Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,749 Commits 1 Branch 0 Tags 6.4 MiB
07c442f534
Commit Graph

169 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
817606a09d
Merge remote-tracking branch 'origin/pr/72' 
* origin/pr/72:
  systemd: order units checking for qubes-service after qubes-sysinit
 2016-05-17 21:16:02 +02:00
Marek Marczykowski-Górecki
5e08e2bc1d
systemd: order units checking for qubes-service after qubes-sysinit 
Files in /var/run/qubes-service are created by qubes-sysinit.service. So
defer that condition check after that service start.

Thanks @adrelanos for the report.

Fixes QubesOS/qubes-issues#1985
 2016-05-12 00:17:05 +02:00
Patrick Schleizer
23bdcb90a7 minor debug xtrace output 2016-05-03 15:16:59 +02:00
Patrick Schleizer
d14203f1ac
fixed bind-dirs legacy import function 
https://phabricator.whonix.org/T501
 2016-04-29 23:44:18 +02:00
Marek Marczykowski-Górecki
437680b731
Fix bind-dirs.sh path 2016-03-30 14:17:04 +02:00
Marek Marczykowski-Górecki
1b0e604eca
Merge remote-tracking branch 'origin/pr/65' 
* origin/pr/65:
  minor indent
 2016-03-21 14:21:57 +01:00
Patrick Schleizer
5a1ea4f5e5 minor indent 2016-03-19 16:26:29 +01:00
Patrick Schleizer
77d51a69ea use 'true' rather than ':' for consistency 2016-03-19 16:23:36 +01:00
Marek Marczykowski-Górecki
74625b1657
Merge remote-tracking branch 'origin/pr/58' 
* origin/pr/58:
  refactoring / code simplification
  fixed broken file copy for files in multi level directories
  also exit from bind-directories if file /var/run/qubes-service/qubes-dvm exists
  use symlink_level_max rather than hardcoding 10; comment
  run /usr/lib/qubes/bind-dirs.sh from mount-dirs.sh
  renamed:    bind-dirs -> bind-dirs.sh
  renamed:    misc/bind-dirs -> vm-systemd/bind-dirs
  work on bind-dirs
  work on bind-dirs
  work on bind-dirs https://phabricator.whonix.org/T414
 2016-03-14 16:14:10 +01:00
Marek Marczykowski-Górecki
7f686b1aae
Merge remote-tracking branch 'origin/pr/60' 
* origin/pr/60:
  do not start the Tor service inside Qubes TemplateVMs
 2016-03-14 16:11:44 +01:00
Marek Marczykowski-Górecki
07ad58b511
Merge remote-tracking branch 'origin/pr/62' 
* origin/pr/62:
  disable systemd-timesyncd
 2016-03-14 16:10:50 +01:00
Marek Marczykowski-Górecki
fb9b3b62c0
network: use qubes-primary-dns QubesDB entry if present 
For a long time the DNS address was the same as default gateway. This is
still the case in R3.x, but using `qubes-gateway` configuration
parameter for it is misleading. It should be up to dom0 to provide DNS
address (whether the value is the same as gateway or not).

Fixes QubesOS/qubes-issues#1817
 2016-03-07 13:37:45 +01:00
Patrick Schleizer
83d0ae6df4 disable systemd-timesyncd 
fixes https://github.com/QubesOS/qubes-issues/issues/1754
 2016-02-19 02:34:08 +01:00
Patrick Schleizer
aee3f5ed12
do not start the Tor service inside Qubes TemplateVMs 
Private data inside /var/lib/tor should not be shared.
Tor should not be run inside TemplateVMs.

https://github.com/QubesOS/qubes-issues/issues/1625#issuecomment-172369781
 2016-01-18 15:19:13 +01:00
Marek Marczykowski-Górecki
fb470fe86f
sysinit: Accept also old xenbus kernel interface 
qubes-sysinit.sh waits for xenbus initialization by watching its
interface file presence. In linux before 3.10 there is no
/dev/xen/xenbus, which is the case in Debian 7 (3.2 kernel). The problem
applies only to the VMs with PVGrub enabled, because otherwise VM would
use dom0 privided kernel, which is much newer.

Fixes QubesOS/qubes-issues#1609
 2016-01-13 05:05:00 +01:00
Patrick Schleizer
f4d367a6a7
refactoring / code simplification 
Thanks to @marmarek for the suggestion!
 2016-01-08 00:36:26 +00:00
Patrick Schleizer
e9fca8fb9f
fixed broken file copy for files in multi level directories 
Thanks to @marmarek for the report and help fixing!
 2016-01-07 21:19:52 +00:00
Patrick Schleizer
184f49dbbd
also exit from bind-directories if file /var/run/qubes-service/qubes-dvm exists 
Thanks to @marmarek for the suggestion!

https://github.com/QubesOS/qubes-issues/issues/1328#issuecomment-169483029
 2016-01-06 23:08:33 +00:00
Patrick Schleizer
7e8649f8c7
use symlink_level_max rather than hardcoding 10; comment 2016-01-06 20:46:38 +00:00
Patrick Schleizer
eb00e40bab
run /usr/lib/qubes/bind-dirs.sh from mount-dirs.sh 2015-12-25 12:30:36 +00:00
Patrick Schleizer
5a87313ea6
renamed: bind-dirs -> bind-dirs.sh 2015-12-25 12:30:35 +00:00
Patrick Schleizer
8f2a80982b
renamed: misc/bind-dirs -> vm-systemd/bind-dirs 2015-12-25 12:30:35 +00:00
MB
9c68afe14c [network-proxy-setup] Permit !CONFIG_MODuLES 
* Check whether sysctl is accessible
* Check whether a key which exists when CONFIG_MODULES=y is not accessible

If true, CONFIG_MODULES=n, so ignore modprobe failure.
If false, fail.
 2015-11-29 00:00:00 +00:00
Patrick Schleizer
e323d3f4bd
Have qubes-sysinit create /var/run/qubes VM type files. 
- /var/run/qubes/this-is-appvm
- /var/run/qubes/this-is-netvm
- /var/run/qubes/this-is-proxyvm
- /var/run/qubes/this-is-templatevm

This is useful for checking ConditionPathExists from within systemd units.

(Came up in https://phabricator.whonix.org/T432#7206.)
 2015-11-22 21:55:51 +00:00
Marek Marczykowski-Górecki
13c9149b6c
Use improved update-notify script also in Fedora 
Among other things this also fixes build failure - those scripts were
installed but not listed in spec file.

Actual check doesn't perform 'apt-get update', so do that when running
"standalone" (not as a hook from 'apt-get').

QubesOS/qubes-issues#1066
 2015-11-13 05:28:47 +01:00
qubesuser
f380c346cf Allow to provide customized DispVM home directly in the template VM 
This significantly speeds up DispVM creation for large customized
homes, since no data has to be copied, and instead CoW is used.
 2015-11-12 15:33:01 +01:00
Marek Marczykowski-Górecki
97e5072315
Revert "preset disable tinyproxy by default" 
This reverts commit f32dccb5e3.
Not needed anymore since dropin approach is implemented.
 2015-11-11 16:04:52 +01:00
Marek Marczykowski-Górecki
3324307ee2
Merge remote-tracking branch 'origin/pr/46' 
* origin/pr/46:
  No longer start /etc/init.d/tinyproxy by default anymore.
 2015-11-11 16:04:40 +01:00
Patrick Schleizer
5d6cf722a8
No longer start /etc/init.d/tinyproxy by default anymore. 
But allow users to re-enable it through qubes-service framework.
/var/run/qubes-service/tinyproxy

Thanks to @marmarek for helping with this fix!

https://github.com/QubesOS/qubes-issues/issues/1401
 2015-11-11 14:57:36 +00:00
Marek Marczykowski-Górecki
2a589f2c20
updates-proxy: use separate directory for PID file 
And also use systemd-tmpfiles for that directory creation.

Fixes QubesOS/qubes-issues#1401
 2015-11-11 05:57:57 +01:00
Marek Marczykowski-Górecki
90b4398863
Merge remote-tracking branch 'origin/pr/43' 
* origin/pr/43:
  preset disable tinyproxy by default
 2015-11-11 05:27:52 +01:00
Marek Marczykowski-Górecki
3466f3df35
systemd: make sure that update check is started only after qrexec-agent 2015-11-11 02:36:57 +01:00
Patrick Schleizer
f32dccb5e3 preset disable tinyproxy by default 
Fixes https://github.com/QubesOS/qubes-issues/issues/1401
 2015-11-10 20:08:26 +00:00
Olivier MEDOC
0c33c73b8e dropins: implement dropins for systemd user starting with pulseaudio systemd service and socket masking 
Conflicts:
	Makefile
 2015-11-07 19:12:30 +01:00
Olivier MEDOC
4b5332081e add DROPINS for org.cups.cupsd systemd files. 2015-11-06 19:36:52 +01:00
Marek Marczykowski-Górecki
6752be9196
No longer disable auditd 
On Fedora 22 console is trashed with a lot of messages without auditd
running.

QubesOS/qubes-issues#1282
 2015-11-03 18:15:20 +01:00
Marek Marczykowski-Górecki
c2596a0435
Setup updates proxy in dnf and PackageKit 
DNF doesn't support even including another config file, so all the
settings needs to go into `/etc/dnf/dnf.conf`. The same about
PackageKit, which is needed because it doesn't use `dnf.conf`:
http://lists.freedesktop.org/archives/packagekit/2015-September/026389.html

Because that proxy settings goes to so many places now, create a
separate script for that.

QubesOS/qubes-issues#1282
QubesOS/qubes-issues#1197
 2015-10-30 15:13:56 +01:00
Patrick Schleizer
f063b4a90f
Renamed qubes-mount-home to qubes-mount-dirs. 
Renamed qubes-mount-home service and mount-home.sh script to qubes-mount-dirs service and mount-dirs.sh.
Because mount-home.sh also processed /rw/usrlocal.
preparation to fix the following issues:
- upstream bind-directories functionality to Qubes - https://phabricator.whonix.org/T414
- Bind mount /rw/usrlocal -> /usr/local instead of symlink - https://github.com/QubesOS/qubes-issues/issues/1150
- /bin/sync hangs forever in whonix-ws-dvm - https://github.com/QubesOS/qubes-issues/issues/1328
 2015-10-15 20:57:43 +00:00
Patrick Schleizer
2eb0ed2be1
removed trailing spaces 2015-10-15 04:34:55 +02:00
Marek Marczykowski-Górecki
7963fb91c7
systemd: actually enable qubes-random-seed service 
QubesOS/qubes-issues#1311
 2015-10-10 16:23:46 +02:00
HW42
05292c0ac5
reload qubes-random-seed when restoring DispVM 2015-10-10 00:45:48 +02:00
HW42
0ffa746678
qubes-random-seed: feed kernel rng with randomness from dom0 2015-10-10 00:45:44 +02:00
Marek Marczykowski-Górecki
2bdbf37ef9
Run 'ldconfig' to update /usr/local/lib* cache, if applicable 
Fixes QubesOS/qubes-issues#1255
 2015-10-05 06:13:49 +02:00
Marek Marczykowski-Górecki
8e497bffc0
Merge branch 'qubes-iptables' 
Conflicts:
	debian/control
	rpm_spec/core-vm.spec

QubesOS/qubes-issues#1067
 2015-10-05 01:47:01 +02:00
Marek Marczykowski-Górecki
2a39adfe0f
Enlarge /tmp and /dev/shm 
Initial size of those tmpfs-mounted directories is calculated as 50% of
RAM at VM startup time. Which happen to be quite small number, like
150M. Having such small /tmp and/or /dev/shm apparently isn't enough for
some applications like Google chrome. So set the size statically at 1GB,
which would be the case for baremetal system with 2GB of RAM.

Fixes QubesOS/qubes-issues#1003
 2015-10-04 23:07:10 +02:00
Patrick Schleizer
c13e11d57e fixed 'Debian 8 apt.config.d misconfiguration' 
prevent the Acquire::http::Proxy setting ending up multiple times inside /etc/apt/apt.conf.d/01qubes-proxy
(reported by @Scinawa)
https://github.com/QubesOS/qubes-issues/issues/1186
 2015-09-12 18:34:49 +00:00
Marek Marczykowski-Górecki
c09d1d9d61
systemd: fix starting cups 2015-09-01 17:19:59 +02:00
Marek Marczykowski-Górecki
4703e3fca7
Remove dynamically generated autostart desktop files 
qubesos/qubes-issues#1151
 2015-08-27 22:08:04 +02:00
Marek Marczykowski-Górecki
3ccbde9a3c
debian: disable netfilter-persistent.service 
This is now handled by qubes-iptables.service

qubesos/qubes-issues#1067
 2015-08-09 20:32:35 +02:00
Marek Marczykowski-Górecki
65e9e4c72c
network: use own iptables service instead of repurposing existing one 
There were multiple problems with reusing existing one:
 - need to sync with upstream changes (configuration path etc)
 - conflicts resolution on updates
 - lack of iptables --wait, which causes firewall fail to load sometimes

QubesOS/qubes-issues#1067
 2015-08-09 20:09:51 +02:00