da2fa46551
Instead of the old workaround that replaces the whole PAM config, use Debian's framework (pam-configs) to add a rule for su. Enable it for users in qubes group only. PAM Config framework documentation: https://wiki.ubuntu.com/PAMConfigFrameworkSpec Issue: QubesOS/qubes-issues#5799 Original PR this change is based on: QubesOS/qubes-core-agent-linux#171
173 lines
4.3 KiB
Plaintext
173 lines
4.3 KiB
Plaintext
Source: qubes-core-agent
|
|
Section: admin
|
|
Priority: extra
|
|
Maintainer: unman <unman@thirdeyesecurity.org>
|
|
Build-Depends:
|
|
libpam0g-dev,
|
|
libqubes-rpc-filecopy-dev (>= 3.1.3),
|
|
libvchan-xen-dev,
|
|
python,
|
|
python3-setuptools,
|
|
debhelper,
|
|
quilt,
|
|
libxen-dev,
|
|
pkg-config,
|
|
dh-systemd (>= 1.5),
|
|
dh-python,
|
|
lsb-release,
|
|
xserver-xorg-dev,
|
|
config-package-dev,
|
|
pandoc,
|
|
Standards-Version: 3.9.5
|
|
Homepage: https://www.qubes-os.org
|
|
Vcs-Git: https://github.com/QubesOS/qubes-core-agent-linux
|
|
|
|
Package: qubes-core-agent
|
|
Architecture: any
|
|
Depends:
|
|
apt-transport-https,
|
|
dconf-cli,
|
|
dmsetup,
|
|
gawk,
|
|
imagemagick,
|
|
init-system-helpers,
|
|
initscripts,
|
|
librsvg2-bin,
|
|
locales,
|
|
ncurses-term,
|
|
psmisc,
|
|
procps,
|
|
util-linux,
|
|
e2fsprogs,
|
|
python3-daemon,
|
|
python3-distutils,
|
|
python3-qubesdb,
|
|
python3-gi,
|
|
python3-xdg,
|
|
python3-dbus,
|
|
qubes-utils (>= 3.1.3),
|
|
qubes-core-qrexec,
|
|
qubesdb-vm,
|
|
systemd,
|
|
xdg-user-dirs,
|
|
xdg-utils,
|
|
xen-utils-common,
|
|
xen-utils-guest,
|
|
xenstore-utils,
|
|
${python3:Depends},
|
|
${shlibs:Depends},
|
|
${misc:Depends}
|
|
Recommends:
|
|
cups,
|
|
gnome-terminal,
|
|
gnome-themes-standard,
|
|
haveged,
|
|
libnotify-bin,
|
|
locales-all,
|
|
mate-notification-daemon,
|
|
ntpdate,
|
|
system-config-printer,
|
|
qubes-core-agent-nautilus,
|
|
qubes-core-agent-networking,
|
|
qubes-core-agent-network-manager,
|
|
x11-xserver-utils,
|
|
xinit,
|
|
xserver-xorg-core,
|
|
xsettingsd,
|
|
xterm
|
|
Conflicts:
|
|
qubes-core-agent-linux,
|
|
firewalld,
|
|
qubes-core-vm-sysvinit,
|
|
qubes-gui-agent (<< 4.1.6-1)
|
|
Description: Qubes core agent
|
|
This package includes various daemons necessary for qubes domU support,
|
|
such as qrexec services.
|
|
|
|
Package: qubes-core-agent-nautilus
|
|
Architecture: any
|
|
Depends:
|
|
python-nautilus,
|
|
qubes-core-qrexec,
|
|
Replaces: qubes-core-agent (<< 4.0.0-1)
|
|
Breaks: qubes-core-agent (<< 4.0.0-1)
|
|
Description: Qubes integration for Nautilus
|
|
Nautilus addons for inter-VM file copy/move/open.
|
|
|
|
Package: qubes-core-agent-thunar
|
|
Architecture: any
|
|
Depends:
|
|
thunar,
|
|
qubes-core-qrexec,
|
|
Replaces: qubes-core-agent (<< 4.0.0-1)
|
|
Breaks: qubes-core-agent (<< 4.0.0-1)
|
|
Description: Qubes integration for Thunar
|
|
Thunar addons for inter-VM file copy/move/open.
|
|
|
|
Package: qubes-core-agent-dom0-updates
|
|
Architecture: any
|
|
Depends:
|
|
fakeroot,
|
|
yum,
|
|
yum-utils,
|
|
qubes-core-qrexec,
|
|
Replaces: qubes-core-agent (<< 4.0.0-1)
|
|
Breaks: qubes-core-agent (<< 4.0.0-1)
|
|
Description: Scripts required to handle dom0 updates.
|
|
Scripts required to handle dom0 updates. This will allow to use the VM as
|
|
"Updates VM".
|
|
|
|
Package: qubes-core-agent-networking
|
|
Architecture: any
|
|
Depends:
|
|
qubes-core-agent (= ${binary:Version}),
|
|
tinyproxy,
|
|
iptables,
|
|
net-tools,
|
|
ethtool,
|
|
socat,
|
|
tinyproxy,
|
|
iproute2,
|
|
${python3:Depends},
|
|
${misc:Depends}
|
|
Suggests:
|
|
nftables,
|
|
Replaces: qubes-core-agent (<< 4.0.0-1)
|
|
Breaks: qubes-core-agent (<< 4.0.0-1)
|
|
Description: Networking support for Qubes VM
|
|
This package provides:
|
|
* basic network functionality (setting IP address, DNS, default gateway)
|
|
* proxy service used by TemplateVMs to download updates
|
|
* qubes-firewall service (FirewallVM)
|
|
.
|
|
Note: if you want to use NetworkManager (you do want it in NetVM), install
|
|
also qubes-core-agent-network-manager.
|
|
|
|
Package: qubes-core-agent-network-manager
|
|
Architecture: any
|
|
Depends:
|
|
qubes-core-agent-networking (= ${binary:Version}),
|
|
libglib2.0-bin,
|
|
network-manager (>= 0.8.1-1),
|
|
network-manager-gnome,
|
|
Replaces: qubes-core-agent (<< 4.0.0-1)
|
|
Breaks: qubes-core-agent (<< 4.0.0-1)
|
|
Description: NetworkManager integration for Qubes VM
|
|
Integration of NetworkManager for Qubes VM:
|
|
* make connections config persistent
|
|
* adjust DNS redirections when needed
|
|
* show/hide NetworkManager applet icon
|
|
|
|
Package: qubes-core-agent-passwordless-root
|
|
Architecture: any
|
|
Depends: libpam-runtime
|
|
Replaces: qubes-core-agent (<< 4.0.0-1)
|
|
Breaks: qubes-core-agent (<< 4.0.0-1)
|
|
Provides: ${diverted-files}
|
|
Conflicts: ${diverted-files}
|
|
Description: Passwordless root access from normal user
|
|
Configure sudo, PolicyKit and similar tool to not ask for any password when
|
|
switching from user to root. Since all the user data in a VM is accessible
|
|
already from normal user account, there is not much more to guard there. Qubes
|
|
VM is a single user system.
|