Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,362 Commits 1 Branch 0 Tags 6.4 MiB
8f00bdb4a6
Commit Graph

38 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
f8db065a75 Merge remote-tracking branch 'nrgaway/r3-templates' 2015-02-17 04:58:04 +01:00
Marek Marczykowski-Górecki
e47197569a Adjust permissions of /var/run/qubes 2015-02-17 04:56:35 +01:00
Jason Mehring
f1390c1436 Set permissions to /proc/xen/privcmd, so a user in qubes group can access 2015-02-11 08:02:55 -05:00
HW42
dad5bfbd18 remove 'bashisms' or explicit use bash 2015-02-05 05:42:08 +01:00
Marek Marczykowski-Górecki
19a4c6d0dd network: support for not setting DNS and/or default gateway (v2) 
This patch introduces two new qvm-services:
 - disable-default-route
 - disable-dns-server
Both disabled by default. You can enable any of them to not set default
route and/or DNS servers in the VM. Those settings have no effect on
NetVM, where such settings are controlled by NetworkManager.

This is based on patch sent by Joonas Lehtonen
<joonas.lehtonen@openmailbox.org>
https://groups.google.com/d/msgid/qubes-devel/54C7FB59.2020603%40openmailbox.org

Conflicts:
	network/setup-ip
	vm-init.d/qubes-core
	vm-systemd/qubes-sysinit.sh
 2015-01-30 00:52:31 +01:00
Marek Marczykowski-Górecki
4637735882 network: support for not setting DNS and/or default gateway 
This patch introduces two new qvm-services:
 - set-default-route
 - set-dns-server
Both enabled by default. You can disable any of them to not set default
route and/or DNS servers in the VM. Those settings have no effect on
NetVM, where such settings are controlled by NetworkManager.

This is based on patch sent by Joonas Lehtonen
<joonas.lehtonen@openmailbox.org>
https://groups.google.com/d/msgid/qubes-devel/54C39656.3090303%40openmailbox.org

Conflicts:
	network/setup-ip
	vm-init.d/qubes-core
	vm-systemd/qubes-sysinit.sh
 2015-01-30 00:48:55 +01:00
Marek Marczykowski-Górecki
9130636c88 Merge branch 'debian' 
Conflicts:
	misc/qubes-r2.list.in
	misc/qubes-trigger-sync-appmenus.sh
	network/30-qubes-external-ip
	network/qubes-firewall
	vm-systemd/network-proxy-setup.sh
	vm-systemd/prepare-dvm.sh
	vm-systemd/qubes-sysinit.sh
 2015-01-30 00:30:24 +01:00
Marek Marczykowski
1f04cf34cc systemd: fix qubes-service handling 
qubesdb-list does show only list of paths, without values. Use
qubesdb-multiread instead. Path (argument) must have terminating '/' so
it will be cut of printed paths (service names only).
 2014-11-19 15:34:33 +01:00
Marek Marczykowski
db35abadc8 Use Qubes DB instead of Xenstore 2014-11-19 15:34:33 +01:00
Marek Marczykowski-Górecki
c817bb0282 little fix for the official template 
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCgAGBQJUWE+GAAoJEIwFIWzgnAk8azoQAJPOdglmiJlu+p5nRQ0ZRP6F
 nammIQhOg1oE0hCTX6H4DnEMnaZmFyGj96JWUX3zES8NF9zYvq4sgJCtZVEK35lm
 /Fxe899NpDlHaHwPqnXoYAKWZnMnyx3Z5XTxYb3A8JQdJCVWJPi2qYw2TBb6iBIp
 hzznI3drhOd8rdkFHXGk/FsBjqFP1mn98GDP4N/XLOZUnK+MiWyxrp0c+QVgybRX
 2XOUhsBPbr/XS/fkMBEia1hJhBf+FYJsFeCARGjYnbI+TKMaPrYaIX6DRqjFMhSS
 eEALEWsYsDiYGerWNBNGxbJ7RWsN4vm+WDfKdi7Hp2TgHeH0z93w40VegU3k7Asx
 NjfehCwT3wjMmtUFYhfhYfIop5305LLLJPPkY/ML+u6Mznzr7OkostMeyMhDxcrq
 lSELqg2HDwEsSwtwEz7kP6fYyfpJRd8yndg48cVonatwPwdjoCMiAz93TIF7Tvvz
 xQaNUidkKL8qQi67ArSQUlQlwGJNngwLRhepaMo0FD4JWSQ5pHc00EYxtJio2LPs
 7prv8ETbTj0bcFb/xKNSxBCGOrLdleHAEdhrpvqHa5nUzMiHw+tMuJbX+f0jOx/Q
 OSgx/dvK9GIyxM7UlsS+Whye3iGeNwsA1ai4TL0n1PFM+DjemBjEbfIl2nxLjG3O
 cXas4+wsl0+qXRk/PDOn
 =6kCH
 -----END PGP SIGNATURE-----

Merge tag 'hw42_debian-systemd-3' into debian

Conflicts:
	debian/control
	Merged postinst scripts from hw42 and nrgaway
 2014-11-05 04:35:23 +01:00
HW42
63e915f6d4 Tag for commit 5d68e2cc70 
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJUTruhAAoJEAY5OLpCz6ck7IcP/i4JXNEMO8vDSgphM50NIIz6
 +hLb+kXBGeL9SsQKRlz000BUOcIsg+d2ibwnTsi1kNuq2OgJOAHAp5hHgHGc5ddG
 0PLFf/Ddexl7/2cG/hKekXiIpXGcuhqgsIfatqcKB228mVLG8y/kqwViIDbMgg10
 X8Aiq1ba0EeHI7xskkPb1hzkszOfLFoEXCRjt+BQsmr+Bll+sAzCS3G9vSbhczFl
 wmTtgOiu2fWsPgOB2O6HYeO0PUUX+jGF/jncZYf85pEwMccNqRIWjSJC6ti533zv
 5x1bWKWFymBAUcTS+xi00FPeatmQ7b5ywMxTwbqIQkE1Mrt436Dz/B1r0E58q0AH
 gu4qG/KPBNdRBD4vPrvLKiyood/XIpvz0+6QqS9rFMKt71OSzmMR1WeLgclCn768
 cR510iZyJjmqe9lLQQTCJr+oqvwiVot7sfsgj1XP5PozalTkdIawioIZjeX5Zz4O
 +zo+P+jIV+P6QbN+0nD+vrW8kSZlM8vt+OVBPhon/bMFxGKZervs7kFUCNPn6fUK
 WNw8lSrKQqJe/a805Ktku8moatVElmexj7XTkII1nnAnEu6/bokJqjCHQ933794l
 ERRwitFN+BWm3OBXq/BsdSnCotT+gnlMEDtuHiD0JHQBGwxAZGQtliQhWLF25Ekh
 BJkmYBjqgnjCsQFUBMnn
 =shGW
 -----END PGP SIGNATURE-----

Merge tag 'mm_5d68e2cc' into debian-systemd

Tag for commit 5d68e2cc70

Conflicts:
	Makefile
	debian/rules
	network/qubes-firewall
	vm-systemd/misc-post.sh
	vm-systemd/qubes-sysinit.sh
 2014-11-03 04:28:00 +01:00
Marek Marczykowski-Górecki
a4e4a6214b systemd: fix xenstore-ls path 2014-11-02 00:31:49 +01:00
Marek Marczykowski-Górecki
5d68e2cc70 Handle tabs in /etc/hosts 2014-10-27 22:39:25 +01:00
Marek Marczykowski-Górecki
e83a91e3d3 debian: migrate to native systemd services 2014-09-30 00:54:33 +02:00
HW42
0d0261d1c1 improve update of /etc/hosts 
* use 127.0.1.1 under debian (since it's the default there)
 * also set the IPv6 loopback address (::1) since some tools tries to
   AAAA resolve the hostname (for example sendmail)
 * ensure proper /etc/hosts format through postinst-script (hostname as
   last entry)
 2014-09-29 05:25:32 +02:00
HW42
4886411570 various patches for debian 
this should enable debian based templates to be used as proxy/netvm
 2014-09-29 05:25:24 +02:00
Marek Marczykowski-Górecki
2e4cdc2f8d Rename yum-proxy-setup service to updates-proxy-setup 
Fedora is no longer the only supported distribution, so change the
service name to be more generic. Old name still supported for
compatibility.
 2014-09-27 01:52:19 +02:00
Marek Marczykowski-Górecki
3f19c89301 Rename qubes-yum-proxy service to qubes-updates-proxy 
It is no longer Fedora-only proxy, so rename to not confuse the user.
Also documentation refer to it as "updates proxy" for a long time.
 2014-09-27 00:32:52 +02:00
Marek Marczykowski-Górecki
90c84be5fb systemd: do not reexec when not necessary 
Do not reexec systemd when running version is the same as installed
binary. Apparently reexec causes some race condifions, which result in
assertion fail in systemd.
 2014-07-16 04:15:21 +02:00
Marek Marczykowski-Górecki
f1a997c1c4 systemd: reexec systemd to ensure right version is running 
SystemD version can differ from initramfs one (which is build in dom0
build environment), so reexec it at startup.

This fixes systemd-212 archlinux issue.
 2014-04-23 01:50:21 +02:00
Marek Marczykowski-Górecki
0dd45655e3 init: remove rc.local-early reference 
It can't work - there is no /rw mounted at this VM startup stage.
 2014-03-28 05:12:48 +01:00
Marek Marczykowski
30ca124784 The Underscores Revolution: xenstore paths 2013-03-14 04:29:15 +01:00
Marek Marczykowski
213380a7c3 vm: setup /dev/xen/evtchn permissions using udev rule 
This works also when the device is recreated, which is the case in DispVM
(during xl restore).
 2012-11-22 00:51:18 +01:00
Marek Marczykowski
aa1babada1 vm: setup device permission to allow non-root vchan servers 
This will allow to start pulseaudio as normal user and get rid of preloaded
library.
 2012-11-03 05:22:03 +01:00
Marek Marczykowski
e0780538f6 vm/systemd: force exit status 0 in qubes-sysinit 
If /rw/config/rc.local-early does not exits, exit status is incorrectly 1.
 2012-10-15 02:33:36 +02:00
Marek Marczykowski
fccb6d31c6 vm/systemd: early user-configurable init script 2012-09-23 23:28:58 +02:00
Marek Marczykowski
03b5c4778a vm: use yum proxy in TemplateVM by default (#590) 2012-06-05 21:21:53 +02:00
Marek Marczykowski
0430e5186b vm: qubes-yum-proxy service (#568) 
Introduce proxy service, which allow only http(s) traffic to yum repos. The
filter rules are based on URL regexp, so it isn't full-featured content
inspection and can be easy bypassed, but should be enough to prevent some
erroneus user actions (like clicking on invalid link).

It is set up to intercept connections to 10.137.255.254:8082, so VM can connect
to this IP regardless of VM in which proxy is running. By default it is
started in every NetVM, but this can be changed using qvm-service or
qubes-manager (as always).
 2012-05-31 03:11:43 +02:00
Marek Marczykowski
aba5ce6048 vm/systemd: generate opts for GUI based on debug-mode (#567) 2012-05-22 16:50:25 +02:00
Marek Marczykowski
76847de0f2 vm: do not override /etc/hosts, just add VMNAME to 127.0.0.1 2012-05-08 23:43:57 +02:00
Marek Marczykowski
873ca589fe Merge branch 'master' of ssh://git.qubes-os.org/var/lib/qubes/git/joanna/core 2012-05-08 23:22:29 +02:00
Joanna Rutkowska
667d85a5f8 vm: Add localhost alias to /etc/hosts 
... or otherwise, some programs will hang for many secconds trying to resolve localhost.
 2012-05-08 18:30:27 +02:00
Marek Marczykowski
bd8977c824 vm: notify dom0 when updates available in VM (#475) 2012-05-02 00:09:00 +02:00
Marek Marczykowski
a1ae0bba89 vm/init: Use the same default services for TemplateVM as for AppVM (#503) 
Actually it already was done in traditional init.d script, so do the same in
systemd version.
 2012-03-28 00:49:18 +02:00
Marek Marczykowski
e0660cfd69 vm/systemd: wait for evtchn initialization before first xenstore-read 2012-01-30 14:22:58 +01:00
Marek Marczykowski
f55fe8a118 dom0/vm: set VM timezone same as in dom0 - on VM boot (#413) 2012-01-18 16:59:58 +01:00
Marek Marczykowski
1ca4a280bc vm: enable cups by default 2012-01-18 12:14:32 +01:00
Marek Marczykowski
5e0cde15de vm/init: introduce SystemD startup scripts 2012-01-10 12:10:16 +01:00