Marek Marczykowski-Górecki
5645b4c307
qrexec: wait for remote exit code, even when both stdin/out are closed
2015-02-17 03:57:17 +01:00
Marek Marczykowski-Górecki
61eb2e7764
qrexec: fix handling of remote exit code
2015-02-11 16:11:38 +01:00
Marek Marczykowski-Górecki
d031126737
Add "--" to separate options from (untrusted) non-options arguments
...
This will prevent passing an option instead of command (qvm-run) /
domain name (qrexec-policy). In both cases when VM tries to pass some
option it would fail because missing argument then - VM can not pass
additional arguments, so if one act as an option, one argument will be
missing).
2015-02-10 01:57:33 +01:00
Marek Marczykowski-Górecki
4449d51d98
udev: prevent race with kpartx -d
...
udevd calls (internal) blkid, which opens the device, so kpartx -d
cannot remove it.
2015-02-01 04:05:05 +01:00
Marek Marczykowski-Górecki
a28e6e1044
appmenus: call kbuildsycoca4 only once after template update ( #886 )
2015-01-30 01:57:19 +01:00
Marek Marczykowski-Górecki
04770e4037
version 3.0.0
2014-11-22 16:24:11 +01:00
Marek Marczykowski-Górecki
af66472c36
rpm: add missing vchan-devel build requires
2014-11-19 15:23:10 +01:00
Marek Marczykowski-Górecki
1d017449d0
qrexec: fix compile warnings
2014-11-19 15:23:10 +01:00
Marek Marczykowski-Górecki
6efbbb88da
qrexec: new protocol - direct data vchan connections
2014-11-19 15:23:10 +01:00
Marek Marczykowski-Górecki
0ba692c85a
code style: change tabs to spaces
2014-11-19 15:21:42 +01:00
Marek Marczykowski-Górecki
6e47f12118
Revert "qrexec: fix deadlock in qrexec-client"
...
This reverts commit 79abec9038
.
The problem will not be applicable in new protocol, where vchan
connection is directly between VMs, so there is no longer two connected
qrexec-clients - always one end of data flow in qrexec-client is vchan,
which provide information about amount of data to read or buffer
space to write (lack of the later in case of pipes was a cause of the
original problem).
2014-11-19 15:21:42 +01:00
Marek Marczykowski-Górecki
9a1c071f40
qrexec-policy: remove trailing spaces
2014-11-19 15:21:42 +01:00
Marek Marczykowski-Górecki
29d94c6478
dracut: change the way to include ehci-pci module
...
Apparently add_drivers doesn't work. Looking at kernel-modules dracut
code, it can only be used for block-device driver and only makes sense
in --host-only mode.
So add additional module, which unconditionally install kernel modules.
2014-11-19 15:21:42 +01:00
Marek Marczykowski-Górecki
76e3a34e7c
dracut: include ehci-pci module in initramfs image
...
In recent kernel releases this additional module is required
to support USB 2.0 controllers.
2014-11-19 15:21:41 +01:00
Marek Marczykowski
0eaae9790c
Use QubesVMMConnection object
...
Introduced in core-admin:
af521bd Wrap all VMM connection related object into QubesVMMConnection
class
2014-11-19 15:21:41 +01:00
Marek Marczykowski
43770dae36
qrexec: handle vchan connect errors
2014-11-19 15:21:41 +01:00
Marek Marczykowski
d08831cc7e
qrexec: get domain name from cmdline
...
libvchan_get_domain_name will be removed
2014-11-19 15:21:41 +01:00
Marek Marczykowski
6d2755abe6
Use libvirt in qrexec-policy
...
Import connection for core qubes module.
2014-11-19 15:21:41 +01:00
Marek Marczykowski
7bdf7b3f36
use domain name in error messages and log file name
...
Should be much more convenient than XID.
2014-11-19 15:21:41 +01:00
Marek Marczykowski
9215c09656
update for new vchan API
2014-11-19 15:21:40 +01:00
Marek Marczykowski-Górecki
8f2a03e672
rpm: fix permissions of /etc/qubes-rpc{,/policy}
...
Group qubes should have write right there.
2014-10-30 06:40:34 +01:00
Marek Marczykowski-Górecki
28dfdddc0e
Minor fixes in messages
2014-10-28 05:28:13 +01:00
Marek Marczykowski-Górecki
be43682df1
version 2.0.24
2014-10-25 01:47:13 +02:00
Marek Marczykowski-Górecki
6cca9a377f
qrexec: add -q option to silence "Waiting for VM's qrexec agent" message
2014-10-24 22:03:46 +02:00
Marek Marczykowski-Górecki
1e8b3ea876
rpm: do not save removed udev script
...
As Qubes dom0 is standalone system, not an addon to Fedora (for some
time...), we do not longer need to save such scripts to handle
package remove.
2014-09-30 23:51:10 +02:00
Marek Marczykowski-Górecki
40178a161e
appmenus: mute output when verbose=False
2014-09-18 07:46:00 +02:00
Marek Marczykowski-Górecki
a0eda3023f
version 2.0.23
2014-09-09 22:29:31 +02:00
Marek Marczykowski-Górecki
4758fc1781
appmenus: create apps.tempicons directory if missing ( #896 )
2014-09-09 02:13:08 +02:00
Joanna Rutkowska
808d63c6b6
version 2.0.22
2014-07-12 14:02:46 +02:00
Joanna Rutkowska
df0db675f2
Merge branch 'master' of http://git.woju.eu/qubes/core-admin-linux
2014-07-12 14:01:58 +02:00
Wojciech Zygmunt Porczyk
0f7730c2e3
appmenus: use new label icons
2014-07-10 16:28:05 +02:00
Joanna Rutkowska
5e101ea389
version 2.0.21
2014-07-06 13:44:54 +02:00
Marek Marczykowski-Górecki
9687180a62
udev: prevent dom0 processes from accessing templates root image
2014-07-04 04:29:31 +02:00
Marek Marczykowski-Górecki
7bfa26bd2f
version 2.0.20
2014-07-01 03:47:12 +02:00
Marek Marczykowski-Górecki
79abec9038
qrexec: fix deadlock in qrexec-client
...
When VM-VM qrexec service is called, two qrexec-clients are connected in
dom0. If both VMs are sending data simultaneously it can happen that
both qrexec-client processes will call write(2) and none of them will be
reading -> deadlock.
Solve it by handling I/O in two separate threads (one for reading from
VM, another for writing), at any time qrexec-client is ready to accept
data from either direction.
2014-07-01 03:24:46 +02:00
Marek Marczykowski-Górecki
6ab53c9456
version 2.0.19
2014-06-30 16:17:23 +02:00
Marek Marczykowski-Górecki
a74b69ce08
dom0-updates: ensure that metadata are available to normal user
2014-06-30 16:16:59 +02:00
Marek Marczykowski-Górecki
a013cb3eca
dom0-updates: call "apper --updates" to go directly to updates tab
2014-06-30 16:16:08 +02:00
Marek Marczykowski-Górecki
8627ef9a80
dom0-updates: use GUI tool appropriate to current DE ( #824 )
2014-06-29 22:02:00 +02:00
Marek Marczykowski-Górecki
d63c27f79a
version 2.0.18
2014-06-18 00:37:05 +02:00
Marek Marczykowski-Górecki
5af0530e8d
udev: prevent VM disks content from being accessed by dom0 processes
...
To not expose dom0 processes like blkid for attacks from VM (e.g. by
placing malicious filesystem header in private.img).
2014-06-11 02:41:20 +02:00
Marek Marczykowski-Górecki
c443264fae
dom0-updates: move GUI notification to qubes-manager ( #824 )
...
It is hard to get user session D-Bus address from outside of session. In
some cases there are even multiple dbus-daemon instances of the same
user...
2014-06-10 01:14:15 +02:00
Marek Marczykowski-Górecki
b8bd6e2d49
Additional options to hide PCI devices from dom0 ( #861 )
2014-05-29 05:12:42 +02:00
Marek Marczykowski-Górecki
9a206a5c4e
version 2.0.17
2014-05-23 02:43:49 +02:00
Wojciech Zygmunt Porczyk
66234f41ee
regexp fixes and validation ( #829 )
2014-05-19 13:36:02 +02:00
Wojciech Zygmunt Porczyk
38b1845e97
Merge branch 'master' of git://git.qubes-os.org/marmarek/core-admin-linux
2014-05-19 12:28:10 +02:00
Marek Marczykowski-Górecki
a7c43e6148
dom0-updates: clean local repo when --clean given
2014-05-12 00:30:48 +02:00
Marek Marczykowski-Górecki
15207dadcc
doc: mention yum opts in qubes-dom0-update manual page
2014-05-11 17:49:52 +02:00
Wojciech Zygmunt Porczyk
df7e67784a
qubes-receive-appmenus: filter categories
...
Allow only whitelisted categories, specified in freedesktop.org
"Desktop Menu Specification" 1.1-draft.
http://standards.freedesktop.org/menu-spec/latest/apa.html
2014-05-08 11:40:45 +02:00
Marek Marczykowski-Górecki
c5129a04e0
Merge branch 'master' of http://git.woju.eu/qubes/core-admin-linux
2014-05-07 15:22:07 +02:00