core-agent-linux

Author	SHA1	Message	Date
Marek Marczykowski-Górecki	60d16ea587	systemd: improve ordering of systemd units - qubes-misc-post.service is no longer responsible for mounting /rw - both qubes-sysinit.service and qubes-mount-dirs.service are part of basic.target, so no need to mention them explicitly (as long as DefaultDependencies=yes) QubesOS/qubes-issues#2198	2016-07-27 05:19:47 +02:00
Marek Marczykowski-Górecki	48a35d40d1	systemd: load xen-privcmd module It is needed for vchan communication. It was loaded implicitly by mount /proc/xen, but since we're moving away from this legacy interface, load it explicitly. QubesOS/qubes-issues#2194	2016-07-27 05:19:46 +02:00
Marek Marczykowski-Górecki	e0e89f153f	systemd: order qubes-mount-dirs.service before local-fs.target The service is really responsible for mounting /rw and /home, so should be ordered before local-fs.target - this will allow other services to use standard ordering targets. This probably makes Before=qubes-gui-agent.service not needed anymore, but do not remove it yet without extensive testing to not risk regression. Fixes QubesOS/qubes-issues#2194	2016-07-27 05:19:46 +02:00
Marek Marczykowski-Górecki	65f0b26600	systemd: plug random seed loading into systemd-random-seed Reuse its dependencies to make sure it is loaded early enough. Reported by @adrelanos Fixes QubesOS/qubes-issues#1761	2016-07-17 04:26:01 +02:00
Marek Marczykowski-Górecki	9b362a6d7d	systemd: don't mark updates check service failed Even if update check fails for some reason (network problem, apt-get lock being held etc), don't mark the service as failed. The update check mechanism is designed this way to not worry about such single failures - other VM(s) may still check and report updates availability. Fixes QubesOS/qubes-issues#1889	2016-07-16 15:30:40 +02:00
Marek Marczykowski-Górecki	6cf30bff29	Merge remote-tracking branch 'origin/pr/66' * origin/pr/66: fixed qubes-core-agent upgrading double package manager lock Fixes QubesOS/qubes-issues#1889	2016-07-13 22:38:25 +02:00
Marek Marczykowski-Górecki	6bd6380918	Merge remote-tracking branch 'qubesos/pr/18' * qubesos/pr/18: Enable xendriverdomain.service in 75-qubes-vm.preset Remove 'if true' wrapper from `06a0d30d50` Do block until good random is available again dvm, then xendriverdomain, then qrexec-agent	2016-07-10 17:17:11 +02:00
Rusty Bird	0cc4803a9d	Enable xendriverdomain.service in 75-qubes-vm.preset	2016-07-03 05:00:29 +00:00
Rusty Bird	ae1a334a1d	Remove 'if true' wrapper from `06a0d30d50`	2016-07-01 16:01:48 +00:00
Rusty Bird	cb55dfa6ae	Do block until good random is available again	2016-07-01 16:01:47 +00:00
Rusty Bird	fbf4c93730	dvm, then xendriverdomain, then qrexec-agent Fixes QubesOS/qubes-issues#2126 Fixes QubesOS/qubes-issues#1990	2016-07-01 16:01:47 +00:00
Rusty Bird	ca03e093f7	Order network management units after network-pre.target Network management software should order itself after network-pre.target (man 7 systemd.special) so that other units can order themselves before the beginning of network initialization. (qubes-misc-post too because it calls setup-ip.) Relevant for QubesOS/qubes-issues#2108	2016-06-30 16:20:47 +00:00
Patrick Schleizer	191b2a4cd9	Do not start tor@default service in TemplateVM. Not doing that already for the tor service. Since the actual tor service was renamed to tor@default by upstream.	2016-06-11 13:46:58 +00:00
Marek Marczykowski-Górecki	817606a09d	Merge remote-tracking branch 'origin/pr/72' * origin/pr/72: systemd: order units checking for qubes-service after qubes-sysinit	2016-05-17 21:16:02 +02:00
Marek Marczykowski-Górecki	5e08e2bc1d	systemd: order units checking for qubes-service after qubes-sysinit Files in /var/run/qubes-service are created by qubes-sysinit.service. So defer that condition check after that service start. Thanks @adrelanos for the report. Fixes QubesOS/qubes-issues#1985	2016-05-12 00:17:05 +02:00
Patrick Schleizer	23bdcb90a7	minor debug xtrace output	2016-05-03 15:16:59 +02:00
Patrick Schleizer	d14203f1ac	fixed bind-dirs legacy import function https://phabricator.whonix.org/T501	2016-04-29 23:44:18 +02:00
Patrick Schleizer	cfb75f3cba	fixed qubes-core-agent upgrading double package manager lock https://github.com/QubesOS/qubes-issues/issues/1889	2016-04-02 15:00:10 +00:00
Marek Marczykowski-Górecki	437680b731	Fix bind-dirs.sh path	2016-03-30 14:17:04 +02:00
Marek Marczykowski-Górecki	1b0e604eca	Merge remote-tracking branch 'origin/pr/65' * origin/pr/65: minor indent	2016-03-21 14:21:57 +01:00
Patrick Schleizer	5a1ea4f5e5	minor indent	2016-03-19 16:26:29 +01:00
Patrick Schleizer	77d51a69ea	use 'true' rather than ':' for consistency	2016-03-19 16:23:36 +01:00
Marek Marczykowski-Górecki	74625b1657	Merge remote-tracking branch 'origin/pr/58' * origin/pr/58: refactoring / code simplification fixed broken file copy for files in multi level directories also exit from bind-directories if file /var/run/qubes-service/qubes-dvm exists use symlink_level_max rather than hardcoding 10; comment run /usr/lib/qubes/bind-dirs.sh from mount-dirs.sh renamed: bind-dirs -> bind-dirs.sh renamed: misc/bind-dirs -> vm-systemd/bind-dirs work on bind-dirs work on bind-dirs work on bind-dirs https://phabricator.whonix.org/T414	2016-03-14 16:14:10 +01:00
Marek Marczykowski-Górecki	7f686b1aae	Merge remote-tracking branch 'origin/pr/60' * origin/pr/60: do not start the Tor service inside Qubes TemplateVMs	2016-03-14 16:11:44 +01:00
Marek Marczykowski-Górecki	07ad58b511	Merge remote-tracking branch 'origin/pr/62' * origin/pr/62: disable systemd-timesyncd	2016-03-14 16:10:50 +01:00
Marek Marczykowski-Górecki	fb9b3b62c0	network: use `qubes-primary-dns` QubesDB entry if present For a long time the DNS address was the same as default gateway. This is still the case in R3.x, but using `qubes-gateway` configuration parameter for it is misleading. It should be up to dom0 to provide DNS address (whether the value is the same as gateway or not). Fixes QubesOS/qubes-issues#1817	2016-03-07 13:37:45 +01:00
Patrick Schleizer	83d0ae6df4	disable systemd-timesyncd fixes https://github.com/QubesOS/qubes-issues/issues/1754	2016-02-19 02:34:08 +01:00
Patrick Schleizer	aee3f5ed12	do not start the Tor service inside Qubes TemplateVMs Private data inside /var/lib/tor should not be shared. Tor should not be run inside TemplateVMs. https://github.com/QubesOS/qubes-issues/issues/1625#issuecomment-172369781	2016-01-18 15:19:13 +01:00
Marek Marczykowski-Górecki	fb470fe86f	sysinit: Accept also old xenbus kernel interface qubes-sysinit.sh waits for xenbus initialization by watching its interface file presence. In linux before 3.10 there is no /dev/xen/xenbus, which is the case in Debian 7 (3.2 kernel). The problem applies only to the VMs with PVGrub enabled, because otherwise VM would use dom0 privided kernel, which is much newer. Fixes QubesOS/qubes-issues#1609	2016-01-13 05:05:00 +01:00
Patrick Schleizer	f4d367a6a7	refactoring / code simplification Thanks to @marmarek for the suggestion!	2016-01-08 00:36:26 +00:00
Patrick Schleizer	e9fca8fb9f	fixed broken file copy for files in multi level directories Thanks to @marmarek for the report and help fixing!	2016-01-07 21:19:52 +00:00
Patrick Schleizer	184f49dbbd	also exit from bind-directories if file /var/run/qubes-service/qubes-dvm exists Thanks to @marmarek for the suggestion! https://github.com/QubesOS/qubes-issues/issues/1328#issuecomment-169483029	2016-01-06 23:08:33 +00:00
Patrick Schleizer	7e8649f8c7	use symlink_level_max rather than hardcoding 10; comment	2016-01-06 20:46:38 +00:00
Patrick Schleizer	eb00e40bab	run /usr/lib/qubes/bind-dirs.sh from mount-dirs.sh	2015-12-25 12:30:36 +00:00
Patrick Schleizer	5a87313ea6	renamed: bind-dirs -> bind-dirs.sh	2015-12-25 12:30:35 +00:00
Patrick Schleizer	8f2a80982b	renamed: misc/bind-dirs -> vm-systemd/bind-dirs	2015-12-25 12:30:35 +00:00
MB	9c68afe14c	[network-proxy-setup] Permit !CONFIG_MODuLES * Check whether sysctl is accessible * Check whether a key which exists when CONFIG_MODULES=y is not accessible If true, CONFIG_MODULES=n, so ignore modprobe failure. If false, fail.	2015-11-29 00:00:00 +00:00
Patrick Schleizer	e323d3f4bd	Have qubes-sysinit create /var/run/qubes VM type files. - /var/run/qubes/this-is-appvm - /var/run/qubes/this-is-netvm - /var/run/qubes/this-is-proxyvm - /var/run/qubes/this-is-templatevm This is useful for checking ConditionPathExists from within systemd units. (Came up in https://phabricator.whonix.org/T432#7206.)	2015-11-22 21:55:51 +00:00
Marek Marczykowski-Górecki	13c9149b6c	Use improved update-notify script also in Fedora Among other things this also fixes build failure - those scripts were installed but not listed in spec file. Actual check doesn't perform 'apt-get update', so do that when running "standalone" (not as a hook from 'apt-get'). QubesOS/qubes-issues#1066	2015-11-13 05:28:47 +01:00
qubesuser	f380c346cf	Allow to provide customized DispVM home directly in the template VM This significantly speeds up DispVM creation for large customized homes, since no data has to be copied, and instead CoW is used.	2015-11-12 15:33:01 +01:00
Marek Marczykowski-Górecki	97e5072315	Revert "preset disable tinyproxy by default" This reverts commit `f32dccb5e3`. Not needed anymore since dropin approach is implemented.	2015-11-11 16:04:52 +01:00
Marek Marczykowski-Górecki	3324307ee2	Merge remote-tracking branch 'origin/pr/46' * origin/pr/46: No longer start /etc/init.d/tinyproxy by default anymore.	2015-11-11 16:04:40 +01:00
Patrick Schleizer	5d6cf722a8	No longer start /etc/init.d/tinyproxy by default anymore. But allow users to re-enable it through qubes-service framework. /var/run/qubes-service/tinyproxy Thanks to @marmarek for helping with this fix! https://github.com/QubesOS/qubes-issues/issues/1401	2015-11-11 14:57:36 +00:00
Marek Marczykowski-Górecki	2a589f2c20	updates-proxy: use separate directory for PID file And also use systemd-tmpfiles for that directory creation. Fixes QubesOS/qubes-issues#1401	2015-11-11 05:57:57 +01:00
Marek Marczykowski-Górecki	90b4398863	Merge remote-tracking branch 'origin/pr/43' * origin/pr/43: preset disable tinyproxy by default	2015-11-11 05:27:52 +01:00
Marek Marczykowski-Górecki	3466f3df35	systemd: make sure that update check is started only after qrexec-agent	2015-11-11 02:36:57 +01:00
Patrick Schleizer	f32dccb5e3	preset disable tinyproxy by default Fixes https://github.com/QubesOS/qubes-issues/issues/1401	2015-11-10 20:08:26 +00:00
Olivier MEDOC	0c33c73b8e	dropins: implement dropins for systemd user starting with pulseaudio systemd service and socket masking Conflicts: Makefile	2015-11-07 19:12:30 +01:00
Olivier MEDOC	4b5332081e	add DROPINS for org.cups.cupsd systemd files.	2015-11-06 19:36:52 +01:00
Marek Marczykowski-Górecki	6752be9196	No longer disable auditd On Fedora 22 console is trashed with a lot of messages without auditd running. QubesOS/qubes-issues#1282	2015-11-03 18:15:20 +01:00

1 2 3 4

183 Commits