Commit Graph

15 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
1430861c6b
kernel-install: (EFI) really install kernel image
Not only add it to the configuration.

Fixes QubesOS/qubes-issues#1492
2015-12-05 15:18:08 +01:00
Marek Marczykowski-Górecki
8a9d3de1ef
kernel-install: fix EFI dir path in xen.cfg generation script
Fixes QubesOS/qubes-issues#1492
2015-12-05 15:05:34 +01:00
Marek Marczykowski-Górecki
867baa7266
kernel-install: add new kernel to xen.cfg for xen.efi
QubesOS/qubes-issues#794
2015-09-26 03:56:16 +02:00
Marek Marczykowski-Górecki
0e733bd0de
kernel-install: call grub2-mkconfig only when it is installed
On systems booting with EFI, there is no grub2 installed at all - the
system is started directly to xen.efi.
2015-09-26 02:54:32 +02:00
Marek Marczykowski-Górecki
f795e58483
Undo 'Boot Loader Spec' by deleting /boot/MACHINE_ID
The specification doesn't cover how to boot Xen (or any other multiboot
binary), but the sole presence of such directory changes dracut default
path. So get rid of that directory.
2015-08-03 03:00:59 +02:00
Marek Marczykowski-Górecki
fddeb4a23c
Generate initramfs in kernel-install hook
The default one generates initramfs in location expected by Boot Loader
Specification, which as noted before, isn't useful for Qubes.
2015-07-12 01:54:53 +02:00
Marek Marczykowski-Górecki
2a14ae9c0b
Add kernel post-installation script to regenerate grub2 config
Since we now allow using Fedora kernel, add a script to generate proper
bootloader configuration then. Standard Fedora mechanism relies on
Boot Loader Specification support in grub2, which sadly does not support
Xen, so it is useless in Qubes.
2015-07-10 17:54:24 +02:00
Marek Marczykowski-Górecki
8acd40905d Disable lesspipe in dom0
It can be dangerous when processing untrusted content (for example VM
logs).
Details:
https://groups.google.com/d/msgid/qubes-users/20150527215812.GA13915%40mail-itl
2015-06-25 02:37:29 +02:00
Marek Marczykowski-Górecki
c457b485cb Load xen-acpi-processor module
It is required for cpufreq to work.
2015-04-10 17:56:58 +02:00
Marek Marczykowski-Górecki
5035fc7eed Remove iptables config
Dom0 have no network at all, it isn't needed.
2015-03-31 22:55:25 +02:00
Marek Marczykowski-Górecki
4449d51d98 udev: prevent race with kpartx -d
udevd calls (internal) blkid, which opens the device, so kpartx -d
cannot remove it.
2015-02-01 04:05:05 +01:00
Marek Marczykowski-Górecki
9687180a62 udev: prevent dom0 processes from accessing templates root image 2014-07-04 04:29:31 +02:00
Marek Marczykowski-Górecki
5af0530e8d udev: prevent VM disks content from being accessed by dom0 processes
To not expose dom0 processes like blkid for attacks from VM (e.g. by
placing malicious filesystem header in private.img).
2014-06-11 02:41:20 +02:00
Marek Marczykowski-Górecki
2c4aae132a Use 'conntrack' iptables module instead of obsoleted 'state' 2014-04-04 11:30:55 +02:00
Marek Marczykowski
dbe9693851 Other Linux-specific files 2013-03-16 19:52:16 +01:00