Commit Graph

178 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
5645b4c307 qrexec: wait for remote exit code, even when both stdin/out are closed 2015-02-17 03:57:17 +01:00
Marek Marczykowski-Górecki
61eb2e7764 qrexec: fix handling of remote exit code 2015-02-11 16:11:38 +01:00
Marek Marczykowski-Górecki
d031126737 Add "--" to separate options from (untrusted) non-options arguments
This will prevent passing an option instead of command (qvm-run) /
domain name (qrexec-policy). In both cases when VM tries to pass some
option it would fail because missing argument then - VM can not pass
additional arguments, so if one act as an option, one argument will be
missing).
2015-02-10 01:57:33 +01:00
Marek Marczykowski-Górecki
4449d51d98 udev: prevent race with kpartx -d
udevd calls (internal) blkid, which opens the device, so kpartx -d
cannot remove it.
2015-02-01 04:05:05 +01:00
Marek Marczykowski-Górecki
a28e6e1044 appmenus: call kbuildsycoca4 only once after template update (#886) 2015-01-30 01:57:19 +01:00
Marek Marczykowski-Górecki
04770e4037 version 3.0.0 2014-11-22 16:24:11 +01:00
Marek Marczykowski-Górecki
af66472c36 rpm: add missing vchan-devel build requires 2014-11-19 15:23:10 +01:00
Marek Marczykowski-Górecki
1d017449d0 qrexec: fix compile warnings 2014-11-19 15:23:10 +01:00
Marek Marczykowski-Górecki
6efbbb88da qrexec: new protocol - direct data vchan connections 2014-11-19 15:23:10 +01:00
Marek Marczykowski-Górecki
0ba692c85a code style: change tabs to spaces 2014-11-19 15:21:42 +01:00
Marek Marczykowski-Górecki
6e47f12118 Revert "qrexec: fix deadlock in qrexec-client"
This reverts commit 79abec9038.

The problem will not be applicable in new protocol, where vchan
connection is directly between VMs, so there is no longer two connected
qrexec-clients - always one end of data flow in qrexec-client is vchan,
which provide information about amount of data to read or buffer
space to write (lack of the later in case of pipes was a cause of the
original problem).
2014-11-19 15:21:42 +01:00
Marek Marczykowski-Górecki
9a1c071f40 qrexec-policy: remove trailing spaces 2014-11-19 15:21:42 +01:00
Marek Marczykowski-Górecki
29d94c6478 dracut: change the way to include ehci-pci module
Apparently add_drivers doesn't work. Looking at kernel-modules dracut
code, it can only be used for block-device driver and only makes sense
in --host-only mode.
So add additional module, which unconditionally install kernel modules.
2014-11-19 15:21:42 +01:00
Marek Marczykowski-Górecki
76e3a34e7c dracut: include ehci-pci module in initramfs image
In recent kernel releases this additional module is required
to support USB 2.0 controllers.
2014-11-19 15:21:41 +01:00
Marek Marczykowski
0eaae9790c Use QubesVMMConnection object
Introduced in core-admin:
af521bd Wrap all VMM connection related object into QubesVMMConnection
class
2014-11-19 15:21:41 +01:00
Marek Marczykowski
43770dae36 qrexec: handle vchan connect errors 2014-11-19 15:21:41 +01:00
Marek Marczykowski
d08831cc7e qrexec: get domain name from cmdline
libvchan_get_domain_name will be removed
2014-11-19 15:21:41 +01:00
Marek Marczykowski
6d2755abe6 Use libvirt in qrexec-policy
Import connection for core qubes module.
2014-11-19 15:21:41 +01:00
Marek Marczykowski
7bdf7b3f36 use domain name in error messages and log file name
Should be much more convenient than XID.
2014-11-19 15:21:41 +01:00
Marek Marczykowski
9215c09656 update for new vchan API 2014-11-19 15:21:40 +01:00
Marek Marczykowski-Górecki
8f2a03e672 rpm: fix permissions of /etc/qubes-rpc{,/policy}
Group qubes should have write right there.
2014-10-30 06:40:34 +01:00
Marek Marczykowski-Górecki
28dfdddc0e Minor fixes in messages 2014-10-28 05:28:13 +01:00
Marek Marczykowski-Górecki
be43682df1 version 2.0.24 2014-10-25 01:47:13 +02:00
Marek Marczykowski-Górecki
6cca9a377f qrexec: add -q option to silence "Waiting for VM's qrexec agent" message 2014-10-24 22:03:46 +02:00
Marek Marczykowski-Górecki
1e8b3ea876 rpm: do not save removed udev script
As Qubes dom0 is standalone system, not an addon to Fedora (for some
time...), we do not longer need to save such scripts to handle
package remove.
2014-09-30 23:51:10 +02:00
Marek Marczykowski-Górecki
40178a161e appmenus: mute output when verbose=False 2014-09-18 07:46:00 +02:00
Marek Marczykowski-Górecki
a0eda3023f version 2.0.23 2014-09-09 22:29:31 +02:00
Marek Marczykowski-Górecki
4758fc1781 appmenus: create apps.tempicons directory if missing (#896) 2014-09-09 02:13:08 +02:00
Joanna Rutkowska
808d63c6b6 version 2.0.22 2014-07-12 14:02:46 +02:00
Joanna Rutkowska
df0db675f2 Merge branch 'master' of http://git.woju.eu/qubes/core-admin-linux 2014-07-12 14:01:58 +02:00
Wojciech Zygmunt Porczyk
0f7730c2e3 appmenus: use new label icons 2014-07-10 16:28:05 +02:00
Joanna Rutkowska
5e101ea389 version 2.0.21 2014-07-06 13:44:54 +02:00
Marek Marczykowski-Górecki
9687180a62 udev: prevent dom0 processes from accessing templates root image 2014-07-04 04:29:31 +02:00
Marek Marczykowski-Górecki
7bfa26bd2f version 2.0.20 2014-07-01 03:47:12 +02:00
Marek Marczykowski-Górecki
79abec9038 qrexec: fix deadlock in qrexec-client
When VM-VM qrexec service is called, two qrexec-clients are connected in
dom0. If both VMs are sending data simultaneously it can happen that
both qrexec-client processes will call write(2) and none of them will be
reading -> deadlock.
Solve it by handling I/O in two separate threads (one for reading from
VM, another for writing), at any time qrexec-client is ready to accept
data from either direction.
2014-07-01 03:24:46 +02:00
Marek Marczykowski-Górecki
6ab53c9456 version 2.0.19 2014-06-30 16:17:23 +02:00
Marek Marczykowski-Górecki
a74b69ce08 dom0-updates: ensure that metadata are available to normal user 2014-06-30 16:16:59 +02:00
Marek Marczykowski-Górecki
a013cb3eca dom0-updates: call "apper --updates" to go directly to updates tab 2014-06-30 16:16:08 +02:00
Marek Marczykowski-Górecki
8627ef9a80 dom0-updates: use GUI tool appropriate to current DE (#824) 2014-06-29 22:02:00 +02:00
Marek Marczykowski-Górecki
d63c27f79a version 2.0.18 2014-06-18 00:37:05 +02:00
Marek Marczykowski-Górecki
5af0530e8d udev: prevent VM disks content from being accessed by dom0 processes
To not expose dom0 processes like blkid for attacks from VM (e.g. by
placing malicious filesystem header in private.img).
2014-06-11 02:41:20 +02:00
Marek Marczykowski-Górecki
c443264fae dom0-updates: move GUI notification to qubes-manager (#824)
It is hard to get user session D-Bus address from outside of session. In
some cases there are even multiple dbus-daemon instances of the same
user...
2014-06-10 01:14:15 +02:00
Marek Marczykowski-Górecki
b8bd6e2d49 Additional options to hide PCI devices from dom0 (#861) 2014-05-29 05:12:42 +02:00
Marek Marczykowski-Górecki
9a206a5c4e version 2.0.17 2014-05-23 02:43:49 +02:00
Wojciech Zygmunt Porczyk
66234f41ee regexp fixes and validation (#829) 2014-05-19 13:36:02 +02:00
Wojciech Zygmunt Porczyk
38b1845e97 Merge branch 'master' of git://git.qubes-os.org/marmarek/core-admin-linux 2014-05-19 12:28:10 +02:00
Marek Marczykowski-Górecki
a7c43e6148 dom0-updates: clean local repo when --clean given 2014-05-12 00:30:48 +02:00
Marek Marczykowski-Górecki
15207dadcc doc: mention yum opts in qubes-dom0-update manual page 2014-05-11 17:49:52 +02:00
Wojciech Zygmunt Porczyk
df7e67784a qubes-receive-appmenus: filter categories
Allow only whitelisted categories, specified in freedesktop.org
"Desktop Menu Specification" 1.1-draft.

http://standards.freedesktop.org/menu-spec/latest/apa.html
2014-05-08 11:40:45 +02:00
Marek Marczykowski-Górecki
c5129a04e0 Merge branch 'master' of http://git.woju.eu/qubes/core-admin-linux 2014-05-07 15:22:07 +02:00