Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
83 Commits 1 Branch 0 Tags 34 MiB
17481e715a
Commit Graph

31 Commits

Author SHA1 Message Date
Joanna Rutkowska
1328cce87e core-appvm.spec: create 'user' user in %pre instead of in %post 
... otherwsie rpm -i throws an error when trying to set permissions for
/home_volatile/user, as the user 'user' doesn't exist when the %files section
is being processed during rpm install (if this is a first install of the rpm).
 2010-09-15 15:33:09 +02:00
Joanna Rutkowska
2a6356a6dd Merge branch 'qmemman' of git://qubes-os.org/rafal/core 2010-09-13 15:05:13 +02:00
Rafal Wojtczuk
f810fbb547 Tell Network Manager to keep hands off vif interfaces 
...somehow indirectly, by specifying the mac; unfortunately I do not
see any other way.
 2010-09-07 13:18:08 +02:00
Rafal Wojtczuk
23e11f5f6f Switch to routed VM network (instead of bridging) 
No headache from layer 2 attacks.
 2010-09-06 17:07:42 +02:00
Rafal Wojtczuk
c0f47663c8 Unify dom0 and netvm sysconfig/iptables 
Plus:
- dedicated chain for DNAT to nameservers
- prevent intervm networking. Can be conveniently overriden in necessary cases
by inserting ACCEPT clauses (per VM, probably) at the top of FORWARD
 2010-09-06 15:10:01 +02:00
Rafal Wojtczuk
7ff498c43b qmemman: make meminfo-writer a C program 2010-09-03 16:23:09 +02:00
Rafal Wojtczuk
ea58a5e299 Memory management across VMs, first release 2010-08-30 11:40:19 +02:00
Rafal Wojtczuk
a646ad46b1 Pathnames cleanup 
Move internal scripts to /usr/lib/qubes plus a couple of similar.
 2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
c518538f59 DVM: execute user script before save 
qubes_prepare_saved_domain.sh now takes optional second argument, the
filename. The content of the file will be copied (via xenstore) to DVM
and executed just before save. This makes it possible to preload memory
with useful apps.
 2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
1baf862455 add qvm-dvm.desktop to rpm files section 2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
ea9f0f12f9 qvm-dvm.desktop entry 2010-07-21 12:57:01 +02:00
Rafal Wojtczuk
0d05b0ffe9 core-appvm requires mimeopen now 2010-07-21 12:57:01 +02:00
Rafal Wojtczuk
db8962f748 dvm: appvm side code 2010-07-21 12:56:43 +02:00
Rafal Wojtczuk
0a11679afb Quick VM restore support 2010-07-21 12:56:21 +02:00
Joanna Rutkowska
f8c4f5ddc5 netvm spec: do not create user in %post 
We don't need user account in netvm, do we?
 2010-06-18 01:54:38 +02:00
Joanna Rutkowska
c5803483b4 appvm spec: do not attempt to remove HWADDR from ifcfg-eth0 
Again, this is important when installing on an image created using yum --instalroot, in which
case there will be no ifcfg file. Besides, seems like we don't need it anymore, do we?
 2010-06-18 01:53:48 +02:00
Joanna Rutkowska
89d01e6b1b appvm: create /home/user in core-appvm %post 
This is needed when the template image is created using yum --installroot, rather
than regular installation process.
 2010-06-18 01:52:01 +02:00
Joanna Rutkowska
39a0f5f7e7 appvm, netvm spec: be quite in %post 2010-06-18 01:50:43 +02:00
Joanna Rutkowska
f03fcef295 Require F13 in VM 2010-06-18 01:48:56 +02:00
Joanna Rutkowska
fc65789263 appvm,netvm spec: Fix [ -e fstab ] conditional in %pre 2010-06-18 01:48:18 +02:00
Joanna Rutkowska
0f07b7c7e1 Fix serial console on VM to work on F13 (REQUIRES F13) 2010-06-18 01:45:27 +02:00
Joanna Rutkowska
5b5de14bc0 Make dom0, appvm, netvm use different qubes.repo 2010-06-18 01:41:10 +02:00
Joanna Rutkowska
0fd30a3eac Remove dom0-cleanup.spec 2010-06-15 12:21:24 +02:00
Joanna Rutkowska
ed4fbda53e rpm specs: %post cleanup 
Moved some stuff from the begging of %post sections after the
'if installing-for-the-first-time' check.
 2010-06-15 00:02:48 +02:00
Rafal Wojtczuk
68919b0d37 Install qubes_{setup_dnat_to_ns,nmhook} from common/ 2010-05-31 13:17:04 +02:00
Rafal Wojtczuk
e9f3414ef6 Lock out root and user passwords; provide passwordless login on the serial console 2010-05-30 15:45:40 +02:00
Rafal Wojtczuk
940cae99d6 Add qubes.repo to all qubes-core-* rpms. 2010-05-30 15:45:40 +02:00
Rafal Wojtczuk
046802948f Turn on IP forwarding in sysctl.conf 2010-05-30 15:45:40 +02:00
Rafal Wojtczuk
952d2f1d8e Get rid of dnsmasq in netvm. 
qubes_setup_dnat_to_ns script sets up DNAT rules for DNS traffic; it is
triggered by dhclient or NetworkManager, and manually (in case there is
a static resolv.conf).

Put IP-dependent rules in qubes-core, after local ip is known. It could be
further improved by introducing custom chains, to enable iptables save.

Restrict FORWARD.
 2010-05-30 15:45:35 +02:00
Rafal Wojtczuk
e1efcf60b3 Allow user in VM to mount /dev/xvdi; so that we can do 
...block-attach... something vfat-formatted...xvdi
in dom0.
 2010-05-13 15:23:31 +02:00
Joanna Rutkowska
349a2d0c15 Initial public commit. 
(c) 2010 Invisible Things Lab

Authors:
=========
Joanna Rutkowska <joanna@invisiblethingslab.com>
Rafal Wojtczuk  <rafal@invisiblethingslab.com>
 2010-04-05 20:58:57 +02:00