Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
b49ae50ad5
core-agent-linux/vm-systemd
History
Marek Marczykowski-Górecki b49ae50ad5
Implement qrexec-based connection to updates proxy 
Configure package manager to use 127.0.0.1:8082 as proxy instead of
"magic" IP intercepted later. The listen on this port and whenever
new connection arrives, spawn qubes.UpdatesProxy service call (to
default target domain - subject to configuration in dom0) and connect
its stdin/out to the local TCP connection. This part use systemd.socket
unit in case of systemd, and ncat --exec otherwise.

On the other end - in target domain - simply pass stdin/out to updates
proxy (tinyproxy) running locally.

It's important to _not_ configure the same VM to both be updates proxy and
use it. In practice such configuration makes little sense - if VM can
access network (which is required to run updates proxy), package manager
can use it directly. Even if this network access is through some
VPN/Tor. If a single VM would be configured as both proxy provider and
proxy user, connection would loop back to itself. Because of this, proxy
connection redirection (to qrexec service) is disabled when the same VM
also run updates proxy.

Fixes QubesOS/qubes-issues#1854
2017-05-26 05:25:29 +02:00
..
anacron-resume.service.d Stop anacron from starting in Debian using existing constraint on cron 2017-02-05 23:36:27 +00:00
anacron.service.d Stop anacron from starting in Debian using existing constraint on cron 2017-02-05 23:36:27 +00:00
avahi-daemon.service.d Stop unnecessary services in Debian 2017-02-16 22:41:14 +00:00
chronyd.service.d systemd: order units checking for qubes-service after qubes-sysinit 2016-05-12 00:17:05 +02:00
cron.service.d Revert version and correct unit files 2016-10-16 13:39:01 +01:00
crond.service.d Revert version and correct unit files 2016-10-16 13:39:01 +01:00
cups.path.d systemd: order units checking for qubes-service after qubes-sysinit 2016-05-12 00:17:05 +02:00
cups.service.d Clean up early initialization and setup of /rw 2016-10-23 20:19:51 +00:00
cups.socket.d systemd: order units checking for qubes-service after qubes-sysinit 2016-05-12 00:17:05 +02:00
exim4.service.d Stop unnecessary services in Debian 2017-02-16 22:41:14 +00:00
getty@tty.service.d systemd: order units checking for qubes-service after qubes-sysinit 2016-05-12 00:17:05 +02:00
ModemManager.service.d systemd: order units checking for qubes-service after qubes-sysinit 2016-05-12 00:17:05 +02:00
netfilter-persistent.service.d systemd: order units checking for qubes-service after qubes-sysinit 2016-05-12 00:17:05 +02:00
network-manager.service.d systemd: order units checking for qubes-service after qubes-sysinit 2016-05-12 00:17:05 +02:00
NetworkManager-wait-online.service.d systemd: improve ordering of systemd units 2016-07-27 05:19:47 +02:00
NetworkManager.service.d systemd: improve ordering of systemd units 2016-07-27 05:19:47 +02:00
ntpd.service.d systemd: order units checking for qubes-service after qubes-sysinit 2016-05-12 00:17:05 +02:00
org.cups.cupsd.path.d systemd: order units checking for qubes-service after qubes-sysinit 2016-05-12 00:17:05 +02:00
org.cups.cupsd.service.d systemd: order units checking for qubes-service after qubes-sysinit 2016-05-12 00:17:05 +02:00
org.cups.cupsd.socket.d systemd: order units checking for qubes-service after qubes-sysinit 2016-05-12 00:17:05 +02:00
systemd-random-seed.service.d systemd: plug random seed loading into systemd-random-seed 2016-07-17 04:26:01 +02:00
tinyproxy.service.d No longer start /etc/init.d/tinyproxy by default anymore. 2015-11-11 14:57:36 +00:00
tmp.mount.d Enlarge /tmp and /dev/shm 2015-10-04 23:07:10 +02:00
tor.service.d systemd: order units checking for qubes-service after qubes-sysinit 2016-05-12 00:17:05 +02:00
tor@default.service.d Do not start tor@default service in TemplateVM. 2016-06-11 13:46:58 +00:00
user dropins: implement dropins for systemd user starting with pulseaudio systemd service and socket masking 2015-11-07 19:12:30 +01:00
75-qubes-vm.preset Implement qrexec-based connection to updates proxy 2017-05-26 05:25:29 +02:00
bind-dirs.sh Merge remote-tracking branch 'qubesos/pr/43' 2017-03-17 11:56:22 +01:00
haveged.service debian: make haveged.service patch less intrusive... 2017-05-22 17:30:06 +02:00
misc-post-stop.sh vm/mimeopen: merge user defaults with system one (#423) 2012-02-06 19:09:37 +01:00
misc-post.sh Clean up early initialization and setup of /rw 2016-10-23 20:19:51 +00:00
mount-dirs.sh Initialize home_volatile for disposable VMs. 2016-11-13 21:20:46 +00:00
network-proxy-setup.sh Merge remote-tracking branch 'origin/pr/65' 2016-03-21 14:21:57 +01:00
prepare-dvm.sh Clean up early initialization and setup of /rw 2016-10-23 20:19:51 +00:00
qubes-core-agent-linux.tmpfiles updates-proxy: use separate directory for PID file 2015-11-11 05:57:57 +01:00
qubes-core.conf systemd: load xen-privcmd module 2016-07-27 05:19:46 +02:00
qubes-dvm.service Clean up early initialization and setup of /rw 2016-10-23 20:19:51 +00:00
qubes-early-vm-config.service systemd: fix race condition between qubes-db and qubes-early-vm-config 2017-05-14 23:13:26 +02:00
qubes-early-vm-config.sh Fix VM settings running while / is readonly. 2016-10-28 05:21:40 +00:00
qubes-firewall.service Clean up early initialization and setup of /rw 2016-10-23 20:19:51 +00:00
qubes-iptables.service Clean up early initialization and setup of /rw 2016-10-23 20:19:51 +00:00
qubes-misc-post.service Eliminate race condition with qubes-setup-dnat-to-ns 2016-10-12 15:19:46 +00:00
qubes-misc.conf Use systemd mechanism for loading kernel modules (when available) 2014-09-29 21:31:10 +02:00
qubes-mount-dirs.service Clean up early initialization and setup of /rw 2016-10-23 20:19:51 +00:00
qubes-network.service Clean up early initialization and setup of /rw 2016-10-23 20:19:51 +00:00
qubes-qrexec-agent.service Clean up early initialization and setup of /rw 2016-10-23 20:19:51 +00:00
qubes-random-seed.sh Clean up early initialization and setup of /rw 2016-10-23 20:19:51 +00:00
qubes-sysinit.service Clean up early initialization and setup of /rw 2016-10-23 20:19:51 +00:00
qubes-sysinit.sh Merge branch 'core3-devel' 2017-05-20 14:43:53 +02:00
qubes-update-check.service systemd: don't mark updates check service failed 2016-07-16 15:30:40 +02:00
qubes-update-check.timer vm: notify dom0 when updates available in VM (#475) 2012-05-02 00:09:00 +02:00
qubes-updates-proxy-forwarder.socket Implement qrexec-based connection to updates proxy 2017-05-26 05:25:29 +02:00
qubes-updates-proxy-forwarder@.service Implement qrexec-based connection to updates proxy 2017-05-26 05:25:29 +02:00
qubes-updates-proxy.service updates-proxy: use separate directory for PID file 2015-11-11 05:57:57 +01:00