Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
3e7a45b4ac
core-agent-linux/network
History
Marek Marczykowski-Górecki b49ae50ad5
Implement qrexec-based connection to updates proxy 
Configure package manager to use 127.0.0.1:8082 as proxy instead of
"magic" IP intercepted later. The listen on this port and whenever
new connection arrives, spawn qubes.UpdatesProxy service call (to
default target domain - subject to configuration in dom0) and connect
its stdin/out to the local TCP connection. This part use systemd.socket
unit in case of systemd, and ncat --exec otherwise.

On the other end - in target domain - simply pass stdin/out to updates
proxy (tinyproxy) running locally.

It's important to _not_ configure the same VM to both be updates proxy and
use it. In practice such configuration makes little sense - if VM can
access network (which is required to run updates proxy), package manager
can use it directly. Even if this network access is through some
VPN/Tor. If a single VM would be configured as both proxy provider and
proxy user, connection would loop back to itself. Because of this, proxy
connection redirection (to qrexec service) is disabled when the same VM
also run updates proxy.

Fixes QubesOS/qubes-issues#1854
2017-05-26 05:25:29 +02:00
..
00notify-hook Improved upgrade notifications sent to QVMM. 2015-11-11 15:45:00 +00:00
30-qubes-external-ip remove 'bashisms' or explicit use bash 2015-02-05 05:42:08 +01:00
80-qubes.conf install iptables/forwarding for debian 2014-09-29 05:25:14 +02:00
ip6tables network: rewrite qubes-firewall daemon 2016-09-12 05:22:53 +02:00
iptables network: rewrite qubes-firewall daemon 2016-09-12 05:22:53 +02:00
iptables-updates-proxy remove 'bashisms' or explicit use bash 2015-02-05 05:42:08 +01:00
network-manager-prepare-conf-dir network: Properly handle comments in NetworkManager.conf (#2584) 2017-03-28 17:19:12 -04:00
nm-30-qubes.conf Configure NetworkManager to keep /etc/resolv.conf as plain file 2016-09-15 01:26:35 +02:00
qubes-fix-nm-conf.sh Revert "network: use drop-ins for NetworkManager configuration (#1176)" 2015-11-28 17:43:15 +01:00
qubes-iptables removed trailing spaces 2015-10-15 04:34:55 +02:00
qubes-nmhook Clean up early initialization and setup of /rw 2016-10-23 20:19:51 +00:00
qubes-setup-dnat-to-ns If there is only 1 DNS server make both DNAT rules point to it 2017-03-19 21:56:34 +00:00
setup-ip Restore functionality of disable-default-route and disable-dns-server. 2017-02-12 23:53:43 +01:00
show-hide-nm-applet.desktop Fix show-hide-nm-applet.desktop - use OnlyShowIn=X-QUBES 2015-09-03 00:43:54 +02:00
show-hide-nm-applet.sh Clean up early initialization and setup of /rw 2016-10-23 20:19:51 +00:00
tinyproxy-updates.conf updates-proxy: explicitly block connection looping back to the proxy IP 2015-12-04 14:57:07 +01:00
udev-qubes-network.rules network: run setup-ip only on xen frontend interfaces 2016-03-29 12:30:26 +02:00
update-proxy-configs Implement qrexec-based connection to updates proxy 2017-05-26 05:25:29 +02:00
updates-blacklist updates-proxy: explicitly block connection looping back to the proxy IP 2015-12-04 14:57:07 +01:00
vif-qubes-nat.sh network: use /32 netmask on internal IPs in NAT providing namespace 2016-11-01 00:22:19 +01:00
vif-route-qubes Merge branch 'core3-devel' 2017-05-20 14:43:53 +02:00