- Symlink the other three tools to qvm-copy-to-vm.gnome, use the same
code where possible, and select differing behavior based on invoked
name (like the CLI tools). This brings qvm-move-to-vm.kde up to date
for R4.0 (bugfix on 89183e9).
- Get rid of a window focus race between zenity/kdialog and the
qubes.Filecopy dom0 permission dialog: Only launch the GUI after the
first line has been read from qfile-agent.
- Avoid visual glitches (e.g. for a non-existing file) by special-casing
a no-op progress function for $SIZE == 0.
- Pass -- separator between 'rm -rf' and the files to be removed, in
case someone or something ever invokes the tool on relative file names
starting with a dash.
- Pass -b (implies --apparent-size) and -s to du, to simplify percentage
calculation and to avoid unnecessary output.
The qvm-{copy,move}-to-vm.{gnome,kde} cancel buttons didn't actually
cancel, because qfile-agent ignored EPIPE and - via qfile_pack_init() -
SIGPIPE. So it never noticed when the local PROGRESS_TYPE=gui reader had
shut down.
for qvm-move
Added more descriptive usage text to the
qvm-copy/qvm-move/qvm-copy-to-vm/qvm-move-to-vm family of tools.
Also fixed bug that removed the file being moved for qvm-move-to-vm,
but not for qvm-move.
fixesQubesOS/qubes-issues#3529fixesQubesOS/qubes-issues#4020
As described in QubesOS/qubes-issues#3758, a VM may fail to start
if the volume is large. This because the whole volume is read to
ensure it's empty (=all zeros).
This changes limits the check to the first 1 GiB of the private
volume. As additional safety, a scan with blkid is done.
Fixes https://github.com/QubesOS/qubes-issues/issues/3758
Make sure that qubesdb is configured (including service start) before
executing postinst of qubes-core-agent package, which will communicate
with qubesdb service.
FixesQubesOS/qubes-issues#3951
* view-only:
Add file managers integration for qvm-open-in-dvm --view-only
qvm-open-in-vm: mark file as read-only if opened with --view-only
qvm-open-in-vm: implement --view-only option
qubes-rpc: fix code style - indent with spaces
This will cause most applications to disallow changing the file and also
add some visual indication about the view being read only. This will
avoid making the changes that would be discarded later.
QubesOS/qubes-issues#1118
Implement option to disallow (ignore in fact) modifications of file
opened in another VM (including DispVM).
This commit implements actual services part and handling in wrapping scripts.
FixesQubesOS/qubes-issues#1118
I've run into an issue with incorrectly generated rules for IPv6. I
added some debugging code printing the generated rules and the
resulting error (see below). Turns out "reject with" expects icmpv6
rather than icmp6.
--- generated rule ---
flush chain ip6 qubes-firewall qbs-fd09-24ef-4179--a89-15
table ip6 qubes-firewall {
chain qbs-fd09-24ef-4179--a89-15 {
ip6 daddr fc00::/8 reject with icmp6 type admin-prohibited
ip6 daddr fd00::/8 reject with icmp6 type admin-prohibited
ip6 daddr fe80::/10 reject with icmp6 type admin-prohibited
accept
reject with icmp6 type admin-prohibited
}
}
--- output ---
/dev/stdin:4:36-40: Error: syntax error, unexpected string, expecting icmp or icmpv6 or tcp or icmpx
^^^^^
/dev/stdin:5:36-40: Error: syntax error, unexpected string, expecting icmp or icmpv6 or tcp or icmpx
^^^^^
/dev/stdin:6:37-41: Error: syntax error, unexpected string, expecting icmp or icmpv6 or tcp or icmpx
^^^^^
/dev/stdin:8:17-21: Error: syntax error, unexpected string, expecting icmp or icmpv6 or tcp or icmpx
^^^^^
qubes-firewall service is meant as mistakes mitigation, not a
high-volume external network filter. Providing feedback (ICMP
admin-prohibited error packet) to the VM reduces timeouts and give
immediate connection failure. This is especially useful when some
website tries to load unwanted (not whitelisted) 3rd party elements -
providing error response avoids long site loading time.
FixesQubesOS/qubes-issues#3607
Some applications complains if compiled version of dconf database is
missing ("dconf-WARNING **: unable to open file '/etc/dconf/db/local':
Failed to open file '/etc/dconf/db/local': open() failed: No such file
or directory; expect degraded performance").
There is only one entry in that database, but generate its binary
version anyway to avoid that warning message.
The dconf call is already included in package scripts, now only make
sure the utility is really installed.
QubesOS/qubes-issues#1951
The /etc/dconf/profile/user file in some distributions is part of dconf
package, in some not. There are even cases where it changes between
package versions (Fedora 27 don't have it, but Fedora 28 do).
Also, base Debian Stretch don't have it, but Kali Linux based on it do.
To avoid overly complex dependency handling, create the file dynamically
on package installation if it's missing in that particular case. The
file content is canonical:
user-db:user
system-db:local
FixesQubesOS/qubes-issues#3834
- BACKEND_VMM may not be available as env variable (mock build), provide
it explicitly
- 'user' group may not exists at package build time, set it at package
installation
