Marek Marczykowski-Górecki
51c736a92c
qrexec: enable compiler optimization
2015-03-20 12:16:28 +01:00
Marek Marczykowski-Górecki
18d079a99a
qrexec: fix compiler warnings
2015-03-20 12:16:19 +01:00
Marek Marczykowski-Górecki
b07475efea
qrexec: make the log writable by qubes group
...
Otherwise if VM was started as root, it will never start as normal user
again.
2015-03-20 03:06:06 +01:00
Marek Marczykowski-Górecki
04816e014b
qrexec: do not exit from qrexec-client until local process exit code is sent
2015-03-17 22:55:15 +01:00
Marek Marczykowski-Górecki
e76007fe20
qrexec: periodically check if remote domain/process still exists
2015-02-22 18:25:14 +01:00
Marek Marczykowski-Górecki
5645b4c307
qrexec: wait for remote exit code, even when both stdin/out are closed
2015-02-17 03:57:17 +01:00
Marek Marczykowski-Górecki
61eb2e7764
qrexec: fix handling of remote exit code
2015-02-11 16:11:38 +01:00
Marek Marczykowski-Górecki
d031126737
Add "--" to separate options from (untrusted) non-options arguments
...
This will prevent passing an option instead of command (qvm-run) /
domain name (qrexec-policy). In both cases when VM tries to pass some
option it would fail because missing argument then - VM can not pass
additional arguments, so if one act as an option, one argument will be
missing).
2015-02-10 01:57:33 +01:00
Marek Marczykowski-Górecki
1d017449d0
qrexec: fix compile warnings
2014-11-19 15:23:10 +01:00
Marek Marczykowski-Górecki
6efbbb88da
qrexec: new protocol - direct data vchan connections
2014-11-19 15:23:10 +01:00
Marek Marczykowski-Górecki
0ba692c85a
code style: change tabs to spaces
2014-11-19 15:21:42 +01:00
Marek Marczykowski-Górecki
6e47f12118
Revert "qrexec: fix deadlock in qrexec-client"
...
This reverts commit 79abec9038
.
The problem will not be applicable in new protocol, where vchan
connection is directly between VMs, so there is no longer two connected
qrexec-clients - always one end of data flow in qrexec-client is vchan,
which provide information about amount of data to read or buffer
space to write (lack of the later in case of pipes was a cause of the
original problem).
2014-11-19 15:21:42 +01:00
Marek Marczykowski-Górecki
9a1c071f40
qrexec-policy: remove trailing spaces
2014-11-19 15:21:42 +01:00
Marek Marczykowski
0eaae9790c
Use QubesVMMConnection object
...
Introduced in core-admin:
af521bd Wrap all VMM connection related object into QubesVMMConnection
class
2014-11-19 15:21:41 +01:00
Marek Marczykowski
43770dae36
qrexec: handle vchan connect errors
2014-11-19 15:21:41 +01:00
Marek Marczykowski
d08831cc7e
qrexec: get domain name from cmdline
...
libvchan_get_domain_name will be removed
2014-11-19 15:21:41 +01:00
Marek Marczykowski
6d2755abe6
Use libvirt in qrexec-policy
...
Import connection for core qubes module.
2014-11-19 15:21:41 +01:00
Marek Marczykowski
7bdf7b3f36
use domain name in error messages and log file name
...
Should be much more convenient than XID.
2014-11-19 15:21:41 +01:00
Marek Marczykowski
9215c09656
update for new vchan API
2014-11-19 15:21:40 +01:00
Marek Marczykowski-Górecki
28dfdddc0e
Minor fixes in messages
2014-10-28 05:28:13 +01:00
Marek Marczykowski-Górecki
6cca9a377f
qrexec: add -q option to silence "Waiting for VM's qrexec agent" message
2014-10-24 22:03:46 +02:00
Marek Marczykowski-Górecki
79abec9038
qrexec: fix deadlock in qrexec-client
...
When VM-VM qrexec service is called, two qrexec-clients are connected in
dom0. If both VMs are sending data simultaneously it can happen that
both qrexec-client processes will call write(2) and none of them will be
reading -> deadlock.
Solve it by handling I/O in two separate threads (one for reading from
VM, another for writing), at any time qrexec-client is ready to accept
data from either direction.
2014-07-01 03:24:46 +02:00
Marek Marczykowski-Górecki
9de6171a43
qubes-rpc: log (local) service output to syslog, discard stderr from VMs ( #842 )
...
Basically - store the logs where the service is running.
2014-05-05 05:27:08 +02:00
Marek Marczykowski-Górecki
0be6f8431f
qrexec: add support for filtering terminal escape chars
2014-04-15 03:12:53 +02:00
Marek Marczykowski-Górecki
3f9cbe63b8
qrexec: use proper unsigned type instead of muting compiler warning
2014-02-19 20:54:39 +01:00
Vincent Penquerc'h
36c8885ff2
Fix some potential aliasing issues
2014-02-16 11:44:30 +01:00
Marek Marczykowski-Górecki
2b95581928
Add -Wextra -Werror to all C compile flags
2014-02-16 10:29:22 +01:00
Marek Marczykowski-Górecki
aa0fda1984
Fix -Wextra warnings
2014-02-16 10:29:06 +01:00
Marek Marczykowski-Górecki
433a942bc3
qrexec: register callback for qrexec-lib
...
Now qrexec-lib do not use exported symbols of particular names, but
explicitly registered callbacks.
2014-02-07 05:35:24 +01:00
Marek Marczykowski-Górecki
f77e2d656d
qrexec: remove dialog box in case of connect timeout ( #790 )
...
Instead exit with failure (keeping child process for further connect
retries) and let the core/user decide what to do.
2014-02-05 03:31:47 +01:00
Marek Marczykowski-Górecki
c03a37f2bf
qrexec: remove socket at daemon exit
2014-02-04 23:27:04 +01:00
Vincent Penquerc'h
4a81560536
qrexec-daemon: check symlink success
2014-01-16 04:20:18 +01:00
Vincent Penquerc'h
63c46b2f8c
qrexec-daemon: add a few consts where appropriate
2014-01-16 04:20:18 +01:00
Vincent Penquerc'h
951e51d274
core-admin-linux: misc const/etc fixups
2014-01-06 17:54:47 +01:00
Vincent Penquerc'h
771be64912
qrexec-daemon: fix read underflow when the last fd goes
...
If no remaining fd is alive in the list, the loop breaks when i
is negative, but by then clients[-1] would have been dereferenced.
2014-01-06 17:54:47 +01:00
Vincent Penquerc'h
bac950c5ce
qrexec-daemon: check we really did drop root privileges
...
and drop group privileges too while we're at it
2014-01-06 17:54:46 +01:00
Vincent Penquerc'h
5e4e1fe6ac
qrexec-daemon: fix pathological break-out-of-wait-loop
...
If the timeout is 1, attempting to retry would not actually retry,
since i would be incremented just after being reset to 0, and would
thus break out of the loop.
2014-01-06 17:54:46 +01:00
Vincent Penquerc'h
e88faee9dd
qrexec-daemon: reject negative timeouts
2014-01-06 17:54:46 +01:00
Vincent Penquerc'h
259d7aaf78
qrexec-daemon: use fully qualified path to kdialog/zenity
2014-01-06 17:54:46 +01:00
Vincent Penquerc'h
67f27bd94f
qrexec-daemon: make children_count volatile
...
It's decremented in a signal handler
2014-01-06 17:54:46 +01:00
Vincent Penquerc'h
97c7c97420
qrexec-policy: warn if some data is ignored
...
Something like vm1 vm2 allow, user=foo would be 4 items,
and the user part would be ignored by the parser.
It might or might not be better to error out instead of
just warning, though...
2014-01-06 17:54:46 +01:00
Marek Marczykowski-Górecki
05390894be
Qrexec: log allowed RPC calls
2013-10-27 19:23:09 +01:00
Marek Marczykowski-Górecki
0ab5a89895
Minor whitespace fix
2013-10-27 19:22:47 +01:00
Marek Marczykowski-Górecki
ce971eaa54
qrexec: don't wait indefinitely if the daemon startup failed
...
Count started children and if the last one exits before getting SIGUSR1
(confirmation of successful daemon startup) report failure.
2013-10-27 17:19:43 +01:00
Marek Marczykowski-Górecki
19e7663928
qrexec-daemon: optionally don't wait for connection to the VM
...
Will be used to keep qrexec-daemon running in the background even if no
qrexec-agent installed (yet). Specifically to give the VM a chance to
inform about just installed agent.
2013-10-23 05:43:37 +02:00
Marek Marczykowski-Górecki
72b528ddd1
Revert "rpm: fix policy/qubes.SyncAppMenus name"
...
This reverts commit de087e9b8d
.
Mangled two changes together.
2013-10-23 05:39:46 +02:00
Marek Marczykowski-Górecki
de087e9b8d
rpm: fix policy/qubes.SyncAppMenus name
2013-10-23 00:25:50 +02:00
Marek Marczykowski-Górecki
28aa4d992f
qrexec: display VM name in connect timeout message ( #723 )
...
Now it is possible, as we have domain name from cmdline.
2013-10-18 03:47:58 +02:00
Marek Marczykowski-Górecki
c92bc0a05c
qrexec: use VM name in log filename
2013-10-18 02:27:46 +02:00
Marek Marczykowski
cf8959dbfe
qrexec: get domain name from cmdline
...
libvchan_get_domain_name will be removed
2013-10-18 02:26:54 +02:00