Commit Graph

1863 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
a86d980ff4 qrexec: add option to use real stdin/out of qrexec-client-vm 2015-03-17 14:17:01 +01:00
Marek Marczykowski-Górecki
8f00bdb4a6 qrexec: process vchan data queue (esp MSG_EXIT_CODE) before sending anything
In case of remote process exit even when some messages are still
waiting, vchan connection can be already closed. If we try to send some
data in this case (for example stdout of local process), there will be
an error, which will terminate qrexec-client-vm/qrexec-agent child. So
first check vchan data (where could be MSG_EXIT_CODE queued) , then
local process.

There is still some race condition in this code - remote process could
exit just after we check vchan, but before we send some data. But this
is much less probable and in the worst case we only loose remote process
exit code.
2015-03-17 12:39:30 +01:00
Marek Marczykowski-Górecki
16c27fc409 qrexec: minor readability fix 2015-03-16 21:41:36 +01:00
Marek Marczykowski-Górecki
55e040cbef qrexec: do not break connection on duplicated SIGUSR1
Child process can request to use single socket for both stdin and
stdout by sending SIGUSR1 signal. If it does so twice or more, previous
code broke the connection by closing the socket.
2015-03-16 21:39:34 +01:00
Marek Marczykowski-Górecki
23fc3599e8 qrexec: better handle remote process termination
If remote end terminates without proper protocol finish
(MSG_DATA_EXIT_CODE), terminate also local part instead of waiting
indefinitely.
2015-03-16 21:37:59 +01:00
Marek Marczykowski-Górecki
4eb1d72aee qrexec: return remote process status as qrexec-client-vm exit code
This doesn't cover all the cases, because local process could want to
receive that value (currently it cant), but I can't think of any simple,
*compatible* way to pass it there.
2015-03-16 21:32:34 +01:00
Marek Marczykowski-Górecki
1aa05ebc36 qrexec: handle data vchan directly from qrexec-client-vm
This way qrexec-client-vm will have much more information, at least:
 - will know whether the service call was accepted or refused
 - potentially will know remote process exit code
This commit implements the first point - the local process will not be
started if service call was refused.
2015-03-16 21:10:25 +01:00
Marek Marczykowski-Górecki
203691fae0 qrexec: simplify makefile 2015-03-16 20:51:28 +01:00
Marek Marczykowski-Górecki
defbba9f92 Merge branch 'dispvm-speedup' 2015-03-04 02:25:11 +01:00
Marek Marczykowski-Górecki
3687c4e622 dispvm: do not restart qubesdb-daemon, use watch instead
qubesdb-daemon will handle reconnection by itself.
2015-03-04 02:10:28 +01:00
Marek Marczykowski-Górecki
57be910135 dispvm: include memory caches in "used memory" notification
Also make the code more readable.
2015-03-04 02:09:18 +01:00
Marek Marczykowski-Górecki
4303b7dc52 dispvm: use qubes.WaitForSession to wait for gui-agent startup 2015-03-04 02:08:22 +01:00
Marek Marczykowski-Górecki
88d7ca7940 Move mounting /rw and /home to separate service
Many services depended on misc-post only because this was where /home
gets mounted. Move that to separate service, started earlier.
2015-03-04 01:52:18 +01:00
Marek Marczykowski-Górecki
5c4e88a765 dispvm: close only visible windows during DispVM preparation
Closing some invisible window can cause e.g. Firefox crash. Send the
message to visible windows and others should be cleaned up by the
application.
2015-03-04 01:48:11 +01:00
Marek Marczykowski-Górecki
06a0d30d50 dispvm: start gui agent early, do not kill Xorg
Now gui agent support reconnecting to guid.
2015-03-02 02:30:06 +01:00
Marek Marczykowski-Górecki
8118037820 dispvm: kill all process after populating caches
Do not longer rely on killing X server.
2015-03-02 02:28:59 +01:00
Marek Marczykowski-Górecki
fdca69ae78 fc21: fix DispVM preparation - Xorg has new name 2015-03-01 20:27:27 +01:00
Marek Marczykowski-Górecki
c9e36eff14 Tag for commit da2b0cde16
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJU8N9vAAoJEBu5sftaTG2twC4P/A+AhTkx6VL7GtzuPKTlGSrL
 nwdDgazTKm7ZuZrRdr5H5vuSH9FQhcjcEg3yC3DR4AMebd4KHVggL15CpUwp/LpI
 BuVIIi5Apn0e3QkXU2VpU+EzlY0fcIxVUqhskfTGzgnq9qd+uKOM5O2i9Z/263Ld
 UV4RGaWXt9hKIO4AbGafRuadQYJVC5/DdTKKA/H61vng6EiXwi3jMlZJyS5Lfgdr
 NWedy9l5scUBElzKyplz/htPmghi3LQx7uJSEvHJYgGCrbksRDRD73TUmG6OV6mB
 CT8ApZ3rOiekhuYdT7d0E8MOdID/LBCipabLpXEHfmtwYTtM3YZzxrnBXM7CcS0s
 j7OKQyMeWMHvmEVvZzBpFuq/bjxL6ltBPoJ0uYTjIaK2RkiJajEUqjtt9d0mBMDq
 qN2wPvDqpWCfDps10Iu/zLIBejo71bTTve9M9G0Z13M8g/6MjUDmSESar0tEhnEG
 zlEwwTCk4Tqu2zdGpJSpKjAY7rmsI4IpdREvXbuXXwvMKlVIG6eR91muyz4gAxx3
 KsPKPQKKGDNO9ZuJAqYt6+Ec2xp+BhlnhN0vvgciPvpK48YRkyFUaRM52Q0hVaUA
 kZPc9JjPbyDX44S9EA+HBNzMKSaPSqyPDv8cH0ws83MoOLdi+xItK4e5rLyKQVd+
 Kw502V+yos6e/72lhAnm
 =f3yD
 -----END PGP SIGNATURE-----

Merge tag 'jm_da2b0cde'

Tag for commit da2b0cde16

# gpg: Signature made Fri Feb 27 22:19:43 2015 CET using RSA key ID 5A4C6DAD
# gpg: Good signature from "Jason Mehring (Qubes OS Signing Key) <nrgaway@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E0E3 2283 FDCA C1A5 1007  8F27 1BB9 B1FB 5A4C 6DAD
2015-03-01 02:08:14 +01:00
Jason Mehring
da2b0cde16
Removed code that deleted original nautilus actions
dpkg/rpm should handle this automatically on upgrading package
2015-02-27 16:17:44 -05:00
Jason Mehring
6836420c3c
Removed nautilus-actions depend and replaced with nautilus-python
nautilus-actions was orphaned in fc21, so all nautilus context menus have
been re-written as nautilus-python extensions
2015-02-27 00:52:17 -05:00
Jason Mehring
53fc7955f9
Switched qvm-move-to-vm.{gnome,kde} scripts to use bash not sh
Both these scripts contain `pipefail` which is a bash option and will
fail in dash
2015-02-27 00:47:33 -05:00
Marek Marczykowski-Górecki
fda293f09a Fix "backup: fix qubes.Restore service - do not send garbage as backup data" 2015-02-22 14:36:11 +01:00
Marek Marczykowski-Górecki
29f5709c53 qrexec: fork into background after setting up qrexec-fork-server socket
This allows qubes-session signalling dom0 when session is really ready.
2015-02-22 03:12:54 +01:00
Marek Marczykowski-Górecki
dc41b3872c Tag for commit de51e155f3
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJU5oZKAAoJEBu5sftaTG2tbAUQAMfGO8f0Ml/rNpQI+TvQryCg
 4tzdToILvk1pEjNxX5my6sDMxrHXf3fqOl8CQkNUbUZvVeFbDsZNodzE0ZNmJI+u
 qaJBi+cG3KeE7LoqqzVhMyzwzBzd/WmSPqgNaJkEFgadmp77B61R7im4oCPxwk0j
 gHloe91B+qq+lNBAbrphf6GJ6HgiTyGnDppXc3WSr6YMpNrdDlWmaPXHknfcm8WC
 2Ay3ml16o0Xt6PHHwm4SUuxFSVmXYSU1HYHGPvnxx3jc5Dgt+FWM8yEsTQlKHpE0
 3kTc2F6VTak5TcDIInGeot0FPv7+m8Hmdbc3uDy3LtMHvE39DxnGPUrwK6Vpumf6
 7U8oisUfeP2wFwIzs8ZJwvNvnz86vb+Kl+s9fgXvT9LJjCHkC+fGczjtNLtSH007
 7qiE1GAGbxi2K2e7fe6XEC0nDEt1mDBM7dFW/3siR6XU7mz7Eay71FtY6kVL6bOc
 FNmn+8u0w784ZMr91biNVzxLFRygDueV/zXeOy0QTIwIrWvk3IdfVsiPFF+u8L24
 diiMcBRtV1lvSHCFP2jPXR4yfbQ3qDGsScuL5zeJnRFwuzcBu8gFkPhdvGasK9sc
 DAGxYb2AeCBFMV+six+NLmfZZCNki7yQzSWxqAisP8unwGh8Jl0nJHwbpWNPwIZ1
 5ob6rJ8Vu/t3P8oftG7R
 =yx2Q
 -----END PGP SIGNATURE-----

Merge tag 'jm_de51e155'

Tag for commit de51e155f3

# gpg: Signature made Fri Feb 20 01:56:42 2015 CET using RSA key ID 5A4C6DAD
# gpg: Good signature from "Jason Mehring (Qubes OS Signing Key) <nrgaway@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E0E3 2283 FDCA C1A5 1007  8F27 1BB9 B1FB 5A4C 6DAD
2015-02-20 02:55:50 +01:00
Jason Mehring
de51e155f3
debian: Add extend-diff-ignore options to debian packager
This will ignore excluded deb, rpm, pkg and .git directories that were
tar'ed for the .orig.tar.gz debian upstream package file and will prevent
build errors
2015-02-19 19:56:23 -05:00
Marek Marczykowski-Górecki
b560596f1b backup: fix qubes.Restore service - do not send garbage as backup data
Do not send 'which' command output to stdout, as it will mess real
backup data.
This fixes regression introduced by this commit:
commit dad5bfbd18
Author: HW42 <hw42@ipsumj.de>
Date:   Thu Feb 5 03:14:41 2015 +0100

    remove 'bashisms' or explicit use bash
2015-02-18 22:37:36 +01:00
Marek Marczykowski-Górecki
3c67f98a9b debian: fix version number 2015-02-17 16:25:01 +01:00
Marek Marczykowski-Górecki
4947c0c53a version 3.0.1 2015-02-17 14:14:16 +01:00
Marek Marczykowski-Górecki
b655d968c4 updates-proxy: allow xz compressed metadata (fc21) 2015-02-17 14:11:09 +01:00
Marek Marczykowski-Górecki
f2f5aa1215 debian: exclude binary packages from source archive 2015-02-17 14:10:42 +01:00
Marek Marczykowski-Górecki
2dd2fe83c3 debian: reenable -Werror, mentioned warning already fixed 2015-02-17 14:10:21 +01:00
Marek Marczykowski-Górecki
e43c43f7b5 qrexec: fix compile warning 2015-02-17 14:09:36 +01:00
Marek Marczykowski-Górecki
f8db065a75 Merge remote-tracking branch 'nrgaway/r3-templates' 2015-02-17 04:58:04 +01:00
Marek Marczykowski-Górecki
e47197569a Adjust permissions of /var/run/qubes 2015-02-17 04:56:35 +01:00
Marek Marczykowski-Górecki
9bbfb4a567 Merge branch 'qrexec-sockets3' 2015-02-17 04:22:11 +01:00
Marek Marczykowski-Górecki
700c240d37 qrexec: add simple "fork server" to spawn new processes inside user session
This process should be started from user session (most likely
qubes-session). New processes (of that user) will be created as
children of that session making logind and such crap happy. This should
also solve problems with EOF transmission (no additional "su" process)
and prevent loading all the environment multiple times.
2015-02-17 04:18:34 +01:00
Marek Marczykowski-Górecki
4b5960daa3 qrexec: reorganise code for upcoming change
Move (qrexec-agent version of) do_exec to qrexec-agent.c, move
handle_handshake to qrexec-agent-data.c (common to all agent binaries).
Fix indentation (tabs -> spaces).
2015-02-17 04:06:19 +01:00
Marek Marczykowski-Górecki
c1cb78e0e8 qrexec: use sockets instead of pipes to communicate with child process
The main advantage is possible use of single socket for both stdin and
stdout. This is strictly required for using USBIP over qrexec.

For compatibility qrexec still creates three socket pairs (instead of
pipes) for stdin/out/err respectively. When qrexec-agent receives
SIGUSR1, it will close stdout socket and use stdin socket for both
directions.

Some additional work is needed here to actually allow child process to
send that signal - qrexec is running as root, but child as "user" in
most cases.
2015-02-17 01:36:09 +01:00
Jason Mehring
923416914d
Merge branch 'master' of git://git.qubes-os.org/marmarek/core-agent-linux into r3-templates 2015-02-14 13:12:21 -05:00
Jason Mehring
567a045bcd
Make sure when user is added to qubes group that the group is appended
added -a option to usermod.
This will prevent other groups from being un-subscribed when qubes group is added
2015-02-13 15:00:54 -05:00
Jason Mehring
197fa604ed
debian: Remove unneeded patch file and README 2015-02-12 11:34:13 -05:00
Jason Mehring
9b35bbdcb4
debian: Remove dist target from Makefile as copy-in is now being used 2015-02-12 11:32:45 -05:00
Jason Mehring
51c94ccc2b
debian: Move creation of directories into debian.dirs configuration file 2015-02-12 11:29:00 -05:00
Jason Mehring
45cbeda244
debian: Revert depends back to use libxen-dev 2015-02-12 11:27:35 -05:00
Marek Marczykowski-Górecki
4dbd9e205c network: fix handling newline in firewall rules
Since the rules are no more directly handed to echo -e, sed needs to
handle all escape sequences used in rules (newline only, but in
different notations).
2015-02-11 14:14:27 +01:00
Jason Mehring
6e3be531c5
Merge branch 'r3-templates' of github.com:nrgaway/core-agent-linux into r3-templates
Conflicts:
	debian/rules
2015-02-11 08:06:45 -05:00
Jason Mehring
2274e65a32 debian: Refactor Debian quilt packaging for xen
- Use copy-in for debian-quilt package in Makefile.builder instead of hook (to be removed) in Makefile.debian
- Remove patches from debian/patches; they are now applied dynamicly from series-debian-vm.conf
2015-02-11 08:02:55 -05:00
Jason Mehring
79650f0c4c debian: Converted debian package to a quilt package to allow patches
Applied patch to qrexec Makefile to prevent compile failure on warnings
  qrexec: Disable all warnings being treated as errors

  gcc -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -I. -g -Wall -Wextra -Werror -pie -fPIC `pkg-config --cflags vchan-xen` -D_FORTIFY_SOURCE=2  -c -o qrexec-agent-data.o qrexec-agent-data.c
  qrexec-agent-data.c: In function 'handle_remote_data':
  qrexec-agent-data.c:217:17: error: dereferencing type-punned pointer will break strict-aliasing rules [-Werror=strict-aliasing]
                 status = *(unsigned int *)buf;
                 ^
  cc1: all warnings being treated as errors
  <builtin>: recipe for target 'qrexec-agent-data.o' failed
2015-02-11 08:02:55 -05:00
Jason Mehring
f1390c1436 Set permissions to /proc/xen/privcmd, so a user in qubes group can access 2015-02-11 08:02:55 -05:00
Jason Mehring
fe7ba5e9d6 Remove 'xen.evtchn' udev rule
This rule already gets set in linux-utils
linux-utils/udev/udev-qubes-misc.rules:KERNEL=="xen/evtchn", MODE="0660", GROUP="qubes"
2015-02-11 08:02:55 -05:00