Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,396 Commits 1 Branch 0 Tags 34 MiB
3c8a294221
Commit Graph

1396 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Marek Marczykowski-Górecki
3c8a294221 dispvm: do not start GUI apps during prerun 
Apparently it doesn't help much with DispVM startup time, but causes a
lot of problems when such app do not close in time (either can be killed
forcibly and will complain about it at next run, or will spontaneously
show itself when DispVM is started).
 2015-04-11 02:43:03 +02:00
Marek Marczykowski-Górecki
285071bd59 systemd: disable avahi-daemon and dnf-makecache 
Especially dnf-makecache is senseless as its state will not survive VM
restart, but it takes a lot of CPU time.
 2015-04-10 18:23:14 +02:00
Marek Marczykowski-Górecki
5fef29e1a4 rpm/systemd: do not use preset-all during package upgrade 
This will probably break some user configuration. Do that only when
installing for the first time (during template build), during upgrade
set only those installed by this package instead of all.
 2015-04-10 18:08:28 +02:00
Marek Marczykowski-Górecki
731ee3e09a qrexec: do not reset umask to 077 for every started process 
This umask will be inherited by any process started directly by qrexec
(i.e. without help of fork-server).
 2015-04-10 18:07:32 +02:00
Marek Marczykowski-Górecki
e8c9f010ad version 3.0.5 2015-04-07 14:58:36 +02:00
Marek Marczykowski-Górecki
12e5300040 systemd: install overridden unit file for chronyd 2015-04-07 02:36:16 +02:00
Marek Marczykowski-Górecki
343ce1814c systemd: use presets to enable services, call preset-all 
This way the services will be enabled/disabled regardless of its initial
state.
 2015-04-07 02:30:59 +02:00
Marek Marczykowski-Górecki
2951e1ba02 version 3.0.4 2015-04-02 00:55:09 +02:00
Marek Marczykowski-Górecki
6f303a9bf2 Update repository definition: r3 -> r3.0 2015-04-02 00:53:18 +02:00
Marek Marczykowski-Górecki
5c3ab559c6 Merge branch 'master' of git://github.com/woju/qubes-core-agent-linux 2015-03-31 22:25:23 +02:00
Marek Marczykowski-Górecki
d41ae5bc7f debian: update NetworkManager configuration 
Especially add unmanaged-devices, otherwise NM will break vif*
configuration.
 2015-03-30 22:49:50 +02:00
Marek Marczykowski-Górecki
52d502bce2 debian: fix handling SysV units in disableSystemdUnits 
systemctl is-enabled always reports "disabled" for them (actually not a
real "disabled", but and error, but exit code is the same). So simply
always disable the unit, it is no-op for already disabled ones.
BTW systemctl preset also do not work for them.
 2015-03-30 21:46:01 +02:00
Marek Marczykowski-Górecki
0f67930d0e rpm: add missing BuildRequires: libX11-devel 
misc/close-window.c requires it.
 2015-03-30 21:43:16 +02:00
Marek Marczykowski-Górecki
74490b0b94 qrexec: try to recover from fork-server communication error 
Simply forget about that connection, instead of waiting for further
messages. If that connection is no longer available, select would return
EBADF, which would cause qrexec-agent termination.
 2015-03-29 15:43:21 +02:00
Marek Marczykowski-Górecki
b05fa062be version 3.0.3 2015-03-27 01:24:43 +01:00
Marek Marczykowski-Górecki
905e30ceb9 Enable updates repos by default 2015-03-27 01:24:18 +01:00
Marek Marczykowski-Górecki
add158d8e7 version 3.0.2 2015-03-26 23:56:25 +01:00
Marek Marczykowski-Górecki
d4023791a2 dom0-update: allow to specify custom yum action 2015-03-26 01:00:55 +01:00
Marek Marczykowski-Górecki
a58d0f95f7 Update comments and xenbus intf in startup scripts regarding vchan requirements 2015-03-25 00:20:11 +01:00
Marek Marczykowski-Górecki
7abc2c2779 fedora: override iptables configuration on initial installation 
Otherwise Qubes-specific configuration will not be placed at all (in
Fedora 21, which provide some example iptables config).
 2015-03-22 03:50:13 +01:00
Wojtek Porczyk
daf4a72f28 sudoers: do not require TTY 
This is required to run sudo from qubes-rpc.
 2015-03-21 01:49:17 +01:00
Wojtek Porczyk
6c0e567929 qubes-rpc-multiplexer: deprecate /etc/qubes_rpc, allow /usr/local 
/usr/local resides in private.img, so it is possible to define per-appvm RPC

Also, with the upcoming 3.0 release support for old (R1) paths is
removed.
 2015-03-21 01:48:06 +01:00
Marek Marczykowski-Górecki
04b5bd1b0a Do not load xen-usbfront automatically 
We no longer provide this module (it looks to be a dead project).
Instead in newer kernel USBIP can be used.
 2015-03-21 00:54:19 +01:00
Marek Marczykowski-Górecki
c33565b001 qrexec: enable compiler optimization 
Besides obvious profits, it also enables some additional compiler
warnings.
 2015-03-20 12:06:33 +01:00
Marek Marczykowski-Górecki
b718747c09 qrexec: do not wait for local process if no one exists 2015-03-20 12:05:48 +01:00
Marek Marczykowski-Górecki
9fe45aeae5 qrexec: fix compile warning 2015-03-20 03:05:05 +01:00
Marek Marczykowski-Górecki
b0c90d9d6c Provide stub files in /rw/config 2015-03-19 23:40:25 +01:00
Marek Marczykowski-Górecki
34a38c668e Create filesystem if the private.img is empty 2015-03-18 00:33:30 +01:00
Marek Marczykowski-Górecki
58da94acad Add support for comments in qubes-suspend-module-blacklist 2015-03-18 00:30:57 +01:00
Marek Marczykowski-Górecki
9a7b161c37 qrexec: move qrexec-client-vm to /usr/bin 2015-03-17 23:11:47 +01:00
Marek Marczykowski-Górecki
0d7a0e1beb qrexec: get rid of shell in services using EOF for any signaling 
Additional running shell could prevent EOF from being detected.
 2015-03-17 14:51:10 +01:00
Marek Marczykowski-Górecki
4b451ef680 qrexec: execute RPC service directly (without a shell) if it has executable bit set 
This will allow to use some different shell/language for a service (for
example python).
 2015-03-17 14:47:29 +01:00
Marek Marczykowski-Górecki
0f75603d6d qrexec: do not leak FDs to logger process 
This would prevent qrexec from detecting EOF.
 2015-03-17 14:46:53 +01:00
Marek Marczykowski-Górecki
a86d980ff4 qrexec: add option to use real stdin/out of qrexec-client-vm 2015-03-17 14:17:01 +01:00
Marek Marczykowski-Górecki
8f00bdb4a6 qrexec: process vchan data queue (esp MSG_EXIT_CODE) before sending anything 
In case of remote process exit even when some messages are still
waiting, vchan connection can be already closed. If we try to send some
data in this case (for example stdout of local process), there will be
an error, which will terminate qrexec-client-vm/qrexec-agent child. So
first check vchan data (where could be MSG_EXIT_CODE queued) , then
local process.

There is still some race condition in this code - remote process could
exit just after we check vchan, but before we send some data. But this
is much less probable and in the worst case we only loose remote process
exit code.
 2015-03-17 12:39:30 +01:00
Marek Marczykowski-Górecki
16c27fc409 qrexec: minor readability fix 2015-03-16 21:41:36 +01:00
Marek Marczykowski-Górecki
55e040cbef qrexec: do not break connection on duplicated SIGUSR1 
Child process can request to use single socket for both stdin and
stdout by sending SIGUSR1 signal. If it does so twice or more, previous
code broke the connection by closing the socket.
 2015-03-16 21:39:34 +01:00
Marek Marczykowski-Górecki
23fc3599e8 qrexec: better handle remote process termination 
If remote end terminates without proper protocol finish
(MSG_DATA_EXIT_CODE), terminate also local part instead of waiting
indefinitely.
 2015-03-16 21:37:59 +01:00
Marek Marczykowski-Górecki
4eb1d72aee qrexec: return remote process status as qrexec-client-vm exit code 
This doesn't cover all the cases, because local process could want to
receive that value (currently it cant), but I can't think of any simple,
*compatible* way to pass it there.
 2015-03-16 21:32:34 +01:00
Marek Marczykowski-Górecki
1aa05ebc36 qrexec: handle data vchan directly from qrexec-client-vm 
This way qrexec-client-vm will have much more information, at least:
 - will know whether the service call was accepted or refused
 - potentially will know remote process exit code
This commit implements the first point - the local process will not be
started if service call was refused.
 2015-03-16 21:10:25 +01:00
Marek Marczykowski-Górecki
203691fae0 qrexec: simplify makefile 2015-03-16 20:51:28 +01:00
Marek Marczykowski-Górecki
defbba9f92 Merge branch 'dispvm-speedup' 2015-03-04 02:25:11 +01:00
Marek Marczykowski-Górecki
3687c4e622 dispvm: do not restart qubesdb-daemon, use watch instead 
qubesdb-daemon will handle reconnection by itself.
 2015-03-04 02:10:28 +01:00
Marek Marczykowski-Górecki
57be910135 dispvm: include memory caches in "used memory" notification 
Also make the code more readable.
 2015-03-04 02:09:18 +01:00
Marek Marczykowski-Górecki
4303b7dc52 dispvm: use qubes.WaitForSession to wait for gui-agent startup 2015-03-04 02:08:22 +01:00
Marek Marczykowski-Górecki
88d7ca7940 Move mounting /rw and /home to separate service 
Many services depended on misc-post only because this was where /home
gets mounted. Move that to separate service, started earlier.
 2015-03-04 01:52:18 +01:00
Marek Marczykowski-Górecki
5c4e88a765 dispvm: close only visible windows during DispVM preparation 
Closing some invisible window can cause e.g. Firefox crash. Send the
message to visible windows and others should be cleaned up by the
application.
 2015-03-04 01:48:11 +01:00
Marek Marczykowski-Górecki
06a0d30d50 dispvm: start gui agent early, do not kill Xorg 
Now gui agent support reconnecting to guid.
 2015-03-02 02:30:06 +01:00
Marek Marczykowski-Górecki
8118037820 dispvm: kill all process after populating caches 
Do not longer rely on killing X server.
 2015-03-02 02:28:59 +01:00
Marek Marczykowski-Górecki
fdca69ae78 fc21: fix DispVM preparation - Xorg has new name 2015-03-01 20:27:27 +01:00