysinit.sh
|
||||||
if ! grep -q "^/etc/hostname$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
|
if ! grep -rq "^/etc/hostname$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
|
||||||
for ip in '127\.0\.1\.1' '::1'; do
|
for ip in '127\.0\.1\.1' '::1'; do
|
||||||
if grep -q "^${ip}\(\s\|$\)" /etc/hosts; then
|
if grep -q "^${ip}\(\s\|$\)" /etc/hosts; then
|
||||||
sed -i "/^${ip}\s/,+0s/\(\s`hostname`\)\+\(\s\|$\)/\2/g" /etc/hosts || true
|
sed -i "/^${ip}\s/,+0s/\(\s`hostname`\)\+\(\s\|$\)/\2/g" /etc/hosts || true
|
||||||
@ -205,7 +205,7 @@ case "${1}" in
|
|||||||
|
|
||||||
# remove hostname from 127.0.0.1 line (in debian the hostname is by default
|
# remove hostname from 127.0.0.1 line (in debian the hostname is by default
|
||||||
# resolved to 127.0.1.1)
|
# resolved to 127.0.1.1)
|
||||||
if ! grep -q "^/etc/hosts$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
|
if ! grep -rq "^/etc/hosts$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
|
||||||
sed -i "/^127\.0\.0\.1\s/,+0s/\(\s`hostname`\)\+\(\s\|$\)/\2/g" /etc/hosts || true
|
sed -i "/^127\.0\.0\.1\s/,+0s/\(\s`hostname`\)\+\(\s\|$\)/\2/g" /etc/hosts || true
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -7,7 +7,7 @@ disablegw=`qubesdb-read /qubes-service/disable-default-route 2> /dev/null`
|
|||||||
disabledns=`qubesdb-read /qubes-service/disable-dns-server 2> /dev/null`
|
disabledns=`qubesdb-read /qubes-service/disable-dns-server 2> /dev/null`
|
||||||
|
|
||||||
# Location of files which contains list of protected files
|
# Location of files which contains list of protected files
|
||||||
PROTECTED_FILE_LIST='/var/lib/qubes/protected-files'
|
PROTECTED_FILE_LIST='/etc/qubes/protected-files.d'
|
||||||
|
|
||||||
ip=`/usr/bin/qubesdb-read /qubes-ip 2> /dev/null`
|
ip=`/usr/bin/qubesdb-read /qubes-ip 2> /dev/null`
|
||||||
if [ x$ip != x ]; then
|
if [ x$ip != x ]; then
|
||||||
@ -22,7 +22,7 @@ if [ x$ip != x ]; then
|
|||||||
fi
|
fi
|
||||||
/sbin/ethtool -K $INTERFACE sg off
|
/sbin/ethtool -K $INTERFACE sg off
|
||||||
/sbin/ethtool -K $INTERFACE tx off
|
/sbin/ethtool -K $INTERFACE tx off
|
||||||
if ! grep -q "^/etc/resolv[.]conf$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
|
if ! grep -rq "^/etc/resolv[.]conf$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
|
||||||
echo > /etc/resolv.conf
|
echo > /etc/resolv.conf
|
||||||
if [ "x$disabledns" != "x1" ]; then
|
if [ "x$disabledns" != "x1" ]; then
|
||||||
echo "nameserver $gateway" > /etc/resolv.conf
|
echo "nameserver $gateway" > /etc/resolv.conf
|
||||||
|
@ -240,10 +240,11 @@ fi
|
|||||||
sed -i -e '/^exclude = kernel/d' /etc/yum.conf
|
sed -i -e '/^exclude = kernel/d' /etc/yum.conf
|
||||||
|
|
||||||
# Location of files which contains list of protected files
|
# Location of files which contains list of protected files
|
||||||
PROTECTED_FILE_LIST='/var/lib/qubes/protected-files'
|
mkdir -p /etc/qubes/protected-files.d
|
||||||
|
PROTECTED_FILE_LIST='/etc/qubes/protected-files.d'
|
||||||
|
|
||||||
# qubes-core-vm has been broken for some time - it overrides /etc/hosts; restore original content
|
# qubes-core-vm has been broken for some time - it overrides /etc/hosts; restore original content
|
||||||
if ! grep -q "^/etc/hosts$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
|
if ! grep -rq "^/etc/hosts$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
|
||||||
if ! grep -q localhost /etc/hosts; then
|
if ! grep -q localhost /etc/hosts; then
|
||||||
cat <<EOF > /etc/hosts
|
cat <<EOF > /etc/hosts
|
||||||
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 `hostname`
|
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 `hostname`
|
||||||
@ -254,7 +255,7 @@ fi
|
|||||||
|
|
||||||
# ensure that hostname resolves to 127.0.0.1 resp. ::1 and that /etc/hosts is
|
# ensure that hostname resolves to 127.0.0.1 resp. ::1 and that /etc/hosts is
|
||||||
# in the form expected by qubes-sysinit.sh
|
# in the form expected by qubes-sysinit.sh
|
||||||
if ! grep -q "^/etc/hostname$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
|
if ! grep -rq "^/etc/hostname$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
|
||||||
for ip in '127\.0\.0\.1' '::1'; do
|
for ip in '127\.0\.0\.1' '::1'; do
|
||||||
if grep -q "^${ip}\(\s\|$\)" /etc/hosts; then
|
if grep -q "^${ip}\(\s\|$\)" /etc/hosts; then
|
||||||
sed -i "/^${ip}\s/,+0s/\(\s`hostname`\)\+\(\s\|$\)/\2/g" /etc/hosts
|
sed -i "/^${ip}\s/,+0s/\(\s`hostname`\)\+\(\s\|$\)/\2/g" /etc/hosts
|
||||||
|
@ -21,10 +21,10 @@ start()
|
|||||||
chmod 0775 /var/run/qubes
|
chmod 0775 /var/run/qubes
|
||||||
|
|
||||||
# Location of files which contains list of protected files
|
# Location of files which contains list of protected files
|
||||||
PROTECTED_FILE_LIST='/var/lib/qubes/protected-files'
|
PROTECTED_FILE_LIST='/etc/qubes/protected-files.d'
|
||||||
|
|
||||||
# Set the hostname
|
# Set the hostname
|
||||||
if ! grep -q "^/etc/hostname$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
|
if ! grep -rq "^/etc/hostname$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
|
||||||
name=$(/usr/bin/qubesdb-read /name)
|
name=$(/usr/bin/qubesdb-read /name)
|
||||||
if ! [ -f /etc/this-is-dvm ] ; then
|
if ! [ -f /etc/this-is-dvm ] ; then
|
||||||
# we don't want to set hostname for DispVM
|
# we don't want to set hostname for DispVM
|
||||||
@ -36,7 +36,7 @@ start()
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Set the timezone
|
# Set the timezone
|
||||||
if ! grep -q "^/etc/timezone$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
|
if ! grep -rq "^/etc/timezone$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
|
||||||
timezone=`/usr/bin/qubesdb-read /qubes-timezone 2> /dev/null`
|
timezone=`/usr/bin/qubesdb-read /qubes-timezone 2> /dev/null`
|
||||||
if [ -n "$timezone" ]; then
|
if [ -n "$timezone" ]; then
|
||||||
ln -f /usr/share/zoneinfo/$timezone /etc/localtime
|
ln -f /usr/share/zoneinfo/$timezone /etc/localtime
|
||||||
|
@ -11,7 +11,7 @@ QDB_READ=qubesdb-read
|
|||||||
QDB_LS=qubesdb-multiread
|
QDB_LS=qubesdb-multiread
|
||||||
|
|
||||||
# Location of files which contains list of protected files
|
# Location of files which contains list of protected files
|
||||||
PROTECTED_FILE_LIST='/var/lib/qubes/protected-files'
|
PROTECTED_FILE_LIST='/etc/qubes/protected-files.d'
|
||||||
|
|
||||||
read_service() {
|
read_service() {
|
||||||
$QDB_READ /qubes-service/$1 2> /dev/null
|
$QDB_READ /qubes-service/$1 2> /dev/null
|
||||||
@ -70,7 +70,7 @@ for srv in `$QDB_LS /qubes-service/ 2>/dev/null |grep ' = 0'|cut -f 1 -d ' '`; d
|
|||||||
done
|
done
|
||||||
|
|
||||||
# Set the hostname
|
# Set the hostname
|
||||||
if ! grep -q "^/etc/hostname$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
|
if ! grep -rq "^/etc/hostname$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
|
||||||
name=`$QDB_READ /name`
|
name=`$QDB_READ /name`
|
||||||
if [ -n "$name" ]; then
|
if [ -n "$name" ]; then
|
||||||
hostname $name
|
hostname $name
|
||||||
@ -85,7 +85,7 @@ if ! grep -q "^/etc/hostname$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Set the timezone
|
# Set the timezone
|
||||||
if ! grep -q "^/etc/timezone$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
|
if ! grep -rq "^/etc/timezone$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
|
||||||
timezone=`$QDB_READ /qubes-timezone 2> /dev/null`
|
timezone=`$QDB_READ /qubes-timezone 2> /dev/null`
|
||||||
if [ -n "$timezone" ]; then
|
if [ -n "$timezone" ]; then
|
||||||
cp -p /usr/share/zoneinfo/$timezone /etc/localtime
|
cp -p /usr/share/zoneinfo/$timezone /etc/localtime
|
||||||
|
Loading…
Reference in New Issue
Block a user