Commit Graph

2723 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
3af55c5cb3
qrexec: use PAM directly instead of calling su to setup the session
Instead of calling 'su' to switch the user, use own implementation of
this. Thanks to PAM it's pretty simple. The main reason is to have
control over process waiting for session termination (to call
pam_close_sesion/pam_end). Especially we don't want it to keep std* fds
open, which would prevent qrexec-agent from receiving EOF when one of
them will be closed.
Also, this will preserve QREXEC_AGENT_PID environment variable.

Fixes QubesOS/qubes-issues#2851
2017-07-05 02:17:43 +02:00
Vincent Penquerc'h
f49042211b
core-agent-linux: misc const fixups
(cherry picked from commit 475421b2e2)
Apparently some of this commit got reverted during cleanup before
Qubes 3.0 release.
2017-07-05 01:18:07 +02:00
Marek Marczykowski-Górecki
68d98179f0
Do not load 'dummy-hcd' kernel module
It isn't really needed. It was used to workaround libusb bug (causing
crash when the system does not have any USB controller), but since we
use HVM now which do have some USB controllers it isn't needed anymore.

Also, it is not available in stock Fedora kernels.
2017-07-05 00:20:57 +02:00
Marek Marczykowski-Górecki
6c34571b66
Merge remote-tracking branch 'qubesos/pr/46'
* qubesos/pr/46:
  Enable build for Zesty
2017-07-04 13:39:06 +02:00
Marek Marczykowski-Górecki
99c5815baf
version 4.0.2 2017-06-24 02:19:15 +02:00
Marek Marczykowski-Górecki
6bddcfcb52
qrexec: do not shutdown stdout socket inherited from parent
When qrexec-client-vm is started with socket on its stdout and no local
process requested, it will try to shutdown(SHUT_WR) this socket when
remote process exists. This is wrong, because this socket may be still
needed by other processes (for example shell from where qrexec-client-vm
was called).
In such a case, simple close() should be used.
2017-06-21 11:21:41 +02:00
Marek Marczykowski-Górecki
ea0cd0fdc3
qrexec: fix reporting exit code in qrexec-client-vm
1. If local process is started, report its exit code, instaed of remote
one. To get remote exit code, simply start qrexec-client-vm without
third argument (and connect its stdin/stdout with the other process some
other way).

2. Report process terminated by signal.
Don't pretend that process terminated by signal finished successfuly.
Copy shell behaviour of reporting it as 128+signum.

3. Do not wait() for any child process, just the one we expect. In case
of qrexec-client-vm the child process is started differently and
wait()ing on it inside main loop would break its exit code reporting.

Fixes QubesOS/qubes-issues#2861
2017-06-21 11:21:40 +02:00
Marek Marczykowski-Górecki
d2aa21625c
qrexec: exit with code 126 when service request was refused
Exit code 1 is very common in all kind of programs, including qrexec
services, so it is hard to distinguish remote failure from service call
refusal. Use something from top of the range here (but not 127, as it is
commonly used to report "Command not found")

QubesOS/qubes-issues#2861
2017-06-21 11:21:40 +02:00
Marek Marczykowski-Górecki
ff26dcfe53
Add qrexec-client-vm man page
This clarifies and also defines some corner cases like exit code
reporting.

QubesOS/qubes-issues#2861
2017-06-21 11:21:40 +02:00
Marek Marczykowski-Górecki
cfbd50a936
debian: install man pages
Man pages were installed only in RPM package...
2017-06-21 11:21:40 +02:00
Marek Marczykowski-Górecki
2b9d49f960
Update grub configuration
This configuration isn't included twice - it's Debian post-installation
script of grub that copy settings to /etc/default/grub, which results in
parameters being duplicated. Leave it as is for now.

Add GRUB_TIMEOUT=0 for faster VM startup.

QubesOS/qubes-issues#2577
2017-06-21 07:04:26 +02:00
Marek Marczykowski-Górecki
f4be704ac0
Ship Qubes 4.0 repository definition and keys 2017-06-14 10:45:43 +02:00
Marek Marczykowski-Górecki
2a117548b6
Ship grub configuration
Qubes VM require few config options in grub. Ship appropriate
configuration. Debian have grub.d support, so it can be done cleanly.
On Fedora, /etc/default/grub needs to be modified. Still keep the
options in separate file, but include it manually from
/etc/default/grub.

QubesOS/qubes-issues#2577
2017-06-14 10:45:43 +02:00
Marek Marczykowski-Górecki
bc453d8cd7
version 4.0.1 2017-06-11 00:02:49 +02:00
Marek Marczykowski-Górecki
67f8e9e985
rpm,deb: fix dependencies
1. Cannot Recommend: nftables, as Debian jessie doesn't have it.
2. gsettings tool is in glib, not dconf
2017-06-10 23:15:22 +02:00
Marek Marczykowski-Górecki
7da4ed7d64
Switch qubes.UpdatesProxy to socat
- there are many netcat versions (openbsd, nmap, ...), which behave
 differently - especially while handling EOF
 - Debian jessie doesn't have nmap-ncat (which handle EOFs sufficiently
   good)

QubesOS/qubes-issues#1854
2017-06-10 23:11:01 +02:00
Marek Marczykowski-Górecki
9270fc589b
version 4.0.0 2017-06-09 23:30:10 +02:00
Marek Marczykowski-Górecki
ce63d31a2e
Make all scripts in qubes-rpc executable
Don't rely on legacy feature of interpreting non-executable files as
scripts there.
2017-06-09 23:09:58 +02:00
Marek Marczykowski-Górecki
422f03e9ac
Add qubes.VMRootShell service
It is the same as qubes.VMShell - the actual difference is in qrexec
policy, which contains 'user=root' option.

QubesOS/qubes-issues#2572
2017-06-09 23:06:09 +02:00
Marek Marczykowski-Górecki
0bee339ffb
Cleanup kernel modules loading configuration
qubes-core-agent itself do not use u2mfn module.
2017-06-08 22:11:38 +02:00
Marek Marczykowski-Górecki
a06b5b4d61
debian: drop explicit dependency on sudo
qubes-core-agent itself do not require sudo to work.

QubesOS/qubes-issues#2572
2017-06-08 22:11:37 +02:00
Marek Marczykowski-Górecki
000a93e001
rpm,deb: split qrexec-agent into separate subpackage
While it doesn't make sense to install qubes-core-agent without qrexec,
it may make sense to do the otherway around - install just
qrexec-agent without all the qrexec services and configuration. For
example on some pre-installed system.

QubesOS/qubes-issues#2771
2017-06-08 22:11:37 +02:00
Marek Marczykowski-Górecki
2337d26a3e
debian: update basic metadata of package 2017-06-08 22:11:37 +02:00
Marek Marczykowski-Górecki
58d21f095f
Remove old vusb scripts
This is unused for a long time (since we've moved to USBIP).
2017-06-08 22:11:37 +02:00
Marek Marczykowski-Górecki
32915fe126
deb,rpm: split passwordless root access configs into separate package
Make passwordless root access optional - ease integration qrexec
authorization for sudo.

QubesOS/qubes-issues#2695
2017-06-08 22:11:36 +02:00
Marek Marczykowski-Górecki
22002a34f3
Do not report spurious failure of qubes.WaitForSession service
It is expected to be killed by a signal. Exit with returncode 0 anyway.
While at it, adjust it for current service format (executable, with
proper shebang).
2017-06-08 22:11:36 +02:00
Marek Marczykowski-Górecki
8af88d5e3a
rpm: drop dependency on desktop-notification-daemon
It should really be in template builder script, or better: meta-package.

QubesOS/qubes-issues#2572
2017-06-08 22:11:35 +02:00
Marek Marczykowski-Górecki
db066888e1
Adjust dependencies for clean upgrade
When a file is moved to other package, the new package needs Replaces:
and Breaks: dependecies on old package. Otherwise dpkg will refuse to
change file ownership.

QubesOS/qubes-issues#2771
2017-06-08 22:11:35 +02:00
Marek Marczykowski-Górecki
c8e2c69145
rpm: integrate documentation into main package
QubesOS/qubes-issues#2771
2017-06-08 22:11:35 +02:00
Marek Marczykowski-Górecki
7e608a8bb4
Remove DisposableVM savefile related files
In Qubes 4.0 we no longer use two-stage DisposableVM startup.
2017-06-08 22:11:35 +02:00
Marek Marczykowski-Górecki
3e7a45b4ac
Split network-related files to -networking and -network-manager packages
This will save a lot of dependencies if networking is not needed in VMs
based on given template. Thanks to updates proxy over qrexec, template
itself do not need to have network configured too.

QubesOS/qubes-issues#2771
2017-06-08 22:11:34 +02:00
Marek Marczykowski-Górecki
3940918c61
rpm: make file list more verbose to ease splitting the package
QubesOS/qubes-issues#2771
2017-06-07 10:15:27 +02:00
Marek Marczykowski-Górecki
72b9f389b2
Split dom0-updates handling into subpackage
In Fedora it makes little sense, but in Debian it allows to avoid a lot
of dependencies. So split in both, to keep it simple.

QubesOS/qubes-issues#2771
2017-06-07 10:15:26 +02:00
Marek Marczykowski-Górecki
f9fd7a1673
Rename qubes-nautilus to qubes-core-agent-nautilus
Again, this will make it easier to reason about package origin.

QubesOS/qubes-issues#2771
2017-06-07 10:15:26 +02:00
Marek Marczykowski-Górecki
029d207311
rpm: rename qubes-core-vm to qubes-core-agent
Rename it to match repository name and the same package in Debian.

QubesOS/qubes-issues#2771
2017-06-07 10:15:21 +02:00
Marek Marczykowski-Górecki
4514500ee6
Fix detection of PCI passthrough
Do not enable meminfo-writer (and in consequence qmemman) for the VM if
any real PCI device is present. Do not count qemu-emulated devices.
2017-05-26 05:25:30 +02:00
Marek Marczykowski-Górecki
8694931665
Implement qubes.PostInstall service
This is meant to notify dom0 about features supported by just-installed
template. This service is called by dom0 just after template
installation.

Fixes QubesOS/qubes-issues#1637
Documentation pending: QubesOS/qubes-issues#2829
2017-05-26 05:25:30 +02:00
Marek Marczykowski-Górecki
b49ae50ad5
Implement qrexec-based connection to updates proxy
Configure package manager to use 127.0.0.1:8082 as proxy instead of
"magic" IP intercepted later. The listen on this port and whenever
new connection arrives, spawn qubes.UpdatesProxy service call (to
default target domain - subject to configuration in dom0) and connect
its stdin/out to the local TCP connection. This part use systemd.socket
unit in case of systemd, and ncat --exec otherwise.

On the other end - in target domain - simply pass stdin/out to updates
proxy (tinyproxy) running locally.

It's important to _not_ configure the same VM to both be updates proxy and
use it. In practice such configuration makes little sense - if VM can
access network (which is required to run updates proxy), package manager
can use it directly. Even if this network access is through some
VPN/Tor. If a single VM would be configured as both proxy provider and
proxy user, connection would loop back to itself. Because of this, proxy
connection redirection (to qrexec service) is disabled when the same VM
also run updates proxy.

Fixes QubesOS/qubes-issues#1854
2017-05-26 05:25:29 +02:00
unman
b445ebce50
Enable build for Zesty 2017-05-23 23:59:41 +01:00
Marek Marczykowski-Górecki
f9d6ff89bc
Rename qvm-run to qvm-run-vm
Avoid conflict with qvm-run from qubes-core-admin-client package.
2017-05-23 02:55:31 +02:00
Marek Marczykowski-Górecki
34fa6e7ced
debian: make haveged.service patch less intrusive...
...but installed on all Debian versions. This is mostly required by
vebose file list in debian/qubes-core-agent.install. But also make it
use new options when upstream will set them.

QubesOS/qubes-issues#2161
2017-05-22 17:30:06 +02:00
Marek Marczykowski-Górecki
8e505c5b0e
debian: add missing Build-Depends: python-setuptools 2017-05-22 17:06:02 +02:00
Marek Marczykowski-Górecki
42bc93d8fd
Revert "fedora,debian: update python3-daemon dependency"
This reverts commit 7d8218a1d4.
Follow revert "firewall: switch to python 3"
2017-05-21 02:01:59 +02:00
Marek Marczykowski-Górecki
33da315e17
Revert "firewall: switch to python 3"
This reverts commit 5dfcf06ef4.

python3-daemon isn't widespread enough yet - for Debian jessie available
only in packports.

In addition to the revert itself, adjust packaging for this change
(mostly for Debian).
2017-05-21 02:01:47 +02:00
Marek Marczykowski-Górecki
5047fd9288
debian,fedora: split nautilus integration into separate package
This will allow to avoid a lot of dependencies on minimal template.

QubesOS/qubes-issues#2816
QubesOS/qubes-issues#2771
2017-05-21 01:52:23 +02:00
Marek Marczykowski-Górecki
36fa978a0e
debian: fix qubes-firewall python packaging, make it more verbose
Add --install-layout=deb option to setup.py, so files will not land in
/usr/local.
Also, explicitly list packaged files - make it easier to split the
package later.
2017-05-21 01:47:59 +02:00
Marek Marczykowski-Górecki
6de6a3dff6
travis: update to Qubes 4.0 repositories 2017-05-20 16:04:35 +02:00
Marek Marczykowski-Górecki
89183e9944
Ask for target VM for file-copy in dom0
This way:
 - VM prompt do know VM list, the list may be filtered based on policy
 - source VM don't learn name of target VM

Fixes QubesOS/qubes-issues#910
2017-05-20 15:53:03 +02:00
Marek Marczykowski-Górecki
2b76373abc
Remove duplicated 'close' button from titlebar of gnome applications
Dom0 enforce decorations which already contain close button.

Thanks @dzklaim for the solution.
Fixes QubesOS/qubes-issues#2813
2017-05-20 14:44:04 +02:00
Marek Marczykowski-Górecki
7d8218a1d4
fedora,debian: update python3-daemon dependency
qubes-firewall script now use python3.
2017-05-20 14:44:04 +02:00