core-agent-linux

Author	SHA1	Message	Date
Demi Marie Obenour	48b9d5c69b	Avoid deprecated /var/run directory It causes systemd to emit warnings.	2020-12-28 22:06:40 -05:00
Marek Marczykowski-Górecki	66b3e628f2	Order NetworkManager after qubes-network-uplink.service Make sure NM config for uplink interface (eth0) is created before starting NetworkManager itself. Otherwise NM helpfully will try to use automatic DHCP configuration, which will fail and cause delays on network start.	2020-12-05 18:13:27 +01:00
Marek Marczykowski-Górecki	dd8de797e3	Move network uplink setup to a separate service Previously, network uplink (eth0) was configured in two places: - udev (asynchronously) - qubes-misc-post.service - at the very end of the boot process This caused multiple issues: 1. Depending on udev event processing (non-deterministic), network uplink could be enabled too early, for example before setting up firewall. 2. Again depending on udev processing, it can be enabled quite late in the boot process, after network.target is up and services assume network already configured. This for example causes qubes-firewall to fail DNS queries. 3. If udev happen try to enable enable networking even earlier, it may happend before qubesdb-daemon is started, in which case network setup fill fail. For this case, there was network re-setup in qubes-misc-post service - much later in the boot. Fix the above by placing network uplink setup in a dedicated qubes-network-uplink@${INTERFACE}.service unit ordered after network-pre.target and pulled in by udev based on vif device existence, to handle also dynamic network attach/detach. Then, create qubes-network-uplink.service unit waiting for appropriate interface-specific unit (if one is expected!) and order it before network.target. QubesOS/qubes-issues#5576	2020-12-04 03:24:02 +01:00
Marek Marczykowski-Górecki	e344dcc4c9	Order qubes-early-vm-config.service before networking Fixes QubesOS/qubes-issues#5570	2020-12-03 20:52:51 +01:00
Marek Marczykowski-Górecki	0caa7fcf75	network: stop IP forwarding before disabling firewall Stop IP forwarding when stopping qubes-network service (which initially enables it). This makes ordering against qubes-firewall safe - firewall is applied before allowing IP forward and then is removed when IP forward is already disabled. Fixes QubesOS/qubes-issues#5599	2020-12-03 20:52:51 +01:00
Marek Marczykowski-Górecki	2d7a10add7	Drop systemd re-exec during boot We don't have systemd in dom0-provided initrd anymore, so this workaround is not needed now. Fixes QubesOS/qubes-issues#5992	2020-11-03 05:20:15 +01:00
Marek Marczykowski-Górecki	7f15690e43	Add a service to enable swap early - before fsck of the root filesystem fsck may require significant amount of RAM, enable swap earlier to avoid out of memory condition. Implement this as a separate service unit, not a swap unit, because the latter requires udev running (implicit dependency on dev-xvdc1.device) which is not the case before remounting root filesystem read-write. QubesOS/qubes-issues#6174	2020-11-03 05:18:57 +01:00
Frédéric Pierret (fepitre)	5f8c52ea94	preset: handle dom0 and sys-usb qubes-psu-client	2020-10-03 19:34:58 +02:00
Frédéric Pierret (fepitre)	523ffc1ef8	vm-systemd: enable dummy modules and psu client	2020-09-20 15:13:03 +02:00
Rusty Bird	4c4f2e7038	bind-dirs: run in DisposableVM, too Allow the user to configure bind-dirs in the dvm template and have that configuration applied when a DisposableVM is instantiated. Fixes QubesOS/qubes-issues#4624 Fixes QubesOS/qubes-issues#5618	2020-09-15 10:52:59 +00:00
Frédéric Pierret (fepitre)	b804cfb270	xendriverdomain: remove placeholder for sbinpath	2020-08-03 13:18:26 +02:00
Frédéric Pierret (fepitre)	8aea0d9aab	xendriverdomain: remove Requires and After proc-xen.mount	2020-07-26 23:26:00 +02:00
Frédéric Pierret (fepitre)	e660c4a05f	Drop legacy xen entry in fstab	2020-07-26 14:30:33 +02:00
Paweł Marczewski	212df1d586	Enable root autologin on serial console See QubesOS/qubes-issues#5799. Use an option to agetty: https://wiki.archlinux.org/index.php/Getty#Automatic_login_to_virtual_console The --login-pause causes agetty to wait for Enter key. This is important, because otherwise the root session prevents systemd from shutting down, and probably causes other side effect.	2020-05-06 17:56:55 +02:00
Marek Marczykowski-Górecki	6738926ce9	Merge remote-tracking branch 'origin/pr/204' * origin/pr/204: qubes-sysinit: set GUI_OPTS in gui-agent-linux	2020-02-26 04:40:35 +01:00
unman	e54ecfb040	Disable unnecessary services in Debian	2020-02-15 21:12:34 +00:00
Amadeusz Piotr Żołnowski	dee84452aa	Move `qubes-firewall` from `sbin` to `bin`	2020-02-05 00:12:22 +00:00
AJ Jordan	52d1051137	Fix typo	2020-01-16 14:12:01 -05:00
Frédéric Pierret (fepitre)	9d7a3f2cb9	qubes-sysinit: set GUI_OPTS in gui-agent-linux	2020-01-14 17:57:08 +01:00
Marek Marczykowski-Górecki	1b28fcd4f1	Do not load u2mfn module anymore It isn't used in Qubes R4.1 anymore QubesOS/qubes-issues#4280	2019-12-03 13:55:49 +01:00
Marek Marczykowski-Górecki	b3d3c2c98c	Disable boot.automount which is created by systemd automatically systemd-gpt-auto-generator creates boot.automount for existing ESP partition. But Qubes templates have only placeholder ESP there, with no even filesystem created. Disable it with drop-in file, until it will become used. Fixes QubesOS/qubes-issues#5261	2019-08-20 16:37:23 +02:00
Marek Marczykowski-Górecki	ba702a0fd6	Merge remote-tracking branch 'origin/pr/163' * origin/pr/163: init/functions: better not use ipcalc which is not present on minimal distro Handle errors for non-present ip gateways Better use '-z' and '-n' for readibility init/functions: handle non-present /qubes-mac qubesdb and check if iface exists configure_network: use classical function parsing Handle legacy non-present /qubes-mac qubesdb entry Refactor and handle new network qubesdb configuration	2019-06-25 04:27:06 +02:00
Marek Marczykowski-Górecki	91436a2887	Delay qubes-sync-time service after qrexec is started The qubes-sync-time needs qrexec running to work, so set start order appropriately.	2019-06-25 04:19:56 +02:00
Frédéric Pierret (fepitre)	325eff2b13	Refactor and handle new network qubesdb configuration	2019-06-18 18:49:42 +02:00
Marek Marczykowski-Górecki	f3b8298081	Merge remote-tracking branch 'origin/pr/118' * origin/pr/118: Pass GUI domain id to GUI agent	2019-06-08 05:32:14 +02:00
Marek Marczykowski-Górecki	08a853b960	Merge branch 'remove-qrexec' * remove-qrexec: travis: update for R4.1 Remove qrexec-agent related files	2019-06-06 23:20:11 +02:00
Frédéric Pierret (fepitre)	0ce79d4895	Handle non-default 'eth0' Qubes managed interface	2019-05-16 17:32:50 +02:00
Marek Marczykowski-Górecki	0aae0c189c	Merge remote-tracking branch 'qubesos/pr/157' * qubesos/pr/157: qubes-updates-proxy: make ShellCheck happy Use exec to ease systemd handling the tinyproxy process Handle tinyproxy path changed in upstream	2019-04-19 04:27:00 +02:00
Frédéric Pierret (fepitre)	94dad3640c	Use exec to ease systemd handling the tinyproxy process From Marek's comments	2019-04-17 12:47:22 +02:00
Frédéric Pierret (fepitre)	0fd8da62b6	Handle tinyproxy path changed in upstream Related commit `8d0ea71486` Fixes QubesOS/qubes-issues#4973 and QubesOS/qubes-issues#4929	2019-04-16 11:41:44 +02:00
Frédéric Pierret (fepitre)	dda290d511	Disable useless Xen services in Qubes VM since we use upstream package QubesOS/qubes-issues#3945	2019-04-14 12:59:41 +02:00
Marek Marczykowski-Górecki	20285bc6c2	Remove qrexec-agent related files Move it to the core-qrexec repository. QubesOS/qubes-issues#4955	2019-04-08 18:22:38 +02:00
Marek Marczykowski-Górecki	426f322c58	qrexec: add startup notification Avoid race conditions with services ordered shortly after qrexec start. Make systemd know when qrexec-agent is really ready to serve. Fixes QubesOS/qubes-issues#3985	2018-12-08 12:32:56 +01:00
lvh	2f674c9168	Voice informational messages in bind-dirs.sh Previously, bind-dirs.sh had a bunch of `true comment goes here` style debug messages (no-ops). Presumably this was done because these messages are intended as debug messages and would only be displayed when calling bind-dirs.sh with xtrace enabled. However, this includes some fatal errors, which are necessary to debug why bind-dirs.sh is ostensibly not working. For example, I tried to mount /var/lib/docker, didn't realize it did not exist (as an empty directory) in my base template, and there was no journalctl output at all. After this change, journalctl will contain the (very helpful) error message.	2018-10-01 16:07:01 -05:00
Marek Marczykowski-Górecki	c11dd76006	Merge remote-tracking branch 'qubesos/pr/125' * qubesos/pr/125: bind mount /usr/local Fixes QubesOS/qubes-issues#1150	2018-07-11 13:25:37 +02:00
Reynir Björnsson	86413df6d2	bind mount /usr/local	2018-07-11 11:14:47 +02:00
Marek Marczykowski-Górecki	4a8b10ea8b	Drop leftovers of qubes-netwatcher service Fixes QubesOS/qubes-issues#1242	2018-05-24 17:38:12 +02:00
Simon Gaiser	5f201ddd44	Pass GUI domain id to GUI agent	2018-05-18 18:18:01 +02:00
Marek Marczykowski-Górecki	f6dc28106b	qubes-firewall: signal service readiness only after initial scripts qubes-firewall.service have Before=qubes-network.service. The latter enable ip_forwarding. Make sure the ordering cover not only service fork, but all its startup sequence, including initial rules and user scripts. Reported-by: @tasket	2018-04-20 16:38:25 +02:00
Marek Marczykowski-Górecki	76649d875b	Do not start dkms.service It doesn't make sense in Qubes to rebuild modules at every VM startup. Especially when modules dir is either read-only, or on non-persistent root volume (TemplateBasedVM). This is especially uneeded for dom0-provided kernels, which already have u2mfn module built, but DKMS try to rebuild it anyway (and fails, because of missing/broken kernel-devel package). DKMS already have appropriate (rpm/dpkg) hooks for new kernel installation, so actually needed modules should be build in template on kernel update/install anyway. This saves about 2s from VM startup time.	2018-04-04 01:50:40 +02:00
Rusty Bird	4247d4f699	Really enable qubes-sync-time.timer 'systemctl enable' (and thus the preset) needs an [Install] section.	2018-02-14 13:52:17 +00:00
Marek Marczykowski-Górecki	15301d3922	Merge remote-tracking branch 'qubesos/pr/91' * qubesos/pr/91: bind-dirs.sh: don't fail on empty configuration directory	2018-02-13 04:42:34 +01:00
Marek Marczykowski-Górecki	e497858768	Fix systemd-timesyncd.service startup Add After=qubes-sysinit.service to avoid startup condition being evaluated before initializing qubes-service directory. Fixes QubesOS/qubes-issues#3333	2018-02-13 02:14:08 +01:00
Rusty Bird	744cab8639	bind-dirs.sh: don't fail on empty configuration directory nullglob must be active before a glob is used on a potentially empty directory. Call shopt immediately after the shebang line. Fixes QubesOS/qubes-issues#3552	2018-02-08 13:21:01 +00:00
unman	a95aa43864	Disable wpa_supplicant@.service (cherry picked from commit 51f80d39a1064dd6075ccf6af1d5ba78fba6327c)	2017-12-14 23:22:06 +01:00
Marek Marczykowski-Górecki	715693b93d	network: IPv6-enabled firewall If IPv6 is configured in the VM, and it is providing network to others, apply IPv6 firewall similar to the IPv4 one (including NAT for outgoing traffix), instead of blocking everything. Also, enable IP forwarding for IPv6 in such a case. Fixes QubesOS/qubes-issues#718	2017-12-07 01:41:55 +01:00
Marek Marczykowski-Górecki	414f944cf9	Disable cups-browsed service together with cups It tries to connect to cups every second and doesn't do anything else when cups is disabled. So disable (or enable) both of them at the same time.	2017-12-05 17:58:35 +01:00
Marek Marczykowski-Górecki	3fb258db47	network: order qubes-firewall service before enabling IP forwarding Start qubes-firewall (which will add "DROP by default" rule) before enabling IP forwarding, to not leave a time slot where some connection could go around configured firewall. QubesOS/qubes-issues#3269	2017-11-20 02:42:39 +01:00
Marek Marczykowski-Górecki	c0e5501f55	Enable qubes-firewall also in "NetVM" In some cases it may make sense to enfoce outgoing firewall also on sys-net. If the service is disabled, firewall settings will be (silently) ignored, so better be on the safe side and enable. QubesOS/qubes-issues#3290	2017-11-20 01:56:15 +01:00
Marek Marczykowski-Górecki	e53db1386d	Dumb down meminfo-writer enabling logic Let dom0 decide whether it should be enabled or not, regardless of PCI devices or any other factor. Fixes QubesOS/qubes-issues#3207	2017-11-20 01:56:15 +01:00

1 2 3 4 5 ...

273 Commits