Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,168 Commits 1 Branch 0 Tags 6.4 MiB
217b5a4a5d
Commit Graph

248 Commits

Author SHA1 Message Date
Marek Marczykowski
626bd1568a vm: fix udev rules for VM network hotplug 2011-07-09 16:52:51 +02:00
Rafal Wojtczuk
dc33f0c9a7 qrexec: adjust DispVM code to the new qrexec API 
Note, we have qvm-open-in-vm totally for free.
 2011-07-06 12:32:20 +02:00
Rafal Wojtczuk
b87da183ce qrexec: adjust intervm file copy code to the new qrexec API 2011-07-06 10:17:58 +02:00
Rafal Wojtczuk
b5d30a9d54 qrexec: last two missing pieces of the new rpc infrastructure 2011-07-05 18:35:03 +02:00
Rafal Wojtczuk
dde44ee6ef qrexec: add qrexec_client_vm.c 2011-07-05 11:03:31 +02:00
Marek Marczykowski
508a39cbb0 vm: Load evtchn module by script in /etc/sysconfig/modules 2011-07-02 19:11:15 +02:00
Marek Marczykowski
b6f036caf2 dom0+vm: Update VM kernel mechanism (#242) 
Get kernel from global kernels dir (/var/lib/qubes/vm-kernels), not per-VM. Can
be configured by qvm-prefs (kernel parameter).
New tool: qvm-set-default-kernel

For backward compatibility kernel=None means kernel in VM dir (kernels subdir).
(possibly empty) modules.img should be created in it.
 2011-06-30 01:07:47 +02:00
Marek Marczykowski
f564a4d143 dom0+vm: Tools for downloading dom0 update by VM (#198) 
Mainly 4 parts:
 - scripts for providing rpmdb and yum repos to VM (choosen by qvm-set-updatevm)
 - VM script for downloading updates (qubes_download_dom0_updates.sh)
 - qfile-dom0-unpacker which receive updates, check signatures and place its in dom0 local yum repo
 - qvm-dom0-upgrade which calls all of above and after all yum gpk-update-viewer

Besides qvm-dom0-upgrade, updates are checked every 6h and user is prompted if
want to download it. At dom0 side gpk-update-icon (disabled yet) should notice
new updates in "local" repo.
 2011-06-22 00:44:48 +02:00
Marek Marczykowski
31f0308d45 dom0+vm: Trigger appmenus sync after yum transaction (#45), NEW QREXEC COMMAND 
After yum transaction (install/upgrade/remove),
yum-plugin-post-transaction-actions will execute script which trigger
qvm-sync-appmenus in dom0 (through qrexec).
THIS INTRODUCE NEW PREDEFINED COMMAND IN QREXEC
 2011-06-12 01:46:24 +02:00
Marek Marczykowski
60b86de2ca vm: add -qubes suffix to xenstore-watch to not conflict with xen standard tool 2011-06-07 15:58:55 +02:00
Marek Marczykowski
868fd1f431 vm: Remove root password to allow easy escalation from UI application (#202) 
Ex. gpk-application needs this to work properly while running from user. When
root password is set - polkit-daemon asks for it (according to polkit setting).
 2011-05-12 19:15:24 +02:00
Marek Marczykowski
59071d87b9 Revert "Run nm-applet as normal user" 
This reverts commit 2f5b6e6582e71630193d0098d4cc60db019e1e9b.

Dbus policy hacking not needed any more. ConsoleKit session is correctly started.
 2011-04-29 02:32:55 +02:00
Marek Marczykowski
59da079f22 Configure VM network iface on attach (not only on boot) (#190) 2011-04-23 02:31:54 +02:00
Tomasz Sterna
705a66af63 We do not want to have StandaloneVM and UtilityVM types. 2011-04-20 00:56:58 +02:00
Tomasz Sterna
611914da15 Disable unnecessary Upstart, Init and XDG Autostart serices. #209 
Move unneded /etc/init/*.conf services to /etc/init/*.conf.disabled.
Start CUPS only in AppVM and UtilityVM.
Start XDG Autostart applications only in domains that makes sense for them.
 2011-04-19 00:11:45 +02:00
Marek Marczykowski
d821bef43b Create ~/.local/share dir, as gnote requires it. 2011-04-10 22:12:04 +02:00
Marek Marczykowski
e2b31f8298 Run nm-applet as normal user 
Configuration for D-Bus policy and PolicyKit to allow this.
 2011-04-07 14:11:00 +02:00
Marek Marczykowski
9ed7721fc4 Disable gpk-update-icon autostart 2011-04-07 12:40:19 +02:00
Marek Marczykowski
0cf1658c65 Revert password removal for root and user 
It will require some additional work with ConsoleKit...
 2011-04-07 12:39:10 +02:00
Marek Marczykowski
a4b724fdab Remove passwords prompts for user and root (#202) 2011-04-06 23:04:42 +02:00
Joanna Rutkowska
44cfc0d2ef Use different repo files depending on %{dist} tag (#197) 2011-04-06 13:59:43 +02:00
Joanna Rutkowska
21e0c9d3f7 commonvm: Update repo info, use local RPM keys 2011-04-04 11:27:48 +02:00
Joanna Rutkowska
7465a697a6 Add qvm-copy-to-vm2.gnome to core-appvm rpm 2011-03-31 13:35:36 +02:00
Joanna Rutkowska
b488ab0055 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core 2011-03-31 13:30:05 +02:00
Marek Marczykowski
267331bab6 Stop only NM on suspend. (#146) 
Also remove ip_forward setting from sysctl, so NM will not reset it on restart
 2011-03-31 00:19:41 +02:00
Joanna Rutkowska
0eea01812c Merge branch 'spring-merge' of git.qubes-os.org:/var/lib/qubes/git/rafal/core 2011-03-30 17:37:49 +02:00
Rafal Wojtczuk
2be3267726 Implemented console qvm-copy-to-vm 
It waits for the copy to finish, and is capable of killer
progress indicator.
 2011-03-30 17:25:57 +02:00
Rafal Wojtczuk
0e7bd73d22 Renamed qvm-copy-to-vm2 to qvm-trigger-copy-to-vm 
The new name describes the task of the script better.
 2011-03-30 16:48:48 +02:00
Rafal Wojtczuk
1eee3cc505 core-appvm.spec: create /home/user/.gnome2/nautilus-scripts 
And symlinks in it that will be visible in "scripts" context
menu of nautilus.
 2011-03-30 12:37:47 +02:00
Joanna Rutkowska
994899e6af Add BuildRequires: xen-devel 2011-03-29 11:02:29 +02:00
Rafal Wojtczuk
3ed985d220 Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/smoku/core into spring-merge 2011-03-28 17:28:24 +02:00
Tomasz Sterna
4b3d17c15a Create needed NetworkManager.conf in netvm. #94 
Also fixed qubes_fix_nm_conf.sh script.
 2011-03-26 11:33:04 +01:00
Marek Marczykowski
6c2a6d4d4d Merge branch 'spring-merge' of ssh://git.qubes-os.org/var/lib/qubes/git/rafal/core 2011-03-24 16:43:13 -04:00
Rafal Wojtczuk
81257fff75 Removed obsolete code, in appvm. 2011-03-24 17:13:21 +01:00
Joanna Rutkowska
d472c82c18 Merge branch 'spring-merge' of git.qubes-os.org:/var/lib/qubes/git/rafal/core 2011-03-24 11:51:43 +01:00
Rafal Wojtczuk
bf4b128fba Create a separate package with libraries. 2011-03-24 11:39:44 +01:00
Joanna Rutkowska
6de5f11e41 Merge branch 'spring-merge' of git.qubes-os.org:/var/lib/qubes/git/rafal/core 2011-03-24 10:17:15 +01:00
Rafal Wojtczuk
8da0ae3918 One more build order fix. 2011-03-24 10:03:39 +01:00
Rafal Wojtczuk
a45b9b4835 Enable build on non-appvm. 2011-03-23 17:47:35 +01:00
Joanna Rutkowska
452cb48b1f Merge branch 'spring-merge' of git.qubes-os.org:/var/lib/qubes/git/rafal/core 2011-03-23 17:15:15 +01:00
Rafal Wojtczuk
3cd2af60f5 Move libs and /var/run/qubes out of qubes-netvm 
They are already in core-appvm package.
 2011-03-23 11:48:06 +01:00
Rafal Wojtczuk
6a5262be42 move qrexec_agent out of core-netvm.spec 
It is already in core-appvm.
 2011-03-23 11:46:53 +01:00
Rafal Wojtczuk
dfb499c025 Merge branch 'blockless' into spring-merge 
Conflicts:
	appvm/Makefile
	appvm/qubes_core
	netvm/qubes_core
	rpm_spec/core-appvm.spec
	rpm_spec/core-netvm.spec
 2011-03-21 13:54:35 +01:00
Joanna Rutkowska
9b42f11084 Tag RPMs with dist info 2011-03-16 19:14:42 +01:00
Rafal Wojtczuk
d50a7063bf Package qvm-copy-to-vm2*, too. 2011-03-16 16:47:32 +01:00
Marek Marczykowski
f25afe989c Move xenstore-watch for VM from AppVM to common. Add to core-common.spec 2011-03-16 11:41:18 +01:00
Marek Marczykowski
00ff62767a Do not try to disable 'reboot' service 2011-03-16 11:41:18 +01:00
Marek Marczykowski
809e1db247 Drop forced fedora version from requires 2011-03-16 11:41:18 +01:00
Marek Marczykowski
41367c5f39 Move xenstore-watch for VM from AppVM to common. Add to core-common.spec 2011-03-15 19:47:26 +01:00
Rafal Wojtczuk
31c7a7a1c9 Added qfile-unpacker and qfile-daemon 2011-03-15 16:43:43 +01:00
Rafal Wojtczuk
b459bcbca0 Package qfile-agent-dvm, too. 2011-03-15 16:19:42 +01:00
Rafal Wojtczuk
17fb4614e7 Added qfile-agent 2011-03-15 16:07:00 +01:00
Rafal Wojtczuk
c52d8b54d5 Added new qvm-open-in-dvm, aka qvm-open-in-dvm2 
Small, childless bash script.
 2011-03-14 11:25:18 +01:00
Marek Marczykowski
94209336ae Register VM services also on update 2011-03-11 23:42:49 +01:00
Marek Marczykowski
a0a6bdf7d8 Add qubes_netwatcher to proxyvm spec 2011-03-11 23:33:15 +01:00
Marek Marczykowski
4c0849890c NetVM, AppVM, ProxyVM from single template - VM side (missing files...) 2011-03-11 01:42:42 +01:00
Marek Marczykowski
c87b15ba2a NetVM, AppVM, ProxyVM from single template - VM side 
Modify VM packages to:
- do not conflicts
- starts services if its VM type need it

Added core-proxyvm (firewall) and core-commonvm (common parts) packages.
 2011-03-11 01:38:04 +01:00
Rafal Wojtczuk
7342404846 Added dvm_file_editor. 
It works with qrexec - reads/writes data from stdin/stdout.
 2011-03-10 16:50:40 +01:00
Marek Marczykowski
67b6217308 Add 30-qubes_external_ip to netvm.spec 2011-03-10 16:09:37 +01:00
Marek Marczykowski
382b90c543 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/smoku/core 
Conflicts:
	dom0/qvm-core/qubes.py
 2011-03-10 16:05:48 +01:00
Rafal Wojtczuk
9f3fcc862a Implemented mechanism to trigger predefined execution in dom0. 
Processes in AppVM can ask qrexec-agent to send a
MSG_AGENT_TO_SERVER_TRIGGER_EXEC message to qrexec-daemon.
The latter will execute predefined program. It is useful for
the purpose of file copy; the predefined program will create
a connected qfile-daemon<->qfile-agent pair.
 2011-03-10 15:41:31 +01:00
Tomasz Sterna
76bf222dd2 Added FirewallVM related VM scripts 2011-03-09 20:50:13 +01:00
Rafal Wojtczuk
06c0bd007c Moved vchan and u2mfn code to core. 2011-03-08 12:24:47 +01:00
Marek Marczykowski
dc5b65c23d Add BR to core-appvm.spec 2011-03-06 14:06:24 +01:00
Rafal Wojtczuk
f3428531a8 qrexec* tools, initial version 2011-03-04 16:32:58 +01:00
Joanna Rutkowska
60b0eb28e8 Merge branch 'ticket4' of git://qubes-os.org/rafal/core 2010-09-17 17:30:36 +02:00
Rafal Wojtczuk
2c23edd1ee Require NetworkManager >= 0.8.1-1 
Unfortunately, config files layout changes with NM version; therefore
require >= 0.8.1-1.
This should also prevent NM from messing with VIF interfaces on suspend/resume.
 2010-09-17 15:16:01 +02:00
Joanna Rutkowska
1328cce87e core-appvm.spec: create 'user' user in %pre instead of in %post 
... otherwsie rpm -i throws an error when trying to set permissions for
/home_volatile/user, as the user 'user' doesn't exist when the %files section
is being processed during rpm install (if this is a first install of the rpm).
 2010-09-15 15:33:09 +02:00
Joanna Rutkowska
2a6356a6dd Merge branch 'qmemman' of git://qubes-os.org/rafal/core 2010-09-13 15:05:13 +02:00
Rafal Wojtczuk
f810fbb547 Tell Network Manager to keep hands off vif interfaces 
...somehow indirectly, by specifying the mac; unfortunately I do not
see any other way.
 2010-09-07 13:18:08 +02:00
Rafal Wojtczuk
23e11f5f6f Switch to routed VM network (instead of bridging) 
No headache from layer 2 attacks.
 2010-09-06 17:07:42 +02:00
Rafal Wojtczuk
c0f47663c8 Unify dom0 and netvm sysconfig/iptables 
Plus:
- dedicated chain for DNAT to nameservers
- prevent intervm networking. Can be conveniently overriden in necessary cases
by inserting ACCEPT clauses (per VM, probably) at the top of FORWARD
 2010-09-06 15:10:01 +02:00
Rafal Wojtczuk
7ff498c43b qmemman: make meminfo-writer a C program 2010-09-03 16:23:09 +02:00
Rafal Wojtczuk
ea58a5e299 Memory management across VMs, first release 2010-08-30 11:40:19 +02:00
Rafal Wojtczuk
a646ad46b1 Pathnames cleanup 
Move internal scripts to /usr/lib/qubes plus a couple of similar.
 2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
c518538f59 DVM: execute user script before save 
qubes_prepare_saved_domain.sh now takes optional second argument, the
filename. The content of the file will be copied (via xenstore) to DVM
and executed just before save. This makes it possible to preload memory
with useful apps.
 2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
1baf862455 add qvm-dvm.desktop to rpm files section 2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
ea9f0f12f9 qvm-dvm.desktop entry 2010-07-21 12:57:01 +02:00
Rafal Wojtczuk
0d05b0ffe9 core-appvm requires mimeopen now 2010-07-21 12:57:01 +02:00
Rafal Wojtczuk
db8962f748 dvm: appvm side code 2010-07-21 12:56:43 +02:00
Rafal Wojtczuk
0a11679afb Quick VM restore support 2010-07-21 12:56:21 +02:00
Joanna Rutkowska
f8c4f5ddc5 netvm spec: do not create user in %post 
We don't need user account in netvm, do we?
 2010-06-18 01:54:38 +02:00
Joanna Rutkowska
c5803483b4 appvm spec: do not attempt to remove HWADDR from ifcfg-eth0 
Again, this is important when installing on an image created using yum --instalroot, in which
case there will be no ifcfg file. Besides, seems like we don't need it anymore, do we?
 2010-06-18 01:53:48 +02:00
Joanna Rutkowska
89d01e6b1b appvm: create /home/user in core-appvm %post 
This is needed when the template image is created using yum --installroot, rather
than regular installation process.
 2010-06-18 01:52:01 +02:00
Joanna Rutkowska
39a0f5f7e7 appvm, netvm spec: be quite in %post 2010-06-18 01:50:43 +02:00
Joanna Rutkowska
f03fcef295 Require F13 in VM 2010-06-18 01:48:56 +02:00
Joanna Rutkowska
fc65789263 appvm,netvm spec: Fix [ -e fstab ] conditional in %pre 2010-06-18 01:48:18 +02:00
Joanna Rutkowska
0f07b7c7e1 Fix serial console on VM to work on F13 (REQUIRES F13) 2010-06-18 01:45:27 +02:00
Joanna Rutkowska
5b5de14bc0 Make dom0, appvm, netvm use different qubes.repo 2010-06-18 01:41:10 +02:00
Joanna Rutkowska
0fd30a3eac Remove dom0-cleanup.spec 2010-06-15 12:21:24 +02:00
Joanna Rutkowska
ed4fbda53e rpm specs: %post cleanup 
Moved some stuff from the begging of %post sections after the
'if installing-for-the-first-time' check.
 2010-06-15 00:02:48 +02:00
Rafal Wojtczuk
68919b0d37 Install qubes_{setup_dnat_to_ns,nmhook} from common/ 2010-05-31 13:17:04 +02:00
Rafal Wojtczuk
e9f3414ef6 Lock out root and user passwords; provide passwordless login on the serial console 2010-05-30 15:45:40 +02:00
Rafal Wojtczuk
940cae99d6 Add qubes.repo to all qubes-core-* rpms. 2010-05-30 15:45:40 +02:00
Rafal Wojtczuk
046802948f Turn on IP forwarding in sysctl.conf 2010-05-30 15:45:40 +02:00
Rafal Wojtczuk
952d2f1d8e Get rid of dnsmasq in netvm. 
qubes_setup_dnat_to_ns script sets up DNAT rules for DNS traffic; it is
triggered by dhclient or NetworkManager, and manually (in case there is
a static resolv.conf).

Put IP-dependent rules in qubes-core, after local ip is known. It could be
further improved by introducing custom chains, to enable iptables save.

Restrict FORWARD.
 2010-05-30 15:45:35 +02:00
Rafal Wojtczuk
e1efcf60b3 Allow user in VM to mount /dev/xvdi; so that we can do 
...block-attach... something vfat-formatted...xvdi
in dom0.
 2010-05-13 15:23:31 +02:00
Joanna Rutkowska
349a2d0c15 Initial public commit. 
(c) 2010 Invisible Things Lab

Authors:
=========
Joanna Rutkowska <joanna@invisiblethingslab.com>
Rafal Wojtczuk  <rafal@invisiblethingslab.com>
 2010-04-05 20:58:57 +02:00