Commit Graph

193 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
7fa4115aba
Refactor qubes.InstallUpdatesGUI to reduce code duplication
QubesOS/qubes-issues#2431
2016-11-12 22:21:42 +01:00
Manuel Amador (Rudd-O)
59aec8e5eb Clean up early initialization and setup of /rw 2016-10-23 20:19:51 +00:00
Marek Marczykowski-Górecki
b50cba3f2c
Add qubes.ResizeDisk service to adjust filesystem size
Do this using qubes rpc service, instead of calling resize2fs directly
by dom0.
2016-08-17 21:47:22 +02:00
Marek Marczykowski-Górecki
be2c9313a4
Merge remote-tracking branch 'qubesos/pr/15'
* qubesos/pr/15:
  Fall back to gnome utilities if kdialog not present

Fixes QubesOS/qubes-issue#1429
2016-06-01 22:56:24 +02:00
Marek Marczykowski-Górecki
520894e623
Prefer 'dnf' over 'yum' for template update
QubesOS/qubes-issues#1282
2016-06-01 05:10:40 +02:00
unman
8471605e6d Fall back to gnome utilities if kdialog not present 2016-06-01 02:55:25 +01:00
Marek Marczykowski-Górecki
19921274e1
Implement qubes.OpenURL service instead of wrapping URLs in HTML
This have many advantages:
 - prevent XSS (QubesOS/qubes-issues#1462)
 - use default browser instead of default HTML viewer
 - better qrexec policy control
 - easier to control where are opened files vs URLs

For now allow only http(s):// and ftp:// addresses (especially prevent
file://). But this list can be easily extended.

QubesOS/qubes-issues#1462
Fixes QubesOS/qubes-issues#1487
2016-05-18 01:32:54 +02:00
Marek Marczykowski-Górecki
ff2678d2f5
qvm-open-in-vm: escape URL when wrapping it in HTML
Thanks @v6ak for the report and solution.

Fixes QubesOS/qubes-issues#1462
2016-05-17 22:06:41 +02:00
Patrick Schleizer
69780ef762 fixed sh syntax error
https://forums.whonix.org/t/qvm-run-fails-in-whonix-vms

Thanks to entr0py for the bug report!
2016-05-01 14:03:21 +02:00
Marek Marczykowski-Górecki
4d015432ce
Remove obsolete policy files
Qrexec policy is really stored in core-admin repo.
2016-04-27 19:32:00 +02:00
Marek Marczykowski-Górecki
7b5f2b77d1
qubes-rpc: fix SVG icon scaling
rsvg-convert doesn't scale the image. Do it with convert, only when
really needed. Don't upscale the icon after converting to raster
version.

Fixes QubesOS/qubes-issues#1884
2016-03-29 17:25:31 +02:00
Rusty Bird
428d8f09bf
Remove exec in last line of qvm-copy-to-vm 2016-03-21 11:51:29 +00:00
Marek Marczykowski-Górecki
7301a898a1
qubes.SuspendPreAll and qubes.SuspendPostAll services
Those services are called just before/after host suspend.

Thanks @adrelanos for help.
Fixes QubesOS/qubes-issues#1663
2016-03-15 23:33:11 +01:00
Marek Marczykowski-Górecki
f7d7c6125e
Merge remote-tracking branch 'qubesos/pr/11'
* qubesos/pr/11:
  Properly handle case of empty domain name.
  Use proper quoting around variables.
  Move usage information printing to separate function, and print usage to stderr; also added some spacing.
  Use proper space-expanded tabs, as per the coding guidelines.
2016-03-14 16:19:28 +01:00
Marek Marczykowski-Górecki
d4b637e29d
Merge remote-tracking branch 'qubesos/pr/10'
* qubesos/pr/10:
  Use && in qvm-move-to-vm
  qvm-move-to-vm: Use '--' before file arguments
  qvm-move-to-vm: Remove duplicated code
2016-03-14 16:18:41 +01:00
Marek Marczykowski-Górecki
7c45985331
qrexec: hide timing debug messages in vm-file-editor
Those are currently barely useful, since starting the application isn't
the biggest bottleneck of DispVM. And since stderr is now visible on
qvm-open-in-dvm output, not scare the user with it.
2016-03-05 12:51:07 +01:00
Andrew
bc73cf1fe3 Properly handle case of empty domain name. 2016-02-19 18:19:59 +01:00
Andrew
561f588d1d Use proper quoting around variables. 2016-02-19 18:19:02 +01:00
Andrew
17d274ef48 Move usage information printing to separate function, and print usage to stderr; also added some spacing. 2016-02-19 18:17:40 +01:00
Andrew
63f3392ff5 Use proper space-expanded tabs, as per the coding guidelines. 2016-02-19 16:54:25 +01:00
Rusty Bird
c730340039
Use && in qvm-move-to-vm
&& is safer in case qvm-*copy*-to-vm is ever changed to call 'set +e'.
2016-02-16 08:34:06 +00:00
Rusty Bird
160b05756b
qvm-move-to-vm: Use '--' before file arguments 2016-02-13 15:22:35 +00:00
Rusty Bird
3f600d03fa
qvm-move-to-vm: Remove duplicated code 2016-02-13 15:22:34 +00:00
Marek Marczykowski-Górecki
a8d609704a
Merge remote-tracking branch 'origin/pr/61'
* origin/pr/61:
  update-proxy: use curl instead of wget in archlinux in order to limit additional dependencies
  archlinux: properly add qubes markers in pacman.conf
  archlinux: add Qubes Markers in pacman.conf so that changes done by qubes scripts are not inserted at the end of pacman.conf
  implement update proxy support for archlinux
  archlinux: add gcc and make as make dependencies
  update qubes.InstallUpdateGUI to support archlinux
2016-02-02 23:29:28 +01:00
Marek Marczykowski-Górecki
dca5265958
qubes-open: switch from mimeopen to xdg-open
xdg-open is more robust in choosing default application for particular
file type: it supports fallback if the preferred application isn't
working, and most importantly it support system-wide defaults
(/usr/share/applications/defaults.list,
 /usr/share/applications/mimeapps.list), so no "random" application is
chosen.

By default xdg-open tries to use environment-specific tool, like
gvfs-open - which isn't good for us, because many such tools do not wait
for editor/viewer termination. That would mean that DisposableVM would
be destroyed just after opening the file.
To avoid such effect, we set DE=generic.

Fixes QubesOS/qubes-issues#1621
2016-02-02 03:28:34 +01:00
Marek Marczykowski-Górecki
0211ea5d1d
Move opening file viewer/editor into separate shell script
No functional change.

This will make it easier to switch the tool (without recompiling
vm-file-editor), or even use differrent tools depending on some
conditions.

QubesOS/qubes-issues#1621
2016-02-01 12:17:15 +01:00
adrianx64
d3966b0f6c Proposed solution for issue #1657
qvm-sync-appmenus fails when a shortcut have spaces in the file name #1657
2016-01-18 23:02:30 -06:00
Olivier MEDOC
b06c29c6dc update qubes.InstallUpdateGUI to support archlinux 2016-01-16 11:52:49 +01:00
Marek Marczykowski-Górecki
cb5c457fba
Do not try to signal NetworkManager before suspend if it isn't running
Sending dbus calls to a service which isn't running _and is blocked to
not be started_ would result in timeout, which would delay the whole
system suspend.

Fixes QubesOS/qubes-issues#1419
2016-01-11 19:40:32 +01:00
Marek Marczykowski-Górecki
0e062ff31e
Fix time sync service
It is expected to not output anything on stdout. Especially remote end
may be already terminated, so writing there would result in EPIPE.

Fixes QubesOS/qubes-issues#1592
2016-01-07 05:06:39 +01:00
Marek Marczykowski-Górecki
169c389339
open-in-vm: Fix path to mimeinfo database
There was missing "/mime" in entry for user home.

QubesOS/qubes-issues#1490
2015-12-05 13:49:25 +01:00
Marek Marczykowski-Górecki
5157d9822e
backup: Use 'type' instead of 'which' to prevent unnecessary dependency
This fixes using minimal-template based VMs to store/retrieve backup.
2015-11-27 12:31:33 +01:00
Marek Marczykowski-Górecki
f0de6c5b16
Implement qubes.InstallUpdatesGUI qrexec service
It should be up to the VM what GUI tool is used for installing updates.
For now stick with console tools in xterm...

Fixes QubesOS/qubes-issues#1249
2015-11-13 05:32:44 +01:00
Marek Marczykowski-Górecki
e2ab963a27
Minor improvements to packaging (based on rpmlint)
There is much more to fix, but lets start with low hanging fruits.
2015-11-11 15:19:43 +01:00
yaqu
c63a9f6566
Replacing "sleep 365d" with "sleep inf"
To get endless sleep, `sleep inf` (or `sleep infinity`) can be used
instead of `sleep 365d`. Coreutils' sleep accepts any floating-point
number as an argument, which may be 'infinity', according to
`man strtod`.
2015-11-03 14:00:00 +01:00
Marek Marczykowski-Górecki
5774c7872c
qfile-agent: move data handling code to libqubes-rpc-filecopy
This makes the qfile packing code reusable, for example for some dom0
tool. Now qfile-agent.c is only an interface for underlying library.

QubesOS/qubes-issues#1324
2015-11-03 03:42:24 +01:00
Marek Marczykowski-Górecki
7bc6422f53
appmenus: ignore entries with NoDisplay=true
According to Desktop Entry Specification:
NoDisplay means "this application exists, but don't display it in the
menus". This can be useful to e.g. associate this application with MIME
types, so that it gets launched from a file manager (or other apps),
without having a menu entry for it (there are tons of good reasons
for this, including e.g. the netscape -remote, or kfmclient openURL kind
of stuff).

Apparently over half of desktop files in default Fedora template have
NoDisplay=true...

Fixes QubesOS/qubes-issues#1348
2015-11-03 00:48:26 +01:00
Marek Marczykowski-Górecki
8f99cb5759
Merge remote-tracking branch 'qubesos/pr/5'
* qubesos/pr/5:
  qfile-unpacker: Avoid data loss by checking for child errors

Fixes QubesOS/qubes-issues#1355
2015-11-02 21:27:02 +01:00
Marek Marczykowski-Górecki
b38ea60f00
backup: improve exit code reporting
Return some meaningful error code. Unfortunately the more meaningful
option (retrieving process exit code) can lead to false errors
(described in comment), but at least report exit code of tar2qfile.
2015-11-02 03:10:22 +01:00
Marek Marczykowski-Górecki
c704c35cd8
backup: fix handling backup filename with spaces
Fixes QubesOS/qubes-issues#1371
2015-11-02 02:53:12 +01:00
Rusty Bird
4027decbaa
qfile-unpacker: Avoid data loss by checking for child errors
When qfile-unpacker's child encountered an error, it would display an
error message and exit(1), but the parent didn't inspect its status and
exited successfully.

That was unfortunate for qvm-move-to-vm: Even if the destination VM e.g.
didn't have enough free disk space, the RPC call would claim to succeed
anyway, so the file would be deleted from the source VM.
2015-10-30 09:23:45 +00:00
Patrick Schleizer
2eb0ed2be1
removed trailing spaces 2015-10-15 04:34:55 +02:00
Marek Marczykowski-Górecki
03f6ddc41a
Adjust progress message on file move operation
Fixes QubesOS/qubes-issues#1269
2015-10-05 06:02:37 +02:00
qubesuser
7f9fdc8327 qubes-rpc: fix icon selection using pyxdg and support SVG icons 2015-09-06 22:02:27 +02:00
qubesuser
20dd5d2d1a qubes-rpc: fix broken temporary file deletion in qubes.GetImageRGBA 2015-09-06 22:02:27 +02:00
Marek Marczykowski-Górecki
6c288d0ac2 appmenus: hide message about missing /usr/local/share/applications
Debian template doesn't have this directory by default.
2015-05-11 22:06:03 +02:00
Marek Marczykowski-Górecki
58da94acad Add support for comments in qubes-suspend-module-blacklist 2015-03-18 00:30:57 +01:00
Marek Marczykowski-Górecki
0d7a0e1beb qrexec: get rid of shell in services using EOF for any signaling
Additional running shell could prevent EOF from being detected.
2015-03-17 14:51:10 +01:00
Jason Mehring
6836420c3c
Removed nautilus-actions depend and replaced with nautilus-python
nautilus-actions was orphaned in fc21, so all nautilus context menus have
been re-written as nautilus-python extensions
2015-02-27 00:52:17 -05:00
Jason Mehring
53fc7955f9
Switched qvm-move-to-vm.{gnome,kde} scripts to use bash not sh
Both these scripts contain `pipefail` which is a bash option and will
fail in dash
2015-02-27 00:47:33 -05:00
Marek Marczykowski-Górecki
fda293f09a Fix "backup: fix qubes.Restore service - do not send garbage as backup data" 2015-02-22 14:36:11 +01:00
Marek Marczykowski-Górecki
b560596f1b backup: fix qubes.Restore service - do not send garbage as backup data
Do not send 'which' command output to stdout, as it will mess real
backup data.
This fixes regression introduced by this commit:
commit dad5bfbd18
Author: HW42 <hw42@ipsumj.de>
Date:   Thu Feb 5 03:14:41 2015 +0100

    remove 'bashisms' or explicit use bash
2015-02-18 22:37:36 +01:00
Matt McCutchen
b37d391f91 Make qvm-run bidirectional and document its limitations. 2015-02-09 06:37:32 +01:00
HW42
dad5bfbd18 remove 'bashisms' or explicit use bash 2015-02-05 05:42:08 +01:00
Marek Marczykowski-Górecki
9f51c82666 filecopy: fallback to "open(..., 000)" method when /proc inaccessible
/proc is needed to link files opened with O_TMPFILE to the filesystem.
If not available, fallback to using permissions to block file access,
instead of failing the whole file copy.
2015-01-30 00:48:56 +01:00
HW42
13bca3d05f don't ignore asprintf() return value 2015-01-30 00:45:05 +01:00
Marek Marczykowski-Górecki
efc7d4d1f2 filecopy: prevent files/dirs movement outside incoming directory during transfer
Otherwise, when the user moves directory, which is still in transfer,
somewhere else, it could allow malicious source domain to escape chroot
and place a file in arbitrary location.

It looks like bind mount is just enough - simple rename fails with
EXDEV, so tools are forced to perform copy+delete, which is enough to
keep unpacker process away from new file location.

One inconvenient detail is that we must clean the mount after transfer
finishes, so root perms cannot be dropped completely. We keep separate
process for only that reason.
2015-01-30 00:45:04 +01:00
Marek Marczykowski-Górecki
e0d2424d5e suspend: do not disable network frontend devices 2014-10-27 15:07:06 +01:00
Marek Marczykowski-Górecki
0613a58961 Improve handling of .desktop files
Instead of directly using Exec= line, parse the file (at the launch
time) with Gio library. The main reason for this change is to handle
Terminal= option, but generally this approach should be more
bulletproof, especially when some fancy options are present in desktop
files.
2014-10-27 12:25:45 +01:00
Marek Marczykowski-Górecki
7339dd1ece Introduce qubes.SetDateTime service for time synchronization
It would be called by qvm-sync-clock instead of 'date' directly. This
gives a lot of flexibility - VM can control whether it want to sync time
this way. For now slight corrections (+-2sec) are ignored to not cause
problems by frequent time changes. But it can be easily extended to
refuse time sync when some other mechanism is used.
2014-10-01 05:40:23 +02:00
Marek Marczykowski-Górecki
64e8eedcb0 qrexec: check for setuid() error when calling zenity/kdialog
Mostly to mute compiler warning - only emit log message but still
continue.
2014-09-29 21:05:32 +02:00
Marek Marczykowski-Górecki
4bd9971006 gui-fatal: do not run as root
GTK+ refuses to initialize.
2014-09-20 01:20:11 +02:00
Marek Marczykowski-Górecki
84957e78da Add --dispvm to qvm-run documentation 2014-05-25 00:54:55 +02:00
Vincent Penquerc'h
b21ee1fc42 vm-file-editor: remove temporary file on exit
This allows editing the same file more than once on the
same (non disposable) VM, as well as keeping /tmp from
ballooning indefinitely.
2014-05-10 12:42:13 +02:00
Marek Marczykowski-Górecki
969122cf4f suspend: fix dbus-send invocation 2014-05-01 01:10:57 +02:00
Marek Marczykowski-Górecki
bd6ba19407 Enable compiler optimization. 2014-04-22 00:57:36 +02:00
Marek Marczykowski-Górecki
8018b9d3ee Fix compiler warnings.
Mostly harmless cases of warn_unused_result.
2014-04-22 00:56:52 +02:00
Marek Marczykowski-Górecki
fe64539789 Implement "Move to VM" action (#725) 2014-03-24 05:19:16 +01:00
Marek Marczykowski-Górecki
0d3ed747b4 suspend-prepare: call NM D-Bus interface directly
nmcli doesn't seem to have stable API, especially "nmcli nm sleep"
doesn't work anymore in Fedora 20.
2014-02-21 18:42:12 +01:00
Marek Marczykowski-Górecki
c632f0d067 Add -Wextra -Werror to all C code 2014-02-16 11:34:22 +01:00
Marek Marczykowski-Górecki
3cc9d0f329 Merge branch 'appicons'
Conflicts:
	rpm_spec/core-vm.spec
2014-02-07 05:50:07 +01:00
Marek Marczykowski-Górecki
c0c914faab Merge remote-tracking branch 'woju/master' into appicons 2014-02-07 05:48:18 +01:00
Marek Marczykowski-Górecki
75b1e24bab qubes-rpc, qrexec: register callbacks for qrexec-lib
Now qrexec-lib do not use exported symbols of particular names, but
explicitly registered callbacks.
2014-02-07 05:36:15 +01:00
Marek Marczykowski-Górecki
7953af970d backups: fix buffer overflow in tar2qfile
Buffer for directory headers history was too small. This can be
exploitable by some attacker capable of controlling backup stream, but
it isn't any security problem. We don't assume this part of backup
system to be trusted, the attacker can at most prevent user from
restoring some data, but will neither gain access to them, or compromise
any other Qubes component. This is equivalent to bug in any other tool
used in backup vm (like FTP client) and the Qubes backup system is
designed specifically to minimize impact of such bugs.
2014-02-05 15:16:42 +01:00
Wojciech Zygmunt Porczyk
27632a0b3b qubes.GetImageRGBA: bugfixes
- when icon is not found in hicolor theme, search for in in other themes
- added -follow to find
2014-02-04 00:36:30 +01:00
Marek Marczykowski-Górecki
39eca94200 backups: fix timestamp in backup filename (once again...) 2014-02-02 13:36:59 +01:00
Marek Marczykowski-Górecki
1e291bbdc6 backups: fix timestamp in backup filename (once again...) 2014-02-02 12:17:43 +01:00
Marek Marczykowski-Górecki
cac25cbe60 Merge remote-tracking branch 'woju/master' into appicons
Conflicts:
	Makefile
	rpm_spec/core-vm.spec
2014-01-31 02:12:06 +01:00
Wojciech Zygmunt Porczyk
453ab0f22c qubes.GetImageRGBA for appicons 2014-01-30 16:30:17 +01:00
Marek Marczykowski-Górecki
66ef7696ac backups: change data/time delimiter in filename according to ISO 8601 2014-01-15 04:33:18 +01:00
Marek Marczykowski-Górecki
2b80dfef17 backups: fix backup timestamp 2014-01-13 05:08:05 +01:00
Marek Marczykowski-Górecki
361ab0b266 qubes-rpc: introduce services for browsing VM filesystem
For now used to select system backup inside of VM.
2014-01-13 05:07:23 +01:00
Marek Marczykowski-Górecki
6e599567e0 tar2qfile: retry if lseek() returns EAGAIN
... even though it shouldn't. Apparently it is happening. See #764
comments for details.
2014-01-10 03:33:55 +01:00
Marek Marczykowski-Górecki
92aac6a92e Remove copy of ioall.c - use the one from linux-utils 2014-01-06 18:32:13 +01:00
Vincent Penquerc'h
df7c431d0b qfile-utils: do not write a random extra byte
readlink(2) does not write a terminating NUL, and the read side
will already place a NUL after whatever it receives.
While it seems odd that this would be buggy (ie, synlinks on
the ohter side would be pointing to the wrong filename, though
I guess if we're lucky and the stack had a 0 byte at the right
place, symlink(2) would do what was expected), my reading of
the code tells me this patch is right. Needs testing to double
check.
2014-01-06 17:57:43 +01:00
Vincent Penquerc'h
960c85587f gui-fatal: fix message leak, since the dialog may not be fatal 2014-01-06 17:57:43 +01:00
Vincent Penquerc'h
3e8c0372c2 gui-fatal: use fully qualified paths to kdialog/zenity 2014-01-06 17:57:42 +01:00
Vincent Penquerc'h
73adfc88e3 gui-fatal: add \n to message on stderr 2014-01-06 17:57:42 +01:00
Vincent Penquerc'h
393553c7bb vm-file-editor: #include <sys/time.h> for gettimeofday 2014-01-06 17:57:42 +01:00
Vincent Penquerc'h
c171f47ba8 vm-file-editor: put temporary files in per domain subdirectories
This avoids the possibility that incoming files may match
an existing file in /tmp (whether from the target VM, or a
third VM that's also sent a file for editing), as well as
possible file leaks between domains.
2014-01-06 17:57:42 +01:00
Vincent Penquerc'h
9a4b1efa61 core-agent-linux: misc const/void fixups 2014-01-06 17:57:42 +01:00
Vincent Penquerc'h
214365e272 vm-file-editor: hide | in filename 2014-01-06 17:57:42 +01:00
Vincent Penquerc'h
47c657b123 vm-file-editor: close output when done writing 2014-01-06 17:57:41 +01:00
Vincent Penquerc'h
81e9f967be vm-file-editor: do not overwite an existing file
Either a housekeeping file from that VM, or a similarly named
one being edited from a third VM.
2014-01-06 17:57:41 +01:00
Vincent Penquerc'h
11b8f9be20 vm-file-editor: fix potential buffer overflow
If we're being sent something without a zero byte, we
could happily read off the end of the buffer. Interestingly,
the write part was checking for the max bound.
2014-01-06 17:57:41 +01:00
Vincent Penquerc'h
c9a25b8915 vm-file-editor: fix incorrect time display
It's used only for display, and never parsed, but still.
2014-01-06 17:57:41 +01:00
Vincent Penquerc'h
a4b3a0c955 qopen-in-vm: ensure we can't mistake a non empty file for an empty one
st_size is off_t, which may be larger than int.
2014-01-06 17:57:41 +01:00
Vincent Penquerc'h
38c0ea3128 qopen-in-vm: fix read overflow
That one would also send more data to the other VM that what we
intended: the start of the env var data (which in similar code
on my host includes the GPG agent socket path, XDG session cookie,
and more.

The other side expects a fixed size though, so pad with NULs.

Interestingly, the original code was not vulnerable as it was
callocing enough space.
2014-01-06 17:57:40 +01:00
Vincent Penquerc'h
5af6f0ff7f qopen-in-vm: close output when we're done writing to it 2014-01-06 17:57:40 +01:00
Vincent Penquerc'h
4823490e70 qfile-unpacker: some error checking 2014-01-06 17:57:40 +01:00