Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
821 Commits 1 Branch 0 Tags 34 MiB
cf12c27d2c
Commit Graph

166 Commits

Author SHA1 Message Date
Marek Marczykowski
4daa5f56ea Merge branch 'master-for-hvm' into hvm 
Conflicts:
	dom0/qvm-core/qubes.py
	dom0/qvm-tools/qvm-sync-clock
 2012-10-04 05:45:41 +02:00
Marek Marczykowski
949222f692 vm/spec: fix adding yum-proxy configuration 
Do not add entry if already present.
 2012-10-04 05:44:20 +02:00
Bruce A Downs
e2caaf0764 vm: Added 'most recently used' feature to 'copy to vm' dialog 
* replaced zenity to qvm-mru-entry in qubes_rpc/qvm-copy-to-vm.gnome
* added python script qubes_rpc/qvm-mru-entry
* added /usr/bin/qvm-mru-entry to rpm_spec/core-vm.spec
 2012-10-04 05:44:19 +02:00
Bruce A Downs
c2a049ef32 vm/spec: mod to core-vm.spec to add test for files 
core rpm was failing during uninstall attempting to move non-existent files
* /var/lib/qubes/fstab.orig
* /var/lib/qubes/serial.orig
 2012-10-04 05:44:19 +02:00
Marek Marczykowski
6345c4570a vm/iptables: block IPv6 traffic 
This isn't properly handled by Qubes VMs yet, so block it in all the VMs.
Also restrict access to firewall config.
 2012-10-04 05:44:19 +02:00
Marek Marczykowski
da79d38e6f vm/spec: fix adding yum-proxy configuration 
Do not add entry if already present.
 2012-10-04 05:29:10 +02:00
Marek Marczykowski
0ea16ef21b dom0+vm/qfile-copy: use setuid instead of policy setting to allow chroot 
This will allow to not hardcode "root" username in policy, which can be useful
for non-Linux systems.
 2012-08-18 21:17:07 +02:00
Marek Marczykowski
32405af775 vm/kernel-placeholder: simplify upgrade 2012-07-30 23:16:05 +02:00
Marek Marczykowski
077c74782c vm: kernel-placeholder package to inhibit real kernel pkg in VM (#645) 
Some packages depends on kernel (ex fuse, pulseaudio), but kernel in VM is
managed by dom0. Any hack like exlude or so on will break some things, so
install empty placeholder package to fulfill dependencies.
 2012-07-23 23:17:50 +02:00
Marek Marczykowski
c8f3f737f5 Revert "vm/spec: disable pam_systemd globally (#607)" (#626) 
This reverts commit 8ec4b6963b71b95bc0cda6dd80d99bf60aa9caec.
This caused regression (#626).

Conflicts:

	rpm_spec/core-vm.spec
 2012-07-16 13:36:08 +02:00
Marek Marczykowski
8129032c9e vm: implement qubes.GetAppmenus to reduce code duplication 
As one-liner services are now real one-line, just do it.
 2012-07-15 02:41:23 +02:00
Marek Marczykowski
55130c0dee vm: simplify qubes.VMShell service 
Now additional wrapper not required to skip cmdline argument
 2012-07-15 02:41:23 +02:00
Marek Marczykowski
bec4afc919 vm: export SuspendPre and SuspendPost qrexec services (#617) 
1. Try to use NetworkManager sleep command instead of shutting it down
2. Move sleep action details (which is VM-specific) to VM
3. Export it as qrexec service(s)
 2012-07-13 14:44:11 +02:00
Marek Marczykowski
3af500fc80 vm: provide dispvm-dotfiles and dispvm-prerun.sh in rpm package (#620) 2012-07-12 14:22:44 +02:00
Marek Marczykowski
c336586fae vm/systemd: disable additional useless services (#620) 
Most of them relay on direct network acces, which isn't true on Qubes.
 2012-07-12 03:56:09 +02:00
Marek Marczykowski
654fb64a74 vm/spec: remove dupplicated commnds, suppress error message 2012-07-12 03:56:09 +02:00
Marek Marczykowski
5ee694f4d3 vm/spec: disable pam_systemd only in trigger 
The %post part is unnecessary.
 2012-07-09 15:54:33 +02:00
Marek Marczykowski
f0cdcdae34 vm: disable D-Bus activation of NetworkManager (#610) 2012-07-05 01:43:32 +02:00
Marek Marczykowski
0cd7a783d4 vm/spec: disable pam_systemd globally (#607) 
Actually all /etc/pam.d/ files containing pam_systemd.so are autogenerated by
authconfig, so "removing" pam_systemd.so file as not elegant solution, seems to
be much more realiable.
 2012-07-05 01:43:32 +02:00
Marek Marczykowski
9efee9324f vm/spec: fix enabling NetworkManager SystemD service 2012-06-26 03:43:36 +02:00
Marek Marczykowski
77ccf99b88 vm/spec: fix error messages 2012-06-26 03:43:36 +02:00
Marek Marczykowski
47e49d0fd6 vm/spec: fix enabling of qubes-firewall SysV service 2012-06-26 03:43:36 +02:00
Marek Marczykowski
1fdaa847c4 vm: RPC service for NTP time sync (#603) 2012-06-23 00:37:47 +02:00
Marek Marczykowski
64a9c54ba6 vm: enable yum-qubes-hooks plugin (#592) 2012-06-11 22:35:44 +02:00
Marek Marczykowski
3e89b33209 vm/spec: create firmware symlink only when needed 
On new systems, like FC16+, firmware is provided by separate package (like
linux-firmware), so no longer need to get it from kernel package.
 2012-06-06 03:00:05 +02:00
Marek Marczykowski
baf95fb765 vm/spec: depend on ethtool _package_ 2012-06-06 02:59:07 +02:00
Marek Marczykowski
06c4d57b60 vm: yum plugin to notify dom0 about installed updates (#592) 2012-06-05 21:21:53 +02:00
Marek Marczykowski
55f99e23db makefile: rename vchan Makefile to not conflict with windows build 2012-06-05 21:21:53 +02:00
Marek Marczykowski
9930a89fb1 vm/qubes-yum-proxy: setup yum to use qubes-yum-proxy (#568) 
The simplest way is just add proxy=... entry to /etc/yum.conf, but sometimes it
is reasonable to bypass the proxy. Some examples:
 - usage of non-standard repos with some exotic file layout, which will be
   blocked by the proxy
 - usage of repos not-accessible via proxy (eg only via VPN stared in VpnVM)

This commit introduces 'yum-proxy-setup' pseudo-service, which can be
controlled via standard qvm-service or qubes-manager. When enabled - yum will
be configured at VM startup to use qubes proxy, otherwise - to connect directly
(proxy setting will be cleared).
 2012-05-31 03:11:44 +02:00
Marek Marczykowski
0430e5186b vm: qubes-yum-proxy service (#568) 
Introduce proxy service, which allow only http(s) traffic to yum repos. The
filter rules are based on URL regexp, so it isn't full-featured content
inspection and can be easy bypassed, but should be enough to prevent some
erroneus user actions (like clicking on invalid link).

It is set up to intercept connections to 10.137.255.254:8082, so VM can connect
to this IP regardless of VM in which proxy is running. By default it is
started in every NetVM, but this can be changed using qvm-service or
qubes-manager (as always).
 2012-05-31 03:11:43 +02:00
Marek Marczykowski
542cd42d04 vm/spec: remove executable perm where not needed 2012-05-31 03:11:43 +02:00
Marek Marczykowski
be05968bd1 vm/spec: fix /etc/hosts if it was broken by previous version 2012-05-08 23:44:07 +02:00
Marek Marczykowski
bd8977c824 vm: notify dom0 when updates available in VM (#475) 2012-05-02 00:09:00 +02:00
Marek Marczykowski
4401c3e525 vm/init.d: make firewall and netwatcher service consistent with systemd 2012-03-09 01:50:18 +01:00
Marek Marczykowski
c3ee25ef10 vm/mimeopen: save mimetype defaults for DispVM (#423) 2012-02-06 19:08:08 +01:00
Marek Marczykowski
431e350ffe vm/spec: fix file permissions 2012-02-06 12:58:02 +01:00
Marek Marczykowski
f3e187f672 vm/spec: do not complain about missing serial.conf 2012-01-30 14:22:35 +01:00
Marek Marczykowski
85e6704037 vm/network: symlink NetworkManager system-connection to /rw (#425) 
In FC15, NetworkManager by default uses global connections ("Available to all users"). Save them in /rw instead of /etc, to preserve them across reboots.
 2012-01-30 14:20:02 +01:00
Marek Marczykowski
5ec2c4c4bb vm/spec: hide diagnostics from systemctl 2012-01-18 17:24:04 +01:00
Marek Marczykowski
1a71d29cd4 vm: enable qubes-firewall (#424) 2012-01-18 13:37:31 +01:00
Marek Marczykowski
0e1278205c spec: fix build order 2012-01-15 17:36:22 +01:00
Marek Marczykowski
33f50950ec vm/systemd: enable ntpd and NetworkManager services 2012-01-14 01:40:54 +01:00
Marek Marczykowski
4a73aa5da6 vm/systemd: add some package requirements according to Fedora documentation 2012-01-14 01:40:10 +01:00
Marek Marczykowski
9129f74603 vm: disable some autostart applications 2012-01-14 01:39:43 +01:00
Marek Marczykowski
d3e1bf36bf vm: disable silent automatic update *installation* in FC15 (#415) 
Do not silently download and install updates, especially in NonUpdateableVM.
 2012-01-14 01:37:22 +01:00
Marek Marczykowski
5e0cde15de vm/init: introduce SystemD startup scripts 2012-01-10 12:10:16 +01:00
Marek Marczykowski
5573200c9d vm/spec: split SysV init scripts into separate subpackage 2012-01-10 12:09:09 +01:00
Marek Marczykowski
a25d3be356 vm/spec: add Obsoletes header for smooth upgrade 2012-01-10 11:23:27 +01:00
Marek Marczykowski
240d35259f vm(+dom0): major rearrage VM files in repo; merge core-*vm packages 2012-01-06 21:31:12 +01:00
Marek Marczykowski
65b6675ca1 vm: disable cron also using systemctl 
This is needed for FC15
 2011-12-30 23:53:46 +01:00