Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
99 Commits 1 Branch 0 Tags 6.4 MiB
ffb0fe1d87
Commit Graph

19 Commits

Author SHA1 Message Date
Rafal Wojtczuk
f3428531a8 qrexec* tools, initial version 2011-03-04 16:32:58 +01:00
Rafal Wojtczuk
2c23edd1ee Require NetworkManager >= 0.8.1-1 
Unfortunately, config files layout changes with NM version; therefore
require >= 0.8.1-1.
This should also prevent NM from messing with VIF interfaces on suspend/resume.
 2010-09-17 15:16:01 +02:00
Rafal Wojtczuk
f810fbb547 Tell Network Manager to keep hands off vif interfaces 
...somehow indirectly, by specifying the mac; unfortunately I do not
see any other way.
 2010-09-07 13:18:08 +02:00
Rafal Wojtczuk
23e11f5f6f Switch to routed VM network (instead of bridging) 
No headache from layer 2 attacks.
 2010-09-06 17:07:42 +02:00
Rafal Wojtczuk
c0f47663c8 Unify dom0 and netvm sysconfig/iptables 
Plus:
- dedicated chain for DNAT to nameservers
- prevent intervm networking. Can be conveniently overriden in necessary cases
by inserting ACCEPT clauses (per VM, probably) at the top of FORWARD
 2010-09-06 15:10:01 +02:00
Rafal Wojtczuk
a646ad46b1 Pathnames cleanup 
Move internal scripts to /usr/lib/qubes plus a couple of similar.
 2010-07-21 12:57:02 +02:00
Joanna Rutkowska
f8c4f5ddc5 netvm spec: do not create user in %post 
We don't need user account in netvm, do we?
 2010-06-18 01:54:38 +02:00
Joanna Rutkowska
39a0f5f7e7 appvm, netvm spec: be quite in %post 2010-06-18 01:50:43 +02:00
Joanna Rutkowska
f03fcef295 Require F13 in VM 2010-06-18 01:48:56 +02:00
Joanna Rutkowska
fc65789263 appvm,netvm spec: Fix [ -e fstab ] conditional in %pre 2010-06-18 01:48:18 +02:00
Joanna Rutkowska
0f07b7c7e1 Fix serial console on VM to work on F13 (REQUIRES F13) 2010-06-18 01:45:27 +02:00
Joanna Rutkowska
5b5de14bc0 Make dom0, appvm, netvm use different qubes.repo 2010-06-18 01:41:10 +02:00
Joanna Rutkowska
ed4fbda53e rpm specs: %post cleanup 
Moved some stuff from the begging of %post sections after the
'if installing-for-the-first-time' check.
 2010-06-15 00:02:48 +02:00
Rafal Wojtczuk
68919b0d37 Install qubes_{setup_dnat_to_ns,nmhook} from common/ 2010-05-31 13:17:04 +02:00
Rafal Wojtczuk
e9f3414ef6 Lock out root and user passwords; provide passwordless login on the serial console 2010-05-30 15:45:40 +02:00
Rafal Wojtczuk
940cae99d6 Add qubes.repo to all qubes-core-* rpms. 2010-05-30 15:45:40 +02:00
Rafal Wojtczuk
046802948f Turn on IP forwarding in sysctl.conf 2010-05-30 15:45:40 +02:00
Rafal Wojtczuk
952d2f1d8e Get rid of dnsmasq in netvm. 
qubes_setup_dnat_to_ns script sets up DNAT rules for DNS traffic; it is
triggered by dhclient or NetworkManager, and manually (in case there is
a static resolv.conf).

Put IP-dependent rules in qubes-core, after local ip is known. It could be
further improved by introducing custom chains, to enable iptables save.

Restrict FORWARD.
 2010-05-30 15:45:35 +02:00
Joanna Rutkowska
349a2d0c15 Initial public commit. 
(c) 2010 Invisible Things Lab

Authors:
=========
Joanna Rutkowska <joanna@invisiblethingslab.com>
Rafal Wojtczuk  <rafal@invisiblethingslab.com>
 2010-04-05 20:58:57 +02:00