Marek Marczykowski-Górecki
2a14ae9c0b
Add kernel post-installation script to regenerate grub2 config
...
Since we now allow using Fedora kernel, add a script to generate proper
bootloader configuration then. Standard Fedora mechanism relies on
Boot Loader Specification support in grub2, which sadly does not support
Xen, so it is useless in Qubes.
2015-07-10 17:54:24 +02:00
Marek Marczykowski-Górecki
8acd40905d
Disable lesspipe in dom0
...
It can be dangerous when processing untrusted content (for example VM
logs).
Details:
https://groups.google.com/d/msgid/qubes-users/20150527215812.GA13915%40mail-itl
2015-06-25 02:37:29 +02:00
Marek Marczykowski-Górecki
c457b485cb
Load xen-acpi-processor module
...
It is required for cpufreq to work.
2015-04-10 17:56:58 +02:00
Marek Marczykowski-Górecki
5035fc7eed
Remove iptables config
...
Dom0 have no network at all, it isn't needed.
2015-03-31 22:55:25 +02:00
Marek Marczykowski-Górecki
4449d51d98
udev: prevent race with kpartx -d
...
udevd calls (internal) blkid, which opens the device, so kpartx -d
cannot remove it.
2015-02-01 04:05:05 +01:00
Marek Marczykowski-Górecki
9687180a62
udev: prevent dom0 processes from accessing templates root image
2014-07-04 04:29:31 +02:00
Marek Marczykowski-Górecki
5af0530e8d
udev: prevent VM disks content from being accessed by dom0 processes
...
To not expose dom0 processes like blkid for attacks from VM (e.g. by
placing malicious filesystem header in private.img).
2014-06-11 02:41:20 +02:00
Marek Marczykowski-Górecki
2c4aae132a
Use 'conntrack' iptables module instead of obsoleted 'state'
2014-04-04 11:30:55 +02:00
Marek Marczykowski
dbe9693851
Other Linux-specific files
2013-03-16 19:52:16 +01:00
