Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,179 Commits 1 Branch 0 Tags 34 MiB
15f3a1b8d0
Commit Graph

71 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
15f3a1b8d0 debian: fix proxy setup 2014-10-24 00:45:39 +02:00
Marek Marczykowski-Górecki
a2e17ef244 systemd: fix 'service' path 
On Fedora it is all the same because /sbin -> /usr/sbin symlink. But on
Debian it does matter.
 2014-10-19 04:11:15 +02:00
Marek Marczykowski-Górecki
4ee0de9fb8 updates-proxy-setup: support setting proxy for apt (#887) 2014-10-01 05:40:14 +02:00
Marek Marczykowski-Górecki
e83a91e3d3 debian: migrate to native systemd services 2014-09-30 00:54:33 +02:00
Marek Marczykowski-Górecki
240066fc23 Add missing u2mfn module load 
Is loaded as part of gui-agent startup, but qrexec-agent also needs it
so eliminate race condition here.
 2014-09-29 21:39:17 +02:00
Marek Marczykowski-Górecki
4bccdb0ba5 Use systemd mechanism for loading kernel modules (when available) 
One more thing done in more generic way (not Fedora-specific).
 2014-09-29 21:31:10 +02:00
Marek Marczykowski-Górecki
2e4cdc2f8d Rename yum-proxy-setup service to updates-proxy-setup 
Fedora is no longer the only supported distribution, so change the
service name to be more generic. Old name still supported for
compatibility.
 2014-09-27 01:52:19 +02:00
Marek Marczykowski-Górecki
3f19c89301 Rename qubes-yum-proxy service to qubes-updates-proxy 
It is no longer Fedora-only proxy, so rename to not confuse the user.
Also documentation refer to it as "updates proxy" for a long time.
 2014-09-27 00:32:52 +02:00
Marek Marczykowski-Górecki
54755ac444 Avoid 100MB reserved space in private ext4 partition 
The ext4 reserved space is necessary for root partitions, but in the
private.img data partition, it is wasted space (accessible only to root
processes), which means losing 100 MB of the default 2GB.

From mkfs.ext4 man page: "-m reserved-blocks-percentage Specify the
percentage of the filesystem blocks reserved for the super-user." ...
"The default percentage is 5%."
 2014-09-05 22:42:14 +02:00
Marek Marczykowski-Górecki
1618e32993 dispvm: slow down "spinlock" while waiting for save/restore 
When something go wrong, it will remain spinning indefinitely.
 2014-08-02 23:44:48 +02:00
Marek Marczykowski-Górecki
90c84be5fb systemd: do not reexec when not necessary 
Do not reexec systemd when running version is the same as installed
binary. Apparently reexec causes some race condifions, which result in
assertion fail in systemd.
 2014-07-16 04:15:21 +02:00
Marek Marczykowski-Górecki
57f111a08d Do not start nm-applet at all when no NetworkManager running - update (#857) 
Apparently nm-applet.desktop was changed upstream. It does no longer
contain OnlyShowIn, but NotShowIn.
 2014-07-04 18:47:11 +02:00
Marek Marczykowski-Górecki
44aaa81042 Do not start nm-applet at all when no NetworkManager running (#857) 2014-05-30 22:44:50 +02:00
Marek Marczykowski-Górecki
f1a997c1c4 systemd: reexec systemd to ensure right version is running 
SystemD version can differ from initramfs one (which is build in dom0
build environment), so reexec it at startup.

This fixes systemd-212 archlinux issue.
 2014-04-23 01:50:21 +02:00
Marek Marczykowski-Górecki
6d3c73c741 systemd: relax qubes-sysinit dependencies 
It doesn't need all local filesystems, only /, /run, /proc/xen and loaded
modules.
 2014-04-23 01:32:31 +02:00
Marek Marczykowski-Górecki
0dd45655e3 init: remove rc.local-early reference 
It can't work - there is no /rw mounted at this VM startup stage.
 2014-03-28 05:12:48 +01:00
Marek Marczykowski-Górecki
9d618cac15 yum-proxy: automatically restart the service on failure 2014-02-21 13:30:07 +01:00
Marek Marczykowski-Górecki
c86581ace4 Revert "Hide nm-applet when NetworkManager is disabled" 
This reverts commit 85f4e494e8.
This way isn't effective - the command is called too early.
 2014-02-07 00:01:06 +01:00
Marek Marczykowski-Górecki
fc04408c7a systemd: disable ModemManager in non-NetVM 
Previously ModemManager was started by NetworkManager, but in fc20+ it
is a separate service, so disable it when not needed.
 2014-02-02 13:36:59 +01:00
Marek Marczykowski-Górecki
85f4e494e8 Hide nm-applet when NetworkManager is disabled 
It isn't done automatically by nm-applet itself since nm-applet 0.9.9.0
(fc19+), this one commit:
https://git.gnome.org/browse/network-manager-applet/commit?id=276a702000ee9e509321891f5ffa9789acfb053c
At the same time they've introduced option to manually hide the icon:
https://git.gnome.org/browse/network-manager-applet/commit?id=e7331a3f33ab422ea6c1bbc015ad44d8d9c83bc3
 2014-02-02 13:36:59 +01:00
Marek Marczykowski-Górecki
fd55d48126 Move meminfo-writer to linux-utils repo 
It is common for both dom0 and VM.  So move to linux-specific repo (not
VM-specific).
 2014-01-05 05:38:10 +01:00
Marek Marczykowski-Górecki
b3081dce07 systemd: disable additional unneeded services 2013-12-17 01:29:26 +01:00
Marek Marczykowski-Górecki
c04d4e4fea systemd: while disabling service, disable also its activators 
This time it is for cups, which have socket-based and path-based
activators. When activator tires to start the service which is disabled
by condition file it enters infinite loop (as service wont start, but
will not report an error).
 2013-12-16 21:10:37 +01:00
Marek Marczykowski-Górecki
fabc72701c init: run resize2fs on /rw before mounting 
In case of private.img was resized while the VM was powered off.
 2013-11-21 03:36:56 +01:00
Marek Marczykowski
596a3ebd8e network: do not fail when eth0 doesn't exists 
It can be perfectly right case for wireless-only netvm.
 2013-08-13 00:40:13 +02:00
Marek Marczykowski
8c9433fc00 yum-proxy: use iptables-restore to set firewall rules 
Simple iptables sometimes returns EBUSY.
 2013-08-05 02:08:52 +02:00
Marek Marczykowski
44fab139f4 Add qrexec back, use qubes-utils libraries for common code 2013-03-20 06:23:44 +01:00
Marek Marczykowski
62a0002b7f The Underscores Revolution: dispvm script path 2013-03-14 04:30:22 +01:00
Marek Marczykowski
09050236bc The Underscores Revolution: adjust qrexec path 2013-03-14 04:29:19 +01:00
Marek Marczykowski
30ca124784 The Underscores Revolution: xenstore paths 2013-03-14 04:29:15 +01:00
Marek Marczykowski
ecc812f350 The Underscores Revolution: filenames 
Get rid of underscores in filenames, use dashes instead.
This is first part of cleanup in filenames.
"qubes_rpc" still untouched - will be in separate commit.
 2013-03-14 01:07:49 +01:00
Marek Marczykowski
dffd7e0457 remove qubes-core-libs and qrexec leftovers 
They are now in separate repository.
 2013-03-07 05:09:13 +01:00
Marek Marczykowski
b18d40fb08 vm: Use nautilus-actions to provide "Copy to other AppVM" etc nautilus commands 
No more ugly symlink creation at VM startup, nautilus-actions have system-wide
dir (in opposite to nautilus-scripts).

Currently old symlinks are not cleaned up. Maybe it should, but leaving them
have one advantage: will not break existing users behavior.
 2013-02-21 16:44:16 +01:00
Marek Marczykowski
979ce2014b vm/systemd: disable NetworkManager-wait-online when NM inactive 2013-02-12 01:38:30 +01:00
Marek Marczykowski
afa09b5d80 vm/systemd: break dependency loop 
qubes-misc-post provides /rw/home, required by NetworkManager, so do not
try start it after network.target
 2013-02-12 01:38:29 +01:00
Marek Marczykowski
fb2881b0a7 vm/systemd: change Names= to Alias= 
As recommended by systemd manual page.
 2013-02-12 01:38:29 +01:00
Marek Marczykowski
970203b956 vm/systemd: start misc-post after network 
This will ensure that /rw/config/rc.local is called after applying default
iptables rules, so it can safely modify it without the risk to be overridden
later by default ones.
 2013-01-11 23:49:46 +01:00
Marek Marczykowski
213380a7c3 vm: setup /dev/xen/evtchn permissions using udev rule 
This works also when the device is recreated, which is the case in DispVM
(during xl restore).
 2012-11-22 00:51:18 +01:00
Marek Marczykowski
a26b3e7016 vm/core: use mount --bind instead of symlink for /home 
Many applications doesn't like /home as symlink ($HOME differs from real
location).
 2012-11-16 14:03:36 +01:00
Marek Marczykowski
ef2a3092ac vm/dispvm: use of user-provided DispVM settings (#651) 
When /rw/home/user/.qubes-dispvm-customized is present use /rw/home/user
instead of default /etc/dispvm-dotfiles.tbz. Also make sure that /rw will not
remain mounted during DispVM creation.
 2012-11-12 13:44:10 +01:00
Marek Marczykowski
aa1babada1 vm: setup device permission to allow non-root vchan servers 
This will allow to start pulseaudio as normal user and get rid of preloaded
library.
 2012-11-03 05:22:03 +01:00
Marek Marczykowski
e0780538f6 vm/systemd: force exit status 0 in qubes-sysinit 
If /rw/config/rc.local-early does not exits, exit status is incorrectly 1.
 2012-10-15 02:33:36 +02:00
Marek Marczykowski
fccb6d31c6 vm/systemd: early user-configurable init script 2012-09-23 23:28:58 +02:00
Marek Marczykowski
aa1b1e86a8 vm/prepare-dvm: wait for Xorg in more deterministic way (#636) 2012-07-22 01:23:45 +02:00
Marek Marczykowski
6d0cc13c13 vm/system: ensure that DispVM savefile have pagecache populated (#620) 
This is done by readahead, so just let it done its work before suspend.
 2012-07-12 03:56:09 +02:00
Marek Marczykowski
e5c77507a1 vm: chown /home/user to user if user UID have changed 
FC16 and FC17 starts normal users at UID 1000, not 500 as in <=FC15.
 2012-06-11 22:35:44 +02:00
Marek Marczykowski
03b5c4778a vm: use yum proxy in TemplateVM by default (#590) 2012-06-05 21:21:53 +02:00
Marek Marczykowski
b77cd12dff vm/systemd: fix ProxyVM related services deps (#578) 2012-06-05 21:21:53 +02:00
Marek Marczykowski
9930a89fb1 vm/qubes-yum-proxy: setup yum to use qubes-yum-proxy (#568) 
The simplest way is just add proxy=... entry to /etc/yum.conf, but sometimes it
is reasonable to bypass the proxy. Some examples:
 - usage of non-standard repos with some exotic file layout, which will be
   blocked by the proxy
 - usage of repos not-accessible via proxy (eg only via VPN stared in VpnVM)

This commit introduces 'yum-proxy-setup' pseudo-service, which can be
controlled via standard qvm-service or qubes-manager. When enabled - yum will
be configured at VM startup to use qubes proxy, otherwise - to connect directly
(proxy setting will be cleared).
 2012-05-31 03:11:44 +02:00
Marek Marczykowski
c37e4b2344 vm/qubes-yum-proxy: create dir for pidfile under FC15 (#568) 
On FC>=15 /var/run is on tmpfs, so /var/run/tinyproxy from rpm don't survive
reboot. This is bug in Fedora package (should include config file for tmpfiles
service). For now create dir just before starting service.
 2012-05-31 03:11:43 +02:00