Merge branch 'new-backups'

2013-11-29 04:02:43 +01:00 · 2013-11-29 04:02:43 +01:00 · e3e96dba74
commit e3e96dba74
parent 77f29dd957 6c3c3e717d
10 changed files with 1335 additions and 211 deletions
--- a/10
+++ b/10
@ -55,7 +55,7 @@ install-vm:
 	install -D -m 0440 misc/qubes.sudoers $(DESTDIR)/etc/sudoers.d/qubes
 	install -D -m 0644 misc/qubes.repo $(DESTDIR)/etc/yum.repos.d/qubes.repo
 	install -D -m 0644 misc/serial.conf $(DESTDIR)/usr/lib/qubes/serial.conf
-	install -D misc/qubes-serial-login $(DESTDIR)$(SBINDIR)/qubes-serial-login
+	install -D misc/qubes-serial-login $(DESTDIR)/$(SBINDIR)/qubes-serial-login
 	install -d $(DESTDIR)/usr/share/glib-2.0/schemas/
 	install -m 0644 misc/org.gnome.settings-daemon.plugins.updates.gschema.override $(DESTDIR)/usr/share/glib-2.0/schemas/
 	install -d $(DESTDIR)/usr/lib/yum-plugins/
@ -111,9 +111,9 @@ install-vm:
 	install -d $(DESTDIR)/etc/yum.conf.d
 	touch $(DESTDIR)/etc/yum.conf.d/qubes-proxy.conf

-	install -d $(DESTDIR)$(SBINDIR)
-	install network/qubes-firewall $(DESTDIR)$(SBINDIR)/
-	install network/qubes-netwatcher $(DESTDIR)$(SBINDIR)/
+	install -d $(DESTDIR)/$(SBINDIR)
+	install network/qubes-firewall $(DESTDIR)/$(SBINDIR)/
+	install network/qubes-netwatcher $(DESTDIR)/$(SBINDIR)/

 	install -d $(DESTDIR)/usr/bin

@ -122,6 +122,7 @@ install-vm:
 	install qubes-rpc/qvm-copy-to-vm.kde $(DESTDIR)/usr/lib/qubes
 	install qubes-rpc/qvm-copy-to-vm.gnome $(DESTDIR)/usr/lib/qubes
 	install qubes-rpc/{vm-file-editor,qfile-agent,qopen-in-vm} $(DESTDIR)/usr/lib/qubes
+	install qubes-rpc/tar2qfile $(DESTDIR)/usr/lib/qubes
 	# Install qfile-unpacker as SUID - because it will fail to receive files from other vm
 	install -m 4555  qubes-rpc/qfile-unpacker $(DESTDIR)/usr/lib/qubes
 	install qubes-rpc/qrun-in-vm $(DESTDIR)/usr/lib/qubes
@ -134,6 +135,7 @@ install-vm:
 	install -m 0644 qubes-rpc/{qubes.SuspendPre,qubes.SuspendPost,qubes.GetAppmenus} $(DESTDIR)/etc/qubes-rpc
 	install -m 0644 qubes-rpc/qubes.WaitForSession $(DESTDIR)/etc/qubes-rpc
 	install -m 0644 qubes-rpc/qubes.DetachPciDevice $(DESTDIR)/etc/qubes-rpc
+	install -m 0644 qubes-rpc/qubes.{Backup,Restore} $(DESTDIR)/etc/qubes-rpc

 	install -d $(DESTDIR)/usr/share/file-manager/actions
 	install -m 0644 qubes-rpc/*-gnome.desktop $(DESTDIR)/usr/share/file-manager/actions
--- a/qubes-rpc/Makefile
+++ b/qubes-rpc/Makefile
@ -1,14 +1,16 @@
 CC=gcc
 CFLAGS=-g -Wall -I. -fPIC -pie
-all:	vm-file-editor qopen-in-vm qfile-agent qfile-unpacker
+all:	vm-file-editor qopen-in-vm qfile-agent qfile-unpacker tar2qfile
 vm-file-editor: vm-file-editor.o ioall.o
 	$(CC) -pie -g -o $@ $^
 qopen-in-vm: qopen-in-vm.o ioall.o gui-fatal.o
 	$(CC) -pie -g -o $@ $^
-qfile-agent: qfile-agent.o gui-fatal.o
+qfile-agent: qfile-agent.o gui-fatal.o qfile-utils.o
 	$(CC) -pie -g -o $@ $^ -lqubes-rpc-filecopy
 qfile-unpacker: qfile-unpacker.o gui-fatal.o
 	$(CC) -pie -g -o $@ $^ -lqubes-rpc-filecopy
+tar2qfile: qfile-utils.o tar2qfile.o gui-fatal.o
+	$(CC) -pie -g -o $@ $^ -lqubes-rpc-filecopy

 clean:
-	rm -f qopen-in-vm qfile-agent qfile-unpacker vm-file-editor *.o *~
+	rm -f qopen-in-vm qfile-agent qfile-unpacker tar2qfile vm-file-editor *.o *~
--- a/qubes-rpc/ioall.c
+++ b/qubes-rpc/ioall.c
@ -35,12 +35,16 @@ void perror_wrapper(char * msg)
 void set_nonblock(int fd)
 {
 	int fl = fcntl(fd, F_GETFL, 0);
+	if (fl & O_NONBLOCK)
+		return;
 	fcntl(fd, F_SETFL, fl | O_NONBLOCK);
 }

 void set_block(int fd)
 {
 	int fl = fcntl(fd, F_GETFL, 0);
+	if (!(fl & O_NONBLOCK))
+		return;
 	fcntl(fd, F_SETFL, fl & ~O_NONBLOCK);
 }

--- a/qubes-rpc/qfile-agent.c
+++ b/qubes-rpc/qfile-agent.c
@ -1,186 +1,12 @@
-#define _GNU_SOURCE
-#include <dirent.h>
-#include <stdio.h>
-#include <string.h>
-#include <sys/stat.h>
-#include <signal.h>
-#include <fcntl.h>
-#include <malloc.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <errno.h>
-#include <gui-fatal.h>
-#include <libqubes-rpc-filecopy.h>
+#include "qfile-utils.h"

-enum {
-	PROGRESS_FLAG_NORMAL,
-	PROGRESS_FLAG_INIT,
-	PROGRESS_FLAG_DONE
-};
-
-int ignore_symlinks = 0;
-
-unsigned long crc32_sum;
-int write_all_with_crc(int fd, void *buf, int size)
+char *get_abs_path(char *cwd, char *pathname)
 {
-	crc32_sum = Crc32_ComputeBuf(crc32_sum, buf, size);
-	return write_all(fd, buf, size);
-}
-
-void do_notify_progress(long long total, int flag)
-{
-	char *du_size_env = getenv("FILECOPY_TOTAL_SIZE");
-	char *progress_type_env = getenv("PROGRESS_TYPE");
-	char *saved_stdout_env = getenv("SAVED_FD_1");
-	if (!progress_type_env)
-		return;
-	if (!strcmp(progress_type_env, "console") && du_size_env) {
-		char msg[256];
-		snprintf(msg, sizeof(msg), "sent %lld/%lld KB\r",
-			 total / 1024, strtoull(du_size_env, NULL, 0));
-		write(2, msg, strlen(msg));
-		if (flag == PROGRESS_FLAG_DONE)
-			write(2, "\n", 1);
-	}
-	if (!strcmp(progress_type_env, "gui") && saved_stdout_env) {
-		char msg[256];
-		snprintf(msg, sizeof(msg), "%lld\n", total);
-		write(strtoul(saved_stdout_env, NULL, 0), msg,
-		      strlen(msg));
-	}
-}
-
-void wait_for_result()
-{
-	struct result_header hdr;
-	struct result_header_ext hdr_ext;
-	char last_filename[MAX_PATH_LENGTH + 1];
-	char last_filename_prefix[] = "; Last file: ";
-
-	if (!read_all(0, &hdr, sizeof(hdr))) {
-		if (errno == EAGAIN) {
-			// no result sent and stdin still open
-			return;
-		} else {
-			// other read error or EOF
-			exit(1);	// hopefully remote has produced error message
-		}
-	}
-	if (!read_all(0, &hdr_ext, sizeof(hdr_ext))) {
-		// remote used old result_header struct
-		hdr_ext.last_namelen = 0;
-	}
-	if (hdr_ext.last_namelen > MAX_PATH_LENGTH) {
-		// read only at most MAX_PATH_LENGTH chars
-		hdr_ext.last_namelen = MAX_PATH_LENGTH;
-	}
-	if (!read_all(0, last_filename, hdr_ext.last_namelen)) {
-		fprintf(stderr, "Failed to get last filename\n");
-		hdr_ext.last_namelen = 0;
-	}
-	last_filename[hdr_ext.last_namelen] = '\0';
-	if (!hdr_ext.last_namelen)
-		/* set prefix to empty string */
-		last_filename_prefix[0] = '\0';
-
-	errno = hdr.error_code;
-	if (hdr.error_code != 0) {
-		switch (hdr.error_code) {
-			case EEXIST:
-				gui_fatal("File copy: not overwriting existing file. Clean QubesIncoming dir, and retry copy%s%s", last_filename_prefix, last_filename);
-				break;
-			case EINVAL:
-				gui_fatal("File copy: Corrupted data from packer%s%s", last_filename_prefix, last_filename);
-				break;
-			default:
-				gui_fatal("File copy: %s%s%s",
-						strerror(hdr.error_code), last_filename_prefix, last_filename);
-		}
-	}
-	if (hdr.crc32 != crc32_sum) {
-		gui_fatal("File transfer failed: checksum mismatch");
-	}
-}
-
-void notify_progress(int size, int flag)
-{
-	static long long total = 0;
-	static long long prev_total = 0;
-	total += size;
-	if (total > prev_total + PROGRESS_NOTIFY_DELTA
-	    || (flag != PROGRESS_FLAG_NORMAL)) {
-		// check for possible error from qfile-unpacker; if error occured,
-		// exit() will be called, so don't bother with current state
-		// (notify_progress can be called as callback from copy_file())
-		if (flag == PROGRESS_FLAG_NORMAL)
-			wait_for_result();
-		do_notify_progress(total, flag);
-		prev_total = total;
-	}
-}
-
-void write_headers(struct file_header *hdr, char *filename)
-{
-	if (!write_all_with_crc(1, hdr, sizeof(*hdr))
-	    || !write_all_with_crc(1, filename, hdr->namelen)) {
-		set_block(0);
-		wait_for_result();
-		exit(1);
-	}
-}
-
-int single_file_processor(char *filename, struct stat *st)
-{
-	struct file_header hdr;
-	int fd;
-	mode_t mode = st->st_mode;
-
-	hdr.namelen = strlen(filename) + 1;
-	hdr.mode = mode;
-	hdr.atime = st->st_atim.tv_sec;
-	hdr.atime_nsec = st->st_atim.tv_nsec;
-	hdr.mtime = st->st_mtim.tv_sec;
-	hdr.mtime_nsec = st->st_mtim.tv_nsec;
-
-	if (S_ISREG(mode)) {
-		int ret;
-		fd = open(filename, O_RDONLY);
-		if (fd < 0)
-			gui_fatal("open %s", filename);
-		hdr.filelen = st->st_size;
-		write_headers(&hdr, filename);
-		ret = copy_file(1, fd, hdr.filelen, &crc32_sum);
-		if (ret != COPY_FILE_OK) {
-			if (ret != COPY_FILE_WRITE_ERROR)
-				gui_fatal("Copying file %s: %s", filename,
-					  copy_file_status_to_str(ret));
-			else {
-				set_block(0);
-				wait_for_result();
-				exit(1);
-			}
-		}
-		close(fd);
-	}
-	if (S_ISDIR(mode)) {
-		hdr.filelen = 0;
-		write_headers(&hdr, filename);
-	}
-	if (S_ISLNK(mode) && !ignore_symlinks) {
-		char name[st->st_size + 1];
-		if (readlink(filename, name, sizeof(name)) != st->st_size)
-			gui_fatal("readlink %s", filename);
-		hdr.filelen = st->st_size + 1;
-		write_headers(&hdr, filename);
-		if (!write_all_with_crc(1, name, st->st_size + 1)) {
-			set_block(0);
-			wait_for_result();
-			exit(1);
-		}
-	}
-	// check for possible error from qfile-unpacker
-	wait_for_result();
-	return 0;
+	char *ret;
+	if (pathname[0] == '/')
+		return strdup(pathname);
+	asprintf(&ret, "%s/%s", cwd, pathname);
+	return ret;
 }

 int do_fs_walk(char *file)
@ -213,29 +39,6 @@ int do_fs_walk(char *file)
 	return 0;
 }

-void notify_end_and_wait_for_result()
-{
-	struct file_header end_hdr;
-
-	/* nofity end of transfer */
-	memset(&end_hdr, 0, sizeof(end_hdr));
-	end_hdr.namelen = 0;
-	end_hdr.filelen = 0;
-	write_all_with_crc(1, &end_hdr, sizeof(end_hdr));
-
-	set_block(0);
-	wait_for_result();
-}
-
-char *get_abs_path(char *cwd, char *pathname)
-{
-	char *ret;
-	if (pathname[0] == '/')
-		return strdup(pathname);
-	asprintf(&ret, "%s/%s", cwd, pathname);
-	return ret;
-}
-
 int main(int argc, char **argv)
 {
 	int i;
@ -275,3 +78,5 @@ int main(int argc, char **argv)
 	notify_progress(0, PROGRESS_FLAG_DONE);
 	return 0;
 }
+
+
--- a/qubes-rpc/qfile-utils.c
+++ b/qubes-rpc/qfile-utils.c
@ -0,0 +1,193 @@
+
+#include <qfile-utils.h>
+
+unsigned long crc32_sum;
+int ignore_symlinks = 0;
+int ignore_quota_error = 0;
+
+void notify_progress(int size, int flag)
+{
+	static long long total = 0;
+	static long long prev_total = 0;
+	total += size;
+	if (total > prev_total + PROGRESS_NOTIFY_DELTA
+	    || (flag != PROGRESS_FLAG_NORMAL)) {
+		// check for possible error from qfile-unpacker; if error occured,
+		// exit() will be called, so don't bother with current state
+		// (notify_progress can be called as callback from copy_file())
+		if (flag == PROGRESS_FLAG_NORMAL)
+			wait_for_result();
+		do_notify_progress(total, flag);
+		prev_total = total;
+	}
+}
+
+void do_notify_progress(long long total, int flag)
+{
+	char *du_size_env = getenv("FILECOPY_TOTAL_SIZE");
+	char *progress_type_env = getenv("PROGRESS_TYPE");
+	char *saved_stdout_env = getenv("SAVED_FD_1");
+	if (!progress_type_env)
+		return;
+	if (!strcmp(progress_type_env, "console") && du_size_env) {
+		char msg[256];
+		snprintf(msg, sizeof(msg), "sent %lld/%lld KB\r",
+			 total / 1024, strtoull(du_size_env, NULL, 0));
+		write(2, msg, strlen(msg));
+		if (flag == PROGRESS_FLAG_DONE)
+			write(2, "\n", 1);
+	}
+	if (!strcmp(progress_type_env, "gui") && saved_stdout_env) {
+		char msg[256];
+		snprintf(msg, sizeof(msg), "%lld\n", total);
+		write(strtoul(saved_stdout_env, NULL, 0), msg,
+		      strlen(msg));
+	}
+}
+
+void notify_end_and_wait_for_result()
+{
+	struct file_header end_hdr;
+
+	/* nofity end of transfer */
+	memset(&end_hdr, 0, sizeof(end_hdr));
+	end_hdr.namelen = 0;
+	end_hdr.filelen = 0;
+	write_all_with_crc(1, &end_hdr, sizeof(end_hdr));
+
+	set_block(0);
+	wait_for_result();
+}
+
+int write_all_with_crc(int fd, void *buf, int size)
+{
+	crc32_sum = Crc32_ComputeBuf(crc32_sum, buf, size);
+	return write_all(fd, buf, size);
+}
+
+void wait_for_result()
+{
+	struct result_header hdr;
+	struct result_header_ext hdr_ext;
+	char last_filename[MAX_PATH_LENGTH + 1];
+	char last_filename_prefix[] = "; Last file: ";
+
+	if (!read_all(0, &hdr, sizeof(hdr))) {
+		if (errno == EAGAIN) {
+			// no result sent and stdin still open
+			return;
+		} else {
+			// other read error or EOF
+			exit(1);	// hopefully remote has produced error message
+		}
+	}
+	if (!read_all(0, &hdr_ext, sizeof(hdr_ext))) {
+		// remote used old result_header struct
+		hdr_ext.last_namelen = 0;
+	}
+	if (hdr_ext.last_namelen > MAX_PATH_LENGTH) {
+		// read only at most MAX_PATH_LENGTH chars
+		hdr_ext.last_namelen = MAX_PATH_LENGTH;
+	}
+	if (!read_all(0, last_filename, hdr_ext.last_namelen)) {
+		fprintf(stderr, "Failed to get last filename\n");
+		hdr_ext.last_namelen = 0;
+	}
+	last_filename[hdr_ext.last_namelen] = '\0';
+	if (!hdr_ext.last_namelen)
+		/* set prefix to empty string */
+		last_filename_prefix[0] = '\0';
+
+	errno = hdr.error_code;
+	if (hdr.error_code != 0) {
+		switch (hdr.error_code) {
+			case EEXIST:
+				gui_fatal("File copy: not overwriting existing file. Clean QubesIncoming dir, and retry copy%s%s", last_filename_prefix, last_filename);
+				break;
+			case EINVAL:
+				gui_fatal("File copy: Corrupted data from packer%s%s", last_filename_prefix, last_filename);
+				break;
+			case EDQUOT:
+				if (ignore_quota_error) {
+					/* skip also CRC check as sender and receiver might be
+					 * desynchronized in this case */
+					return;
+				}
+				/* fall though */
+			default:
+				gui_fatal("File copy: %s%s%s",
+						strerror(hdr.error_code), last_filename_prefix, last_filename);
+		}
+	}
+	if (hdr.crc32 != crc32_sum) {
+		gui_fatal("File transfer failed: checksum mismatch");
+	}
+}
+
+void write_headers(struct file_header *hdr, char *filename)
+{
+	if (!write_all_with_crc(1, hdr, sizeof(*hdr))
+	    || !write_all_with_crc(1, filename, hdr->namelen)) {
+		set_block(0);
+		wait_for_result();
+		exit(1);
+	}
+}
+
+int single_file_processor(char *filename, struct stat *st)
+{
+	struct file_header hdr;
+	int fd;
+	mode_t mode = st->st_mode;
+
+	hdr.namelen = strlen(filename) + 1;
+	hdr.mode = mode;
+	hdr.atime = st->st_atim.tv_sec;
+	hdr.atime_nsec = st->st_atim.tv_nsec;
+	hdr.mtime = st->st_mtim.tv_sec;
+	hdr.mtime_nsec = st->st_mtim.tv_nsec;
+
+	if (S_ISREG(mode)) {
+		int ret;
+		fd = open(filename, O_RDONLY);
+		if (fd < 0)
+			gui_fatal("open %s", filename);
+		hdr.filelen = st->st_size;
+		write_headers(&hdr, filename);
+		ret = copy_file(1, fd, hdr.filelen, &crc32_sum);
+		if (ret != COPY_FILE_OK) {
+			if (ret != COPY_FILE_WRITE_ERROR)
+				gui_fatal("Copying file %s: %s", filename,
+					  copy_file_status_to_str(ret));
+			else {
+				set_block(0);
+				wait_for_result();
+				exit(1);
+			}
+		}
+		close(fd);
+	}
+	if (S_ISDIR(mode)) {
+		hdr.filelen = 0;
+		write_headers(&hdr, filename);
+	}
+	if (S_ISLNK(mode) && !ignore_symlinks) {
+		char name[st->st_size + 1];
+		if (readlink(filename, name, sizeof(name)) != st->st_size)
+			gui_fatal("readlink %s", filename);
+		hdr.filelen = st->st_size + 1;
+		write_headers(&hdr, filename);
+		if (!write_all_with_crc(1, name, st->st_size + 1)) {
+			set_block(0);
+			wait_for_result();
+			exit(1);
+		}
+	}
+	// check for possible error from qfile-unpacker
+	wait_for_result();
+	return 0;
+}
+
+
+
+
--- a/qubes-rpc/qfile-utils.h
+++ b/qubes-rpc/qfile-utils.h
@ -0,0 +1,40 @@
+
+#ifndef _LIBQUBES_QFILE_UTILS_H
+#define _LIBQUBES_QFILE_UTILS_H 1
+
+#define _GNU_SOURCE
+#include <dirent.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <signal.h>
+#include <fcntl.h>
+#include <malloc.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <errno.h>
+#include <gui-fatal.h>
+#include <libqubes-rpc-filecopy.h>
+
+enum {
+	PROGRESS_FLAG_NORMAL,
+	PROGRESS_FLAG_INIT,
+	PROGRESS_FLAG_DONE
+};
+
+extern unsigned long crc32_sum;
+extern int ignore_symlinks;
+
+void notify_progress(int size, int flag);
+void do_notify_progress(long long total, int flag);
+void notify_end_and_wait_for_result();
+
+void write_headers(struct file_header *hdr, char *filename);
+
+int write_all_with_crc(int fd, void *buf, int size);
+
+int single_file_processor(char *filename, struct stat *st);
+
+void wait_for_result();
+
+#endif /* _LIBQUBES_QFILE_UTILS_H */
--- a/qubes-rpc/qubes.Backup
+++ b/qubes-rpc/qubes.Backup
@ -0,0 +1,23 @@
+echo Starting Backupcopy
+read args
+echo Arguments: $args 
+if [ -d "$args" ] ; then
+  echo "Performing backup to directory $args"
+  TARGET="$args/qubes-backup-`date +'%Y-%d-%d-%H%M%S'`"
+  echo "Copying STDIN data to $TARGET"
+  cat > $TARGET
+else
+  echo "Checking if arguments is matching a command"
+  COMMAND=`echo $args | cut -d ' ' -f 1`
+  TYPE=`type -t $COMMAND`
+  if [ "$TYPE" == "file" ] ; then
+    echo "Redirecting STDIN to $args"
+    # Parsing args to handle quotes correctly
+    # Dangerous method if args are uncontrolled
+    eval "set -- $args"
+    $@
+  else
+    echo "Invalid command $COMMAND"
+    exit 1
+  fi
+fi
--- a/qubes-rpc/qubes.Restore
+++ b/qubes-rpc/qubes.Restore
@ -0,0 +1,34 @@
+echo Starting Restorecopy >&2
+read args
+read paths
+echo Arguments: $args >&2
+echo Paths: $paths >&2
+if [ -f "$args" ] ; then
+  echo "Performing restore from backup file $args" >&2
+  TARGET="$args"
+  echo "Copying $TARGET to STDOUT" >&2
+  /usr/lib/qubes/tar2qfile $TARGET $paths
+else
+  echo "Checking if arguments is matching a command" >&2
+  COMMAND=`echo $args | cut -d ' ' -f 1`
+  TYPE=`type -t $COMMAND`
+  if [ "$TYPE" == "file" ] ; then
+    tmpdir=`mktemp -d`
+    mkfifo $tmpdir/backup-data
+    echo "Redirecting $args to STDOUT" >&2
+    # Parsing args to handle quotes correctly
+    # Dangerous method if args are uncontrolled
+    eval "set -- $args"
+    # Use named pipe to pass original stdin to tar2file
+    $@ > $tmpdir/backup-data < /dev/null &
+    retcode=$?
+    /usr/lib/qubes/tar2qfile $tmpdir/backup-data $paths
+    wait
+    rm $tmpdir/backup-data
+    rmdir $tmpdir
+    exit $retcode
+  else
+    echo "Invalid command $COMMAND" >&2
+    exit 2
+  fi
+fi
--- a/qubes-rpc/tar2qfile.c
+++ b/qubes-rpc/tar2qfile.c
--- a/rpm_spec/core-vm.spec
+++ b/rpm_spec/core-vm.spec
@ -277,6 +277,8 @@ rm -f %{name}-%{version}
 /etc/qubes-rpc/qubes.SuspendPost
 /etc/qubes-rpc/qubes.WaitForSession
 /etc/qubes-rpc/qubes.DetachPciDevice
+/etc/qubes-rpc/qubes.Backup
+/etc/qubes-rpc/qubes.Restore
 /etc/sudoers.d/qubes
 %config(noreplace) /etc/sysconfig/iptables
 %config(noreplace) /etc/sysconfig/ip6tables
@ -322,6 +324,7 @@ rm -f %{name}-%{version}
 /usr/lib/qubes/qvm-copy-to-vm.kde
 /usr/lib/qubes/serial.conf
 /usr/lib/qubes/setup-ip
+/usr/lib/qubes/tar2qfile
 /usr/lib/qubes/vm-file-editor
 /usr/lib/qubes/wrap-in-html-if-url.sh
 /usr/lib/qubes/iptables-yum-proxy