Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core

Browse Source
This commit is contained in:
Joanna Rutkowska 2011-04-07 14:21:06 +02:00
commit acc048cbaf
4 changed files with 55 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
netvm/dbus-nm-applet.conf Normal file
View File

@ -0,0 +1,42 @@
<!DOCTYPE busconfig PUBLIC
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<!--
WARNING: if running any D-Bus version prior to 1.2.6, you may be
vulnerable to information leakage via the NM D-Bus interface.
Previous D-Bus versions did not deny-by-default, and this permissions
config file assumes that D-Bus will deny rules by default unless
explicitly over-ridden with an <allow /> tag.
-->
<policy user="root">
<allow own="org.freedesktop.NetworkManagerUserSettings"/>
<allow send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.NetworkManagerSettings"/>
<allow send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.NetworkManagerSettings.Connection"/>
<!-- Only root can get secrets -->
<allow send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.NetworkManagerSettings.Connection.Secrets"/>
</policy>
<policy user="user">
<allow own="org.freedesktop.NetworkManagerUserSettings"/>
<allow send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.NetworkManagerSettings"/>
<allow send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.NetworkManagerSettings.Connection"/>
</policy>
<policy context="default">
<allow send_destination="org.freedesktop.NetworkManagerUserSettings"
send_interface="org.freedesktop.DBus.Introspectable"/>
</policy>
<limit name="max_replies_per_connection">512</limit>
</busconfig>

7
rpm_spec/core-appvm.spec
View File

@ -48,17 +48,12 @@ The Qubes core files for installation inside a Qubes AppVM.
%pre %pre
# Remove password for root, so PolicyKit will not ask for it
usermod -p '' root
if [ "$1" != 1 ] ; then if [ "$1" != 1 ] ; then
# remove user password if this is upgrade
usermod -p '' user
# do this whole %pre thing only when updating for the first time... # do this whole %pre thing only when updating for the first time...
exit 0 exit 0
fi fi
adduser -p '' --create-home user adduser --create-home user
su user -c 'mkdir -p /home/user/.gnome2/nautilus-scripts' su user -c 'mkdir -p /home/user/.gnome2/nautilus-scripts'
su user -c 'ln -s /usr/lib/qubes/qvm-copy-to-vm2.gnome /home/user/.gnome2/nautilus-scripts/"Copy to other AppVM"' su user -c 'ln -s /usr/lib/qubes/qvm-copy-to-vm2.gnome /home/user/.gnome2/nautilus-scripts/"Copy to other AppVM"'
su user -c 'ln -s /usr/bin/qvm-open-in-dvm2 /home/user/.gnome2/nautilus-scripts/"Open in DisposableVM"' su user -c 'ln -s /usr/bin/qvm-open-in-dvm2 /home/user/.gnome2/nautilus-scripts/"Open in DisposableVM"'

3
rpm_spec/core-commonvm.spec
View File

@ -80,6 +80,9 @@ cp /var/lib/qubes/serial.conf /etc/init/serial.conf
%post %post
# Disable gpk-update-icon
sed 's/^NotShowIn=KDE;$/\0QUBES;/' -i /etc/xdg/autostart/gpk-update-icon.desktop
if [ "$1" != 1 ] ; then if [ "$1" != 1 ] ; then
# do this whole %post thing only when updating for the first time... # do this whole %post thing only when updating for the first time...
exit 0 exit 0

9
rpm_spec/core-netvm.spec
View File

@ -66,6 +66,9 @@ mkdir -p $RPM_BUILD_ROOT/var/run/qubes
mkdir -p $RPM_BUILD_ROOT/etc/xen/scripts mkdir -p $RPM_BUILD_ROOT/etc/xen/scripts
cp ../common/vif-route-qubes $RPM_BUILD_ROOT/etc/xen/scripts cp ../common/vif-route-qubes $RPM_BUILD_ROOT/etc/xen/scripts
mkdir -p $RPM_BUILD_ROOT/etc/dbus-1/system.d
cp ../netvm/dbus-nm-applet.conf $RPM_BUILD_ROOT/etc/dbus-1/system.d/qubes-nm-applet.conf
%post %post
# Create NetworkManager configuration if we do not have it # Create NetworkManager configuration if we do not have it
@ -88,6 +91,11 @@ if [ "$1" = 0 ] ; then
chkconfig qubes_core_netvm off chkconfig qubes_core_netvm off
fi fi
%triggerin -- NetworkManager
# Fix PolicyKit settings to allow run as normal user not visible to ConsoleKit
sed 's#<defaults>$#\0<allow_any>yes</allow_any>#' -i /usr/share/polkit-1/actions/org.freedesktop.NetworkManager.policy
%clean %clean
rm -rf $RPM_BUILD_ROOT rm -rf $RPM_BUILD_ROOT
@ -100,3 +108,4 @@ rm -rf $RPM_BUILD_ROOT
/etc/NetworkManager/dispatcher.d/qubes_nmhook /etc/NetworkManager/dispatcher.d/qubes_nmhook
/etc/NetworkManager/dispatcher.d/30-qubes_external_ip /etc/NetworkManager/dispatcher.d/30-qubes_external_ip
/etc/xen/scripts/vif-route-qubes /etc/xen/scripts/vif-route-qubes
/etc/dbus-1/system.d/qubes-nm-applet.conf