qubes-sysinit.sh 4.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119
  1. #!/bin/sh
  2. # List of services enabled by default (in case of absence of qubesdb entry)
  3. DEFAULT_ENABLED_NETVM="network-manager qubes-network qubes-update-check qubes-updates-proxy"
  4. DEFAULT_ENABLED_PROXYVM="qubes-network qubes-firewall qubes-update-check"
  5. DEFAULT_ENABLED_APPVM="cups qubes-update-check"
  6. DEFAULT_ENABLED_TEMPLATEVM="$DEFAULT_ENABLED_APPVM updates-proxy-setup"
  7. DEFAULT_ENABLED=""
  8. if [ -z "`ls /sys/bus/pci/devices/`" ]; then
  9. # do not enable meminfo-writer (so qmemman for this domain) when any PCI
  10. # device is present
  11. DEFAULT_ENABLED="$DEFAULT_ENABLED meminfo-writer"
  12. DEFAULT_ENABLED_APPVM="$DEFAULT_ENABLED_APPVM meminfo-writer"
  13. DEFAULT_ENABLED_PROXYVM="$DEFAULT_ENABLED_PROXYVM meminfo-writer"
  14. DEFAULT_ENABLED_TEMPLATEVM="$DEFAULT_ENABLED_TEMPLATEVM meminfo-writer"
  15. fi
  16. QDB_READ=qubesdb-read
  17. QDB_LS=qubesdb-multiread
  18. # Location of files which contains list of protected files
  19. PROTECTED_FILE_LIST='/etc/qubes/protected-files.d'
  20. read_service() {
  21. $QDB_READ /qubes-service/$1 2> /dev/null
  22. }
  23. systemd_pkg_version=`systemctl --version|head -n 1`
  24. if ! dmesg | grep -q "$systemd_pkg_version running in system mode."; then
  25. # Ensure we're running right version of systemd (the one started by initrd may be different)
  26. systemctl daemon-reexec
  27. fi
  28. # Wait for xenbus initialization
  29. while [ ! -e /dev/xen/xenbus -a ! -e /proc/xen/xenbus ]; do
  30. sleep 0.1
  31. done
  32. mkdir -p /var/run/qubes
  33. chgrp qubes /var/run/qubes
  34. chmod 0775 /var/run/qubes
  35. mkdir -p /var/run/qubes-service
  36. mkdir -p /var/run/xen-hotplug
  37. # Set permissions to /proc/xen/xenbus, so normal user can talk to xenstore, to
  38. # open vchan connection. Note that new code uses /dev/xen/xenbus (which have
  39. # permissions set by udev), so this probably can go away soon
  40. chmod 666 /proc/xen/xenbus
  41. # Set permissions to /proc/xen/privcmd, so a user in qubes group can access
  42. chmod 660 /proc/xen/privcmd
  43. chgrp qubes /proc/xen/privcmd
  44. [ -e /proc/u2mfn ] || modprobe u2mfn
  45. # Set permissions to files needed by gui-agent
  46. chmod 666 /proc/u2mfn
  47. # Set default services depending on VM type
  48. TYPE=`$QDB_READ /qubes-vm-type 2> /dev/null`
  49. [ "$TYPE" = "AppVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_APPVM && touch /var/run/qubes/this-is-appvm
  50. [ "$TYPE" = "NetVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_NETVM && touch /var/run/qubes/this-is-netvm
  51. [ "$TYPE" = "ProxyVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_PROXYVM && touch /var/run/qubes/this-is-proxyvm
  52. [ "$TYPE" = "TemplateVM" ] && DEFAULT_ENABLED=$DEFAULT_ENABLED_TEMPLATEVM && touch /var/run/qubes/this-is-templatevm
  53. # Enable default services
  54. for srv in $DEFAULT_ENABLED; do
  55. touch /var/run/qubes-service/$srv
  56. done
  57. # Enable services
  58. for srv in `$QDB_LS /qubes-service/ 2>/dev/null |grep ' = 1'|cut -f 1 -d ' '`; do
  59. touch /var/run/qubes-service/$srv
  60. done
  61. # Disable services
  62. for srv in `$QDB_LS /qubes-service/ 2>/dev/null |grep ' = 0'|cut -f 1 -d ' '`; do
  63. rm -f /var/run/qubes-service/$srv
  64. done
  65. # Set the hostname
  66. if ! grep -rq "^/etc/hostname$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
  67. name=`$QDB_READ /name`
  68. if [ -n "$name" ]; then
  69. hostname $name
  70. if [ -e /etc/debian_version ]; then
  71. ipv4_localhost_re="127\.0\.1\.1"
  72. else
  73. ipv4_localhost_re="127\.0\.0\.1"
  74. fi
  75. sed -i "s/^\($ipv4_localhost_re\(\s.*\)*\s\).*$/\1${name}/" /etc/hosts
  76. sed -i "s/^\(::1\(\s.*\)*\s\).*$/\1${name}/" /etc/hosts
  77. fi
  78. fi
  79. # Set the timezone
  80. if ! grep -rq "^/etc/timezone$" "${PROTECTED_FILE_LIST}" 2>/dev/null; then
  81. timezone=`$QDB_READ /qubes-timezone 2> /dev/null`
  82. if [ -n "$timezone" ]; then
  83. ln -sf ../usr/share/zoneinfo/$timezone /etc/localtime
  84. if [ -e /etc/debian_version ]; then
  85. echo "$timezone" > /etc/timezone
  86. else
  87. echo "# Clock configuration autogenerated based on Qubes dom0 settings" > /etc/sysconfig/clock
  88. echo "ZONE=\"$timezone\"" >> /etc/sysconfig/clock
  89. fi
  90. fi
  91. fi
  92. # Prepare environment for other services
  93. echo > /var/run/qubes-service-environment
  94. debug_mode=`$QDB_READ /qubes-debug-mode 2> /dev/null`
  95. if [ -n "$debug_mode" -a "$debug_mode" -gt 0 ]; then
  96. echo "GUI_OPTS=-vv" >> /var/run/qubes-service-environment
  97. fi
  98. exit 0