Commit Graph

489 Commits

Author SHA1 Message Date
Marek Marczykowski
382b90c543 Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/smoku/core
Conflicts:
	dom0/qvm-core/qubes.py
2011-03-10 16:05:48 +01:00
Rafal Wojtczuk
9f3fcc862a Implemented mechanism to trigger predefined execution in dom0.
Processes in AppVM can ask qrexec-agent to send a
MSG_AGENT_TO_SERVER_TRIGGER_EXEC message to qrexec-daemon.
The latter will execute predefined program. It is useful for
the purpose of file copy; the predefined program will create
a connected qfile-daemon<->qfile-agent pair.
2011-03-10 15:41:31 +01:00
Tomasz Sterna
76bf222dd2 Added FirewallVM related VM scripts 2011-03-09 20:50:13 +01:00
Rafal Wojtczuk
06c0bd007c Moved vchan and u2mfn code to core. 2011-03-08 12:24:47 +01:00
Marek Marczykowski
dc5b65c23d Add BR to core-appvm.spec 2011-03-06 14:06:24 +01:00
Rafal Wojtczuk
f3428531a8 qrexec* tools, initial version 2011-03-04 16:32:58 +01:00
Joanna Rutkowska
60b0eb28e8 Merge branch 'ticket4' of git://qubes-os.org/rafal/core 2010-09-17 17:30:36 +02:00
Rafal Wojtczuk
2c23edd1ee Require NetworkManager >= 0.8.1-1
Unfortunately, config files layout changes with NM version; therefore
require >= 0.8.1-1.
This should also prevent NM from messing with VIF interfaces on suspend/resume.
2010-09-17 15:16:01 +02:00
Joanna Rutkowska
1328cce87e core-appvm.spec: create 'user' user in %pre instead of in %post
... otherwsie rpm -i throws an error when trying to set permissions for
/home_volatile/user, as the user 'user' doesn't exist when the %files section
is being processed during rpm install (if this is a first install of the rpm).
2010-09-15 15:33:09 +02:00
Joanna Rutkowska
2a6356a6dd Merge branch 'qmemman' of git://qubes-os.org/rafal/core 2010-09-13 15:05:13 +02:00
Rafal Wojtczuk
f810fbb547 Tell Network Manager to keep hands off vif interfaces
...somehow indirectly, by specifying the mac; unfortunately I do not
see any other way.
2010-09-07 13:18:08 +02:00
Rafal Wojtczuk
23e11f5f6f Switch to routed VM network (instead of bridging)
No headache from layer 2 attacks.
2010-09-06 17:07:42 +02:00
Rafal Wojtczuk
c0f47663c8 Unify dom0 and netvm sysconfig/iptables
Plus:
- dedicated chain for DNAT to nameservers
- prevent intervm networking. Can be conveniently overriden in necessary cases
by inserting ACCEPT clauses (per VM, probably) at the top of FORWARD
2010-09-06 15:10:01 +02:00
Rafal Wojtczuk
7ff498c43b qmemman: make meminfo-writer a C program 2010-09-03 16:23:09 +02:00
Rafal Wojtczuk
ea58a5e299 Memory management across VMs, first release 2010-08-30 11:40:19 +02:00
Rafal Wojtczuk
a646ad46b1 Pathnames cleanup
Move internal scripts to /usr/lib/qubes plus a couple of similar.
2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
c518538f59 DVM: execute user script before save
qubes_prepare_saved_domain.sh now takes optional second argument, the
filename. The content of the file will be copied (via xenstore) to DVM
and executed just before save. This makes it possible to preload memory
with useful apps.
2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
1baf862455 add qvm-dvm.desktop to rpm files section 2010-07-21 12:57:02 +02:00
Rafal Wojtczuk
ea9f0f12f9 qvm-dvm.desktop entry 2010-07-21 12:57:01 +02:00
Rafal Wojtczuk
0d05b0ffe9 core-appvm requires mimeopen now 2010-07-21 12:57:01 +02:00
Rafal Wojtczuk
db8962f748 dvm: appvm side code 2010-07-21 12:56:43 +02:00
Rafal Wojtczuk
0a11679afb Quick VM restore support 2010-07-21 12:56:21 +02:00
Joanna Rutkowska
f8c4f5ddc5 netvm spec: do not create user in %post
We don't need user account in netvm, do we?
2010-06-18 01:54:38 +02:00
Joanna Rutkowska
c5803483b4 appvm spec: do not attempt to remove HWADDR from ifcfg-eth0
Again, this is important when installing on an image created using yum --instalroot, in which
case there will be no ifcfg file. Besides, seems like we don't need it anymore, do we?
2010-06-18 01:53:48 +02:00
Joanna Rutkowska
89d01e6b1b appvm: create /home/user in core-appvm %post
This is needed when the template image is created using yum --installroot, rather
than regular installation process.
2010-06-18 01:52:01 +02:00
Joanna Rutkowska
39a0f5f7e7 appvm, netvm spec: be quite in %post 2010-06-18 01:50:43 +02:00
Joanna Rutkowska
f03fcef295 Require F13 in VM 2010-06-18 01:48:56 +02:00
Joanna Rutkowska
fc65789263 appvm,netvm spec: Fix [ -e fstab ] conditional in %pre 2010-06-18 01:48:18 +02:00
Joanna Rutkowska
0f07b7c7e1 Fix serial console on VM to work on F13 (REQUIRES F13) 2010-06-18 01:45:27 +02:00
Joanna Rutkowska
5b5de14bc0 Make dom0, appvm, netvm use different qubes.repo 2010-06-18 01:41:10 +02:00
Joanna Rutkowska
0fd30a3eac Remove dom0-cleanup.spec 2010-06-15 12:21:24 +02:00
Joanna Rutkowska
ed4fbda53e rpm specs: %post cleanup
Moved some stuff from the begging of %post sections after the
'if installing-for-the-first-time' check.
2010-06-15 00:02:48 +02:00
Rafal Wojtczuk
68919b0d37 Install qubes_{setup_dnat_to_ns,nmhook} from common/ 2010-05-31 13:17:04 +02:00
Rafal Wojtczuk
e9f3414ef6 Lock out root and user passwords; provide passwordless login on the serial console 2010-05-30 15:45:40 +02:00
Rafal Wojtczuk
940cae99d6 Add qubes.repo to all qubes-core-* rpms. 2010-05-30 15:45:40 +02:00
Rafal Wojtczuk
046802948f Turn on IP forwarding in sysctl.conf 2010-05-30 15:45:40 +02:00
Rafal Wojtczuk
952d2f1d8e Get rid of dnsmasq in netvm.
qubes_setup_dnat_to_ns script sets up DNAT rules for DNS traffic; it is
triggered by dhclient or NetworkManager, and manually (in case there is
a static resolv.conf).

Put IP-dependent rules in qubes-core, after local ip is known. It could be
further improved by introducing custom chains, to enable iptables save.

Restrict FORWARD.
2010-05-30 15:45:35 +02:00
Rafal Wojtczuk
e1efcf60b3 Allow user in VM to mount /dev/xvdi; so that we can do
...block-attach... something vfat-formatted...xvdi
in dom0.
2010-05-13 15:23:31 +02:00
Joanna Rutkowska
349a2d0c15 Initial public commit.
(c) 2010 Invisible Things Lab

Authors:
=========
Joanna Rutkowska <joanna@invisiblethingslab.com>
Rafal Wojtczuk  <rafal@invisiblethingslab.com>
2010-04-05 20:58:57 +02:00