Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' of https://github.com/marmarek/qubes-core-agent-linux

Browse Source 
Conflicts:
	archlinux/PKGBUILD.install
This commit is contained in:
Olivier MEDOC 2015-10-18 10:56:18 +02:00
commit fcee020cf5
36 changed files with 89 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
archlinux/PKGBUILD
View File

@ -68,7 +68,7 @@ done
package() {
# Note: Archlinux removed use of directory such as /sbin /bin /usr/sbin (https://mailman.archlinux.org/pipermail/arch-dev-public/2012-March/022625.html)
(cd qrexec; make install DESTDIR=$pkgdir SBINDIR=/usr/bin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib)
make install-vm DESTDIR=$pkgdir SBINDIR=/usr/bin LIBDIR=/usr/lib SYSLIBDIR=/usr/lib DROPIN_DIR=usr/lib/systemd/system DIST=archlinux

31
archlinux/PKGBUILD.install
View File

@ -1,5 +1,4 @@
###########################
## Pre-Install functions ##
###########################
@ -29,7 +28,7 @@ pre_install() {
mkdir -p /var/lib/qubes
# Backup fstab / But use archlinux defaults (cp instead of mv)
if [ -e /etc/fstab ] ; then
if [ -e /etc/fstab ] ; then
cp /etc/fstab /var/lib/qubes/fstab.orig
fi
@ -71,7 +70,6 @@ configure_selinux() {
# sed -e s/^SELINUX=.*$/SELINUX=disabled/ -i /etc/selinux/config
# setenforce 0 2>/dev/null
}
############################
@ -83,7 +81,7 @@ update_qubesconfig() {
# Remove ip_forward setting from sysctl, so NM will not reset it
# Archlinux now use sysctl.d/ instead of sysctl.conf
#sed 's/^net.ipv4.ip_forward.*/#\0/' -i /etc/sysctl.conf
# Remove old firmware updates link
if [ -L /lib/firmware/updates ]; then
rm -f /lib/firmware/updates
@ -102,7 +100,7 @@ update_qubesconfig() {
# Location of files which contains list of protected files
mkdir -p /etc/qubes/protected-files.d
PROTECTED_FILE_LIST='/etc/qubes/protected-files.d'
# qubes-core-vm has been broken for some time - it overrides /etc/hosts; restore original content
if ! grep -rq "^/etc/hosts$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
if ! grep -q localhost /etc/hosts; then
@ -112,7 +110,7 @@ update_qubesconfig() {
EOF
fi
fi
# ensure that hostname resolves to 127.0.0.1 resp. ::1 and that /etc/hosts is
# in the form expected by qubes-sysinit.sh
if ! grep -rq "^/etc/hostname$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
@ -149,7 +147,7 @@ PRESET_FAILED=0
if [ $1 -eq 1 ]; then
systemctl --no-reload preset-all > /dev/null 2>&1 && PRESET_FAILED=0 || PRESET_FAILED=1
else
services="qubes-dvm qubes-misc-post qubes-firewall qubes-mount-home"
services="qubes-dvm qubes-misc-post qubes-firewall qubes-mount-dirs"
services="$services qubes-netwatcher qubes-network qubes-sysinit"
services="$services qubes-iptables qubes-updates-proxy qubes-qrexec-agent"
services="$services qubes-random-seed"
@ -199,7 +197,7 @@ update_finalize() {
sed '/session\t\trequired\tpam_unix.so/asession\t\tinclude\t\tsystem-login' -i /etc/pam.d/su
cp /etc/pam.d/su /etc/pam.d/su-l
fi
# Archlinux specific: ensure tty1 is enabled
rm -f /etc/systemd/system/getty.target.wants/getty@tty*.service
systemctl enable getty\@tty1.service
@ -227,15 +225,15 @@ post_install() {
if [ $(basename $f) == "xen-backend.rules" ] ; then
continue
fi
if [ $(basename $f) == "50-qubes-misc.rules" ] ; then
continue
fi
if echo $f | grep -q qubes; then
continue
fi
mv $f /var/lib/qubes/removed-udev-scripts/
done
@ -252,8 +250,6 @@ post_install() {
}
## arg 1: the new package version
## arg 2: the old package version
post_upgrade() {
@ -263,13 +259,10 @@ post_upgrade() {
configure_notification-daemon
configure_selinux
configure_systemd 1
update_finalize
/usr/bin/glib-compile-schemas /usr/share/glib-2.0/schemas &> /dev/null || :
}
######################
@ -299,12 +292,8 @@ post_remove() {
rm /lib/firmware/updates
fi
rm -rf /var/lib/qubes/xdg
for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-mount-home qubes-netwatcher qubes-network qubes-qrexec-agent; do
for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-mount-dirs qubes-netwatcher qubes-network qubes-qrexec-agent; do
systemctl disable $srv.service
done
}

4
debian/qubes-core-agent.postinst vendored
View File

@ -100,7 +100,7 @@ case "${1}" in
# Systemd preload-all
systemdPreload
# Maybe install overridden serial.conf init script
# Maybe install overridden serial.conf init script
installSerialConf
fi
@ -150,7 +150,7 @@ case "${1}" in
/usr/lib/qubes/qubes-trigger-sync-appmenus.sh || true
;;
# Install overridden serial.conf init script
# Install overridden serial.conf init script
/etc/init/serial.conf)
installSerialConf
;;

2
debian/qubes-core-agent.postrm vendored
View File

@ -22,7 +22,7 @@ set -e
#
# Called when the old postrm upgrade action fails. The new package will be
# unpacked, but only essential packages and pre-dependencies can be relied on.
# Pre-dependencies will either be configured or will be "Unpacked" or
# Pre-dependencies will either be configured or will be "Unpacked" or
# "Half-Configured" but previously had been configured and was never removed.
#
# * <new-postrm> 'abort-install'

10
debian/qubes-core-agent.preinst vendored
View File

@ -10,10 +10,10 @@ set -e
# * <new-preinst> 'install' <old-version>
# * <new-preinst> 'upgrade' <old-version>
#
# The package will not yet be unpacked, so the preinst script cannot rely
# on any files included in its package. Only essential packages and
# pre-dependencies (Pre-Depends) may be assumed to be available.
# Pre-dependencies will have been configured at least once, but at the time the
# The package will not yet be unpacked, so the preinst script cannot rely
# on any files included in its package. Only essential packages and
# pre-dependencies (Pre-Depends) may be assumed to be available.
# Pre-dependencies will have been configured at least once, but at the time the
# preinst is called they may only be in an "Unpacked" or "Half-Configured" state
# if a previous version of the pre-dependency was completely configured and has
# not been removed since then.
@ -26,7 +26,7 @@ set -e
# be partly from the new version or partly missing, so the script cannot rely
# on files included in the package. Package dependencies may not be available.
# Pre-dependencies will be at least "Unpacked" following the same rules as
# above, except they may be only "Half-Installed" if an upgrade of the
# above, except they may be only "Half-Installed" if an upgrade of the
# pre-dependency failed.[46]
#
# For details, see http://www.debian.org/doc/debian-policy/ or

10
debian/qubes-core-agent.prerm vendored
View File

@ -9,14 +9,14 @@ set -e
# * <prerm> 'remove'
# * <old-prerm> 'upgrade' <new-version>
# * <conflictor's-prerm> 'remove' 'in-favour' <package> <new-version>
# * <deconfigured's-prerm> 'deconfigure' 'in-favour' <package-being-installed>
# * <deconfigured's-prerm> 'deconfigure' 'in-favour' <package-being-installed>
# <version> [removing conflicting-package version]
#
# The package whose prerm is being called will be at least "Half-Installed".
# All package dependencies will at least be "Half-Installed" and will have
# previously been configured and not removed. If there was no error, all
# dependencies will at least be "Unpacked", but these actions may be called in
# various error states where dependencies are only "Half-Installed" due to a
# All package dependencies will at least be "Half-Installed" and will have
# previously been configured and not removed. If there was no error, all
# dependencies will at least be "Unpacked", but these actions may be called in
# various error states where dependencies are only "Half-Installed" due to a
# partial upgrade.
#
# * <new-prerm> 'failed-upgrade' <old-version>

2
doc/Makefile
View File

@ -21,7 +21,7 @@ install: manpages
gzip -f $<
manpages: $(QVM_DOCS) $(QUBES_DOCS) $(VM_DOCS)
preview: $(rst)
pandoc -s -f rst -t man $(rst) | groff -mandoc -Tlatin1 | less -R

2
misc/block-snapshot
View File

@ -264,7 +264,7 @@ case "$command" in
rm $HOTPLUG_STORE-*
fi
release_lock "block"
exit 0
;;
esac

12
misc/xorg-preload-apps.conf
View File

@ -1,11 +1,11 @@
Section "ServerLayout"
Section "ServerLayout"
Identifier "Default Layout"
Screen 0 "Screen0" 0 0
Screen 0 "Screen0" 0 0
EndSection
Section "Device"
Identifier "Videocard0"
Driver "dummy"
Driver "dummy"
VideoRam 4001
EndSection
@ -13,7 +13,7 @@ Section "Monitor"
Identifier "Monitor0"
HorizSync 49-50
VertRefresh 62-63
Modeline "QB1280x800" 64 1280 1281 1282 1283 800 801 802 803
Modeline "QB1280x800" 64 1280 1281 1282 1283 800 801 802 803
EndSection
Section "Screen"
@ -23,8 +23,8 @@ Section "Screen"
DefaultDepth 24
SubSection "Display"
Viewport 0 0
Depth 24
Modes "QB1280x800"
Depth 24
Modes "QB1280x800"
EndSubSection
EndSection

2
misc/yum-qubes-hooks.py
View File

@ -27,7 +27,7 @@ import subprocess
requires_api_version = '2.4'
plugin_type = (TYPE_CORE,)
def posttrans_hook(conduit):
# Get all updates available _before_ this transaction
pkg_list = conduit._base.doPackageLists(pkgnarrow='updates')

2
network/filter-updates
View File

@ -8,7 +8,7 @@
^http://mirrors\..*/mirrorlist\?
# Debian filters
#
#
# Whonix uses sourceforge to host its repos and url can end in:
# '/' or '/download' or '?.*'
# -----------------------------------------------------------------------------

2
network/qubes-firewall
View File

@ -45,7 +45,7 @@ while true; do
echo "Failed applying rules for $i: $ERRS" >&2
OUT="$OUT$ERRS"
fi
done
done
qubesdb-write $XENSTORE_ERROR "$OUT"
if [ -n "$OUT" ]; then
DISPLAY=:0 /usr/bin/notify-send -t 3000 "Firewall loading error ($(hostname))" "$OUT" || :

2
network/qubes-iptables
View File

@ -41,7 +41,7 @@ start() {
else
echo FAIL; return 1
fi
return $ret
}

2
network/setup-ip
View File

@ -1,7 +1,7 @@
#!/bin/sh
# setup-ip is potentially invoked before qubes-sysinit.sh is done, therefore
# we perform our qubesdb reads here instead of relying on qvm-service
# we perform our qubesdb reads here instead of relying on qvm-service
# files under /var/run/qubes-service/
disablegw=`qubesdb-read /qubes-service/disable-default-route 2> /dev/null`
disabledns=`qubesdb-read /qubes-service/disable-dns-server 2> /dev/null`

38
network/vif-route-qubes
View File

@ -1,24 +1,24 @@
#!/bin/bash
#!/bin/bash
#============================================================================
# /etc/xen/vif-route-qubes
#
# Script for configuring a vif in routed mode.
# The hotplugging system will call this script if it is specified either in
# the device configuration given to Xend, or the default Xend configuration
# /etc/xen/vif-route-qubes
#
# Script for configuring a vif in routed mode.
# The hotplugging system will call this script if it is specified either in
# the device configuration given to Xend, or the default Xend configuration
# in /etc/xen/xend-config.sxp. If the script is specified in neither of those
# places, then vif-bridge is the default.
#
# Usage:
# vif-route (add|remove|online|offline)
#
# Environment vars:
# vif vif interface name (required).
# XENBUS_PATH path to this device's details in the XenStore (required).
#
# Read from the store:
# ip list of IP networks for the vif, space-separated (default given in
# this script).
#============================================================================
# places, then vif-bridge is the default.
#
# Usage:
# vif-route (add|remove|online|offline)
#
# Environment vars:
# vif vif interface name (required).
# XENBUS_PATH path to this device's details in the XenStore (required).
#
# Read from the store:
# ip list of IP networks for the vif, space-separated (default given in
# this script).
#============================================================================
dir=$(dirname "$0")
. "$dir/vif-common.sh"

4
qubes-rpc/prepare-suspend
View File

@ -13,12 +13,12 @@ fi
if [ x"$action" = x"suspend" ]; then
dbus-send --system --print-reply \
--dest=org.freedesktop.NetworkManager \
--dest=org.freedesktop.NetworkManager \
/org/freedesktop/NetworkManager \
org.freedesktop.NetworkManager.Sleep boolean:true || \
service NetworkManager stop
# Force interfaces down, just in case when NM didn't done it
for if in `ls /sys/class/net|grep -v "lo\|vif"`; do
for if in `ls /sys/class/net|grep -v "lo\|vif"`; do
if [ "`cat /sys/class/net/$if/device/devtype 2>/dev/null`" = "vif" ]; then
continue
fi

4
qubes-rpc/qfile-unpacker.c
View File

@ -52,10 +52,10 @@ int main(int argc __attribute((__unused__)), char ** argv __attribute__((__unuse
}
mkdir(INCOMING_DIR_ROOT, 0700);
if (asprintf(&incoming_dir, "%s/%s", INCOMING_DIR_ROOT, remote_domain) < 0)
gui_fatal("Error allocating memory");
gui_fatal("Error allocating memory");
mkdir(incoming_dir, 0700);
if (chdir(incoming_dir))
gui_fatal("Error chdir to %s", incoming_dir);
gui_fatal("Error chdir to %s", incoming_dir);
if (mount(".", ".", NULL, MS_BIND | MS_NODEV | MS_NOEXEC | MS_NOSUID, NULL) < 0)
gui_fatal("Failed to mount a directory %s", incoming_dir);

4
qubes-rpc/qopen-in-vm.c
View File

@ -100,8 +100,8 @@ void talk_to_daemon(const char *fname)
int main(int argc, char ** argv)
{
signal(SIGPIPE, SIG_IGN);
if (argc!=2)
if (argc!=2)
gui_fatal("OpenInVM - no file given?");
talk_to_daemon(argv[1]);
return 0;
}
}

2
qubes-rpc/qubes.Backup
View File

@ -1,6 +1,6 @@
echo Starting Backupcopy
read args
echo Arguments: $args
echo Arguments: $args
if [ -d "$args" ] ; then
echo "Performing backup to directory $args"
TARGET="$args/qubes-backup-`date +'%Y-%m-%dT%H%M%S'`"

4
qubes-rpc/qvm-copy-to-vm.kde
View File

@ -30,7 +30,7 @@ qdbus $REF org.freedesktop.DBus.Properties.Set "" maximum $SIZE
export PROGRESS_TYPE=gui
/usr/lib/qubes/qrexec-client-vm $VM qubes.Filecopy \
/usr/lib/qubes/qfile-agent "$@" |
/usr/lib/qubes/qfile-agent "$@" |
(while read sentsize ; do
CURRSIZE=$(($sentsize/1024))
qdbus $REF org.freedesktop.DBus.Properties.Set "" value $CURRSIZE
@ -38,6 +38,6 @@ done)
qdbus $REF close
# we do not want a dozen error messages, do we
# if ! [ "x"$agentstatus = xDONE ] ; then
# if ! [ "x"$agentstatus = xDONE ] ; then
# kdialog --sorry 'Abnormal file copy termination; see /var/log/qubes/qrexec.xid.log in dom0 for more details'
# fi

4
qubes-rpc/qvm-move-to-vm.kde
View File

@ -31,7 +31,7 @@ export PROGRESS_TYPE=gui
set -o pipefail
/usr/lib/qubes/qrexec-client-vm $VM qubes.Filecopy \
/usr/lib/qubes/qfile-agent "$@" |
/usr/lib/qubes/qfile-agent "$@" |
(while read sentsize ; do
CURRSIZE=$(($sentsize/1024))
qdbus $REF org.freedesktop.DBus.Properties.Set "" value $CURRSIZE
@ -42,6 +42,6 @@ fi
qdbus $REF close
# we do not want a dozen error messages, do we
# if ! [ "x"$agentstatus = xDONE ] ; then
# if ! [ "x"$agentstatus = xDONE ] ; then
# kdialog --sorry 'Abnormal file copy termination; see /var/log/qubes/qrexec.xid.log in dom0 for more details'
# fi

2
qubes-rpc/qvm-mru-entry
View File

@ -42,7 +42,7 @@ class QubesMruDialog(gtk.Dialog):
# does not work as advertised
# using key-press-event instead
#self.set_default_response(gtk.RESPONSE_OK)
self.connect("destroy", lambda *w: gtk.main_quit())
self.connect("response", self.response_callback)
self.connect("key-press-event", self.key_press_callback)

2
qubes-rpc/qvm-open-in-dvm
View File

@ -20,7 +20,7 @@
#
#
if ! [ $# = 1 ] ; then
if ! [ $# = 1 ] ; then
echo "Usage: $0 filename"
exit 1
fi

2
qubes-rpc/qvm-open-in-vm
View File

@ -20,7 +20,7 @@
#
#
if ! [ $# = 2 ] ; then
if ! [ $# = 2 ] ; then
echo "Usage: $0 vmname filename"
exit 1
fi

2
qubes-rpc/qvm-run
View File

@ -20,7 +20,7 @@
#
#
if [ $# -lt 2 ] ; then
if [ $# -lt 2 ] ; then
cat <<USAGE
Usage: $0 vmname command arguments
Executes a command in another VM using the qubes.VMShell RPC service. The

8
qubes-rpc/tar2qfile.c
View File

@ -709,7 +709,7 @@ ustar_rd (int fd, struct file_header * untrusted_hdr, char *buf, struct stat * s
char * last_token = strtok(dirbuf,"/");
char * token = strtok(NULL, "/");
while (token != NULL) {
#ifdef DEBUG
fprintf(stderr,"Found directory %s (last:%s)\n",token,last_token);
#endif
@ -727,7 +727,7 @@ ustar_rd (int fd, struct file_header * untrusted_hdr, char *buf, struct stat * s
if (path == NULL)
return MEMORY_ALLOC_FAILED;
path[pathsize] = '/';
strncpy(path+pathsize+1, last_token, strlen(last_token));
path[pathsize+strlen(last_token)+1] = '\0';
}
@ -773,7 +773,7 @@ ustar_rd (int fd, struct file_header * untrusted_hdr, char *buf, struct stat * s
dir_header.mode = untrusted_hdr->mode | S_IFDIR;
dir_header.filelen = 0;
#ifdef DEBUG
fprintf(stderr,"Sending directory headers for %s\n",path);
#endif
@ -785,7 +785,7 @@ ustar_rd (int fd, struct file_header * untrusted_hdr, char *buf, struct stat * s
}
free(path);
free(dirbuf);
#ifdef DEBUG
fprintf(stderr,"End of directory checks\n");
#endif

2
qubes-rpc/vm-file-editor.c
View File

@ -194,7 +194,7 @@ main()
case 0:
null_fd = open("/dev/null", O_RDONLY);
dup2(null_fd, 0);
close(null_fd);
close(null_fd);
env_file = fopen("/tmp/qubes-session-env", "r");
while(fscanf(env_file, "%1024[^=]=%4096[^\n]\n", var, val) == 2) {

5
qubes-rpc/wrap-in-html-if-url.sh
View File

@ -3,7 +3,7 @@ wrap_in_html_if_url()
case "$1" in
*://*)
FILE_ARGUMENT=$(mktemp)
echo -n '<html><meta HTTP-EQUIV="REFRESH" content="0; url=' > $FILE_ARGUMENT
echo -n "$1" >> $FILE_ARGUMENT
echo '"></html>' >> $FILE_ARGUMENT
@ -13,5 +13,4 @@ wrap_in_html_if_url()
;;
esac
}

10
rpm_spec/core-vm.spec
View File

@ -111,7 +111,7 @@ exit 0
fi
mkdir -p /var/lib/qubes
if [ -e /etc/fstab ] ; then
if [ -e /etc/fstab ] ; then
mv /etc/fstab /var/lib/qubes/fstab.orig
fi
@ -486,7 +486,7 @@ The Qubes core startup configuration for SystemD init.
/lib/systemd/system/qubes-dvm.service
/lib/systemd/system/qubes-misc-post.service
/lib/systemd/system/qubes-firewall.service
/lib/systemd/system/qubes-mount-home.service
/lib/systemd/system/qubes-mount-dirs.service
/lib/systemd/system/qubes-netwatcher.service
/lib/systemd/system/qubes-network.service
/lib/systemd/system/qubes-iptables.service
@ -505,7 +505,7 @@ The Qubes core startup configuration for SystemD init.
/usr/lib/qubes/init/qubes-iptables
/usr/lib/qubes/init/misc-post.sh
/usr/lib/qubes/init/misc-post-stop.sh
/usr/lib/qubes/init/mount-home.sh
/usr/lib/qubes/init/mount-dirs.sh
/usr/lib/qubes/init/qubes-random-seed.sh
/usr/lib/qubes/init/qubes-sysinit.sh
/lib/systemd/system/chronyd.service.d/30_qubes.conf
@ -526,7 +526,7 @@ PRESET_FAILED=0
if [ $1 -eq 1 ]; then
/bin/systemctl --no-reload preset-all > /dev/null 2>&1 && PRESET_FAILED=0 || PRESET_FAILED=1
else
services="qubes-dvm qubes-misc-post qubes-firewall qubes-mount-home"
services="qubes-dvm qubes-misc-post qubes-firewall qubes-mount-dirs"
services="$services qubes-netwatcher qubes-network qubes-sysinit"
services="$services qubes-iptables qubes-updates-proxy qubes-qrexec-agent"
services="$services qubes-random-seed"
@ -573,6 +573,6 @@ if [ "$1" != 0 ] ; then
exit 0
fi
for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-mount-home qubes-netwatcher qubes-network qubes-qrexec-agent; do
for srv in qubes-dvm qubes-sysinit qubes-misc-post qubes-mount-dirs qubes-netwatcher qubes-network qubes-qrexec-agent; do
/bin/systemctl disable $srv.service
do

2
vm-init.d/qubes-core-appvm
View File

@ -51,7 +51,7 @@ start()
possibly_run_save_script
umount /rw
dmesg -c >/dev/null
free | grep Mem: |
free | grep Mem: |
(read a b c d ; qubesdb-write /qubes-used-mem $c)
# give dom0 time to read some entries, when done it will shutdown qubesdb,
# so wait for it

2
vm-init.d/qubes-core-netvm
View File

@ -33,7 +33,7 @@ start()
/usr/lib/qubes/qubes-setup-dnat-to-ns
echo "1" > /proc/sys/net/ipv4/ip_forward
fi
success
echo ""
return 0

2
vm-systemd/75-qubes-vm.preset
View File

@ -66,7 +66,7 @@ enable qubes-updates-proxy.service
enable qubes-dvm.service
enable qubes-network.service
enable qubes-qrexec-agent.service
enable qubes-mount-home.service
enable qubes-mount-dirs.service
enable qubes-firewall.service
enable qubes-netwatcher.service
enable qubes-meminfo-writer.service

0
vm-systemd/mount-home.sh → vm-systemd/mount-dirs.sh
View File

2
vm-systemd/prepare-dvm.sh
View File

@ -16,7 +16,7 @@ if true; then
dmesg -c >/dev/null
qubesdb-watch /qubes-restore-complete &
watch_pid=$!
free | grep Mem: |
free | grep Mem: |
(read label total used free shared buffers cached; qubesdb-write /qubes-used-mem $(( $used + $cached )) )
# we're still running in DispVM template
echo "Waiting for save/restore..."

2
vm-systemd/qubes-misc-post.service
View File

@ -1,6 +1,6 @@
[Unit]
Description=Qubes misc post-boot actions
After=qubes-dvm.service qubes-mount-home.service
After=qubes-dvm.service qubes-mount-dirs.service
[Service]
Type=oneshot

2
vm-systemd/qubes-mount-home.service → vm-systemd/qubes-mount-dirs.service
View File

@ -5,7 +5,7 @@ Before=qubes-gui-agent.service
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/lib/qubes/init/mount-home.sh
ExecStart=/usr/lib/qubes/init/mount-dirs.sh
# Fedora and Debian have different paths for fuser
ExecStop=/bin/sh -c 'fuser -kMm /home' ; /bin/umount /home
ExecStopPost=-/bin/umount /rw