From 8bb2687b86c05d9b897235fd7435041596853cf8 Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Sat, 21 Jan 2012 21:32:27 +0100 Subject: [PATCH 1/5] vm/systemd: disable scatter-gather only in ProxyVM NetVM sometimes doesn't have eth0, eg UsbVM. --- vm-systemd/network-proxy-setup.sh | 1 + vm-systemd/qubes-network.service | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/vm-systemd/network-proxy-setup.sh b/vm-systemd/network-proxy-setup.sh index c12e1d3..387e649 100755 --- a/vm-systemd/network-proxy-setup.sh +++ b/vm-systemd/network-proxy-setup.sh @@ -11,4 +11,5 @@ if [ "x$network" != "x" ]; then echo "NS2=$secondary_dns" >> /var/run/qubes/qubes_ns /usr/lib/qubes/qubes_setup_dnat_to_ns echo "1" > /proc/sys/net/ipv4/ip_forward + /sbin/ethtool -K eth0 sg off fi diff --git a/vm-systemd/qubes-network.service b/vm-systemd/qubes-network.service index 86c02fe..afb53f0 100644 --- a/vm-systemd/qubes-network.service +++ b/vm-systemd/qubes-network.service @@ -7,7 +7,6 @@ Before=network.target [Service] Type=oneshot RemainAfterExit=yes -ExecStartPre=/sbin/ethtool -K eth0 sg off ExecStart=/usr/lib/qubes/init/network-proxy-setup.sh StandardOutput=syslog From 18f32efe90dca9ad3a3dd83da702fe37c017d8ef Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Mon, 30 Jan 2012 13:41:41 +0100 Subject: [PATCH 2/5] vm/network: ignore IPv6 DNS entries in /etc/resolv.conf --- network/qubes_setup_dnat_to_ns | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/network/qubes_setup_dnat_to_ns b/network/qubes_setup_dnat_to_ns index aa95186..ef6a6dd 100755 --- a/network/qubes_setup_dnat_to_ns +++ b/network/qubes_setup_dnat_to_ns @@ -14,7 +14,7 @@ source /var/run/qubes/qubes_ns if [ "X"$NS1 = "X" ] ; then exit ; fi iptables -t nat -F PR-QBS FIRSTONE=yes -grep ^nameserver /etc/resolv.conf | head -2 | +grep ^nameserver /etc/resolv.conf | grep -v ":.*:" | head -2 | ( while read x y z ; do addrule "$y" From 85e67040378fe37bdbdef3425cf96c29956abe21 Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Mon, 30 Jan 2012 14:20:02 +0100 Subject: [PATCH 3/5] vm/network: symlink NetworkManager system-connection to /rw (#425) In FC15, NetworkManager by default uses global connections ("Available to all users"). Save them in /rw instead of /etc, to preserve them across reboots. --- network/network-manager-prepare-conf-dir | 10 ++++++++++ network/qubes_fix_nm_conf.sh | 3 +++ rpm_spec/core-vm.spec | 2 ++ vm-init.d/qubes_core_netvm | 1 + vm-systemd/NetworkManager.service | 5 +++++ 5 files changed, 21 insertions(+) create mode 100755 network/network-manager-prepare-conf-dir diff --git a/network/network-manager-prepare-conf-dir b/network/network-manager-prepare-conf-dir new file mode 100755 index 0000000..84a3635 --- /dev/null +++ b/network/network-manager-prepare-conf-dir @@ -0,0 +1,10 @@ +#!/bin/sh + +if [ -d /etc/NetworkManager/system-connections ]; then + mkdir -p /rw/config/NM-system-connections + mv /etc/NetworkManager/system-connections/* /rw/config/NM-system-connections/ 2> /dev/null || true + rmdir /etc/NetworkManager/system-connections + ln -s /rw/config/NM-system-connections /etc/NetworkManager/system-connections +fi + +exit 0 diff --git a/network/qubes_fix_nm_conf.sh b/network/qubes_fix_nm_conf.sh index 613fa15..9f1eca7 100755 --- a/network/qubes_fix_nm_conf.sh +++ b/network/qubes_fix_nm_conf.sh @@ -4,6 +4,9 @@ VIFMAC=mac:fe:ff:ff:ff:ff:ff if ! grep -q ^plugins.*keyfile $FILE ; then sed -i 's/^plugins.*$/&,keyfile/' $FILE fi +if grep -q ^plugins.*ifcfg-rh $FILE ; then + sed -i 's/^plugins=\(.*\)ifcfg-rh,\(.*\)$/plugins=\1\2/' $FILE +fi if ! grep -q '^\[keyfile\]$' $FILE ; then echo '[keyfile]' >> $FILE fi diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec index 0b72387..d925572 100644 --- a/rpm_spec/core-vm.spec +++ b/rpm_spec/core-vm.spec @@ -119,6 +119,7 @@ install network/qubes_network.rules $RPM_BUILD_ROOT/etc/udev/rules.d/99-qubes_ne install network/qubes_setup_dnat_to_ns $RPM_BUILD_ROOT/usr/lib/qubes install network/qubes_fix_nm_conf.sh $RPM_BUILD_ROOT/usr/lib/qubes install network/setup_ip $RPM_BUILD_ROOT/usr/lib/qubes/ +install network/network-manager-prepare-conf-dir $RPM_BUILD_ROOT/usr/lib/qubes/ install -d $RPM_BUILD_ROOT/etc/dhclient.d ln -s /usr/lib/qubes/qubes_setup_dnat_to_ns $RPM_BUILD_ROOT/etc/dhclient.d/qubes_setup_dnat_to_ns.sh install -d $RPM_BUILD_ROOT/etc/NetworkManager/dispatcher.d/ @@ -342,6 +343,7 @@ rm -rf $RPM_BUILD_ROOT /usr/lib/qubes/block_cleanup /usr/lib/qubes/block_remove /usr/lib/qubes/meminfo-writer +/usr/lib/qubes/network-manager-prepare-conf-dir /usr/lib/qubes/qfile-agent /usr/lib/qubes/qfile-unpacker /usr/lib/qubes/qopen-in-vm diff --git a/vm-init.d/qubes_core_netvm b/vm-init.d/qubes_core_netvm index 053e4be..fa67dc4 100755 --- a/vm-init.d/qubes_core_netvm +++ b/vm-init.d/qubes_core_netvm @@ -15,6 +15,7 @@ start() type=$(/usr/bin/xenstore-read qubes_vm_type) if [ "$type" == "NetVM" ]; then + /usr/lib/qubes/network-manager-prepare-conf-dir /sbin/service NetworkManager start fi diff --git a/vm-systemd/NetworkManager.service b/vm-systemd/NetworkManager.service index bf1e486..1349161 100644 --- a/vm-systemd/NetworkManager.service +++ b/vm-systemd/NetworkManager.service @@ -1,3 +1,8 @@ .include /lib/systemd/system/NetworkManager.service [Unit] ConditionPathExists=/var/run/qubes-service/network-manager +# For /rw +After=qubes-misc-post.service + +[Service] +ExecStartPre=/usr/lib/qubes/network-manager-prepare-conf-dir From f3e187f67234e7bfc5755340f04e0a44c61dd414 Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Mon, 30 Jan 2012 14:22:35 +0100 Subject: [PATCH 4/5] vm/spec: do not complain about missing serial.conf --- rpm_spec/core-vm.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec index d925572..12483b7 100644 --- a/rpm_spec/core-vm.spec +++ b/rpm_spec/core-vm.spec @@ -241,7 +241,7 @@ if [ "$1" != 1 ] ; then exit 0 fi -if ! [ -f /var/lib/qubes/serial.orig ] ; then +if [ -e /etc/init/serial.conf ] && ! [ -f /var/lib/qubes/serial.orig ] ; then cp /etc/init/serial.conf /var/lib/qubes/serial.orig fi From e0660cfd69000c284381f9eaa7ca05f8a9c5b566 Mon Sep 17 00:00:00 2001 From: Marek Marczykowski Date: Mon, 30 Jan 2012 14:22:58 +0100 Subject: [PATCH 5/5] vm/systemd: wait for evtchn initialization before first xenstore-read --- vm-systemd/qubes-sysinit.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/vm-systemd/qubes-sysinit.sh b/vm-systemd/qubes-sysinit.sh index da13faf..dc93de5 100755 --- a/vm-systemd/qubes-sysinit.sh +++ b/vm-systemd/qubes-sysinit.sh @@ -13,6 +13,11 @@ read_service() { $XS_READ qubes-service/$1 2> /dev/null } +# Wait for evtchn initialization +while [ ! -e /proc/xen/xenbus ]; do + sleep 0.1 +done + mkdir -p /var/run/qubes mkdir -p /var/run/qubes-service mkdir -p /var/run/xen-hotplug