Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
b7d8d66bb1
core-agent-linux/vm-systemd
History
Rudd-O b7d8d66bb1 Eliminate race condition with qubes-setup-dnat-to-ns 
qubes-setup-dnat-to-ns is called multiple times during boot.  Of particular interest are the two invocations done by:

1. `/usr/lib/qubes/init/network-proxy.setup.sh` (`qubes-network.service`)
2. `/usr/lib/qubes/init/misc-post.sh` (`qubes-misc-post.service`)

These can, and do often, run in parallel.  Often enough that the `PR-QBS` `nat` chain can end up with eight rules instead of four, or (worse) zero rules.

This commit represents the proper boot ordering of these services, where the post startup *must* happen after Qubes has already started its iptables, firewall, network setup and netwatcher.

This eliminates the race.
2016-10-12 15:19:46 +00:00
..
chronyd.service.d systemd: order units checking for qubes-service after qubes-sysinit 2016-05-12 00:17:05 +02:00
cron.service.d systemd: improve ordering of systemd units 2016-07-27 05:19:47 +02:00
crond.service.d systemd: improve ordering of systemd units 2016-07-27 05:19:47 +02:00
cups.path.d systemd: order units checking for qubes-service after qubes-sysinit 2016-05-12 00:17:05 +02:00
cups.service.d systemd: order units checking for qubes-service after qubes-sysinit 2016-05-12 00:17:05 +02:00
cups.socket.d systemd: order units checking for qubes-service after qubes-sysinit 2016-05-12 00:17:05 +02:00
getty@tty.service.d systemd: order units checking for qubes-service after qubes-sysinit 2016-05-12 00:17:05 +02:00
ModemManager.service.d systemd: order units checking for qubes-service after qubes-sysinit 2016-05-12 00:17:05 +02:00
netfilter-persistent.service.d systemd: order units checking for qubes-service after qubes-sysinit 2016-05-12 00:17:05 +02:00
network-manager.service.d systemd: order units checking for qubes-service after qubes-sysinit 2016-05-12 00:17:05 +02:00
NetworkManager-wait-online.service.d systemd: improve ordering of systemd units 2016-07-27 05:19:47 +02:00
NetworkManager.service.d systemd: improve ordering of systemd units 2016-07-27 05:19:47 +02:00
ntpd.service.d systemd: order units checking for qubes-service after qubes-sysinit 2016-05-12 00:17:05 +02:00
org.cups.cupsd.path.d systemd: order units checking for qubes-service after qubes-sysinit 2016-05-12 00:17:05 +02:00
org.cups.cupsd.service.d systemd: order units checking for qubes-service after qubes-sysinit 2016-05-12 00:17:05 +02:00
org.cups.cupsd.socket.d systemd: order units checking for qubes-service after qubes-sysinit 2016-05-12 00:17:05 +02:00
systemd-random-seed.service.d systemd: plug random seed loading into systemd-random-seed 2016-07-17 04:26:01 +02:00
tinyproxy.service.d No longer start /etc/init.d/tinyproxy by default anymore. 2015-11-11 14:57:36 +00:00
tmp.mount.d Enlarge /tmp and /dev/shm 2015-10-04 23:07:10 +02:00
tor.service.d systemd: order units checking for qubes-service after qubes-sysinit 2016-05-12 00:17:05 +02:00
tor@default.service.d Do not start tor@default service in TemplateVM. 2016-06-11 13:46:58 +00:00
user dropins: implement dropins for systemd user starting with pulseaudio systemd service and socket masking 2015-11-07 19:12:30 +01:00
75-qubes-vm.preset systemd: fix syntax error in preset file 2016-08-06 18:36:30 +02:00
bind-dirs.sh bind-dirs: copy from ro only if bind target doesn't exists 2016-09-01 03:41:31 +02:00
misc-post-stop.sh vm/mimeopen: merge user defaults with system one (#423) 2012-02-06 19:09:37 +01:00
misc-post.sh Setup updates proxy in dnf and PackageKit 2015-10-30 15:13:56 +01:00
mount-dirs.sh Fix bind-dirs.sh path 2016-03-30 14:17:04 +02:00
network-proxy-setup.sh Merge remote-tracking branch 'origin/pr/65' 2016-03-21 14:21:57 +01:00
prepare-dvm.sh systemd: plug random seed loading into systemd-random-seed 2016-07-17 04:26:01 +02:00
qubes-core-agent-linux.tmpfiles updates-proxy: use separate directory for PID file 2015-11-11 05:57:57 +01:00
qubes-core.conf systemd: load xen-privcmd module 2016-07-27 05:19:46 +02:00
qubes-dvm.service dvm, then xendriverdomain, then qrexec-agent 2016-07-01 16:01:47 +00:00
qubes-firewall.service The Underscores Revolution: filenames 2013-03-14 01:07:49 +01:00
qubes-iptables.service network: use own iptables service instead of repurposing existing one 2015-08-09 20:09:51 +02:00
qubes-misc-post.service Eliminate race condition with qubes-setup-dnat-to-ns 2016-10-12 15:19:46 +00:00
qubes-misc.conf Use systemd mechanism for loading kernel modules (when available) 2014-09-29 21:31:10 +02:00
qubes-mount-dirs.service systemd: order qubes-mount-dirs.service before local-fs.target 2016-07-27 05:19:46 +02:00
qubes-netwatcher.service Order network management units after network-pre.target 2016-06-30 16:20:47 +00:00
qubes-network.service Order network management units after network-pre.target 2016-06-30 16:20:47 +00:00
qubes-qrexec-agent.service dvm, then xendriverdomain, then qrexec-agent 2016-07-01 16:01:47 +00:00
qubes-random-seed.sh qubes-random-seed: feed kernel rng with randomness from dom0 2015-10-10 00:45:44 +02:00
qubes-sysinit.service Use Qubes DB instead of Xenstore 2014-11-19 15:34:33 +01:00
qubes-sysinit.sh sysinit: Accept also old xenbus kernel interface 2016-01-13 05:05:00 +01:00
qubes-update-check.service systemd: don't mark updates check service failed 2016-07-16 15:30:40 +02:00
qubes-update-check.timer vm: notify dom0 when updates available in VM (#475) 2012-05-02 00:09:00 +02:00
qubes-updates-proxy.service updates-proxy: use separate directory for PID file 2015-11-11 05:57:57 +01:00