Rusty Bird
6c8df74b7f
Get rid of forked f23 60-persistent-storage.rules
...
Use UDEV_DISABLE_PERSISTENT_STORAGE_RULES_FLAG instead, which is
available since systemd 231.
- Do not merge to branches where dom0 is older than Fedora 25 -
2017-05-18 01:42:08 +00:00
Marek Marczykowski-Górecki
ad2a976924
Merge branch 'core3-devel'
2017-05-18 01:26:20 +02:00
Marek Marczykowski-Górecki
83308758f0
systemd: enable qubesd.service
2017-05-17 13:54:36 +02:00
Jean-Philippe Ouellet
9b7667c3a5
Ignore EFI boot args when parsing for filename
...
I need to set some flags in order to boot as described here:
https://www.qubes-os.org/doc/uefi-troubleshooting/
My settings look like this:
$ efibootmgr -v
BootCurrent: 0000
Boot0000* Qubes HD(...)/File(\EFI\qubes\xen.efi)p.l.a.c.e.h.o...
which causes awk to get confused and think my $EFI_DIR should be:
/EFI/qubesp.l.a.c.e.h.o.l.d.e.r. ./.m.a.p.b.s. ./.n.o.e.x.i.t.b.o.o.t.
This causes the script to later bail:
if [ ! -d "$EFI_DIR" ]; then
# non-EFI system
exit 0;
fi
So my xen.cfg did not get new entries when installing dom0 kernel packages.
2016-11-11 16:22:23 -05:00
Marek Marczykowski-Górecki
daf1fd4759
systemd: enable xen-init-dom0.service
...
This is the right upstream service to init dom0 entries. Instead of our
own script.
2016-08-08 01:15:56 +02:00
Marek Marczykowski-Górecki
37f92396c4
install-kernel: handle custom EFI directory
...
Fixes QubesOS/qubes-issues#1676
2016-07-21 14:16:52 +02:00
Marek Marczykowski-Górecki
6cd45f88c5
Merge remote-tracking branch 'qubesos/pr/8'
...
* qubesos/pr/8:
Don't probe disk contents of loop* or xvd*
Copy unmodified(!) 60-persistent-storage.rules from Fedora 23
2016-06-26 22:03:18 +02:00
Rusty Bird
fe6846d5eb
Add AEM services to 75-qubes-dom0.preset
...
They will only start if booted with rd.antievilmaid anyway.
2016-06-26 15:17:38 +00:00
Rusty Bird
ae7656e348
Don't probe disk contents of loop* or xvd*
...
Adds a standalone rule to the very top of 60-persistent-storage.rules.
2016-06-26 12:51:20 +00:00
Rusty Bird
e85363da20
Copy unmodified(!) 60-persistent-storage.rules from Fedora 23
2016-06-26 12:36:31 +00:00
Marek Marczykowski-Górecki
60488d4439
system-config: add systemd-preset configuration
...
Fixes QubesOS/qubes-issues#2049
2016-06-06 02:22:58 +02:00
Marek Marczykowski-Górecki
4d4e7cc5e9
kernel-install: do not add kernel entry if already present
...
The entry may be already present for example when reinstalling package,
or calling the script multiple times (which apparently is the case
during system installation).
2016-06-03 20:51:18 +02:00
Marek Marczykowski-Górecki
f7eaa7bec2
kernel-install: don't fail on kernel removal in non-EFI installs
...
In non-EFI installation /boot/efi/EFI/qubes may not exists. In this case
do not try to touch (non-existing) files there.
Fixes QubesOS/qubes-issues#1829
2016-05-15 11:19:18 +02:00
Marek Marczykowski-Górecki
1430861c6b
kernel-install: (EFI) really install kernel image
...
Not only add it to the configuration.
Fixes QubesOS/qubes-issues#1492
2015-12-05 15:18:08 +01:00
Marek Marczykowski-Górecki
8a9d3de1ef
kernel-install: fix EFI dir path in xen.cfg generation script
...
Fixes QubesOS/qubes-issues#1492
2015-12-05 15:05:34 +01:00
Marek Marczykowski-Górecki
867baa7266
kernel-install: add new kernel to xen.cfg for xen.efi
...
QubesOS/qubes-issues#794
2015-09-26 03:56:16 +02:00
Marek Marczykowski-Górecki
0e733bd0de
kernel-install: call grub2-mkconfig only when it is installed
...
On systems booting with EFI, there is no grub2 installed at all - the
system is started directly to xen.efi.
2015-09-26 02:54:32 +02:00
Marek Marczykowski-Górecki
f795e58483
Undo 'Boot Loader Spec' by deleting /boot/MACHINE_ID
...
The specification doesn't cover how to boot Xen (or any other multiboot
binary), but the sole presence of such directory changes dracut default
path. So get rid of that directory.
2015-08-03 03:00:59 +02:00
Marek Marczykowski-Górecki
fddeb4a23c
Generate initramfs in kernel-install hook
...
The default one generates initramfs in location expected by Boot Loader
Specification, which as noted before, isn't useful for Qubes.
2015-07-12 01:54:53 +02:00
Marek Marczykowski-Górecki
2a14ae9c0b
Add kernel post-installation script to regenerate grub2 config
...
Since we now allow using Fedora kernel, add a script to generate proper
bootloader configuration then. Standard Fedora mechanism relies on
Boot Loader Specification support in grub2, which sadly does not support
Xen, so it is useless in Qubes.
2015-07-10 17:54:24 +02:00
Marek Marczykowski-Górecki
8acd40905d
Disable lesspipe in dom0
...
It can be dangerous when processing untrusted content (for example VM
logs).
Details:
https://groups.google.com/d/msgid/qubes-users/20150527215812.GA13915%40mail-itl
2015-06-25 02:37:29 +02:00
Marek Marczykowski-Górecki
c457b485cb
Load xen-acpi-processor module
...
It is required for cpufreq to work.
2015-04-10 17:56:58 +02:00
Marek Marczykowski-Górecki
5035fc7eed
Remove iptables config
...
Dom0 have no network at all, it isn't needed.
2015-03-31 22:55:25 +02:00
Marek Marczykowski-Górecki
4449d51d98
udev: prevent race with kpartx -d
...
udevd calls (internal) blkid, which opens the device, so kpartx -d
cannot remove it.
2015-02-01 04:05:05 +01:00
Marek Marczykowski-Górecki
9687180a62
udev: prevent dom0 processes from accessing templates root image
2014-07-04 04:29:31 +02:00
Marek Marczykowski-Górecki
5af0530e8d
udev: prevent VM disks content from being accessed by dom0 processes
...
To not expose dom0 processes like blkid for attacks from VM (e.g. by
placing malicious filesystem header in private.img).
2014-06-11 02:41:20 +02:00
Marek Marczykowski-Górecki
2c4aae132a
Use 'conntrack' iptables module instead of obsoleted 'state'
2014-04-04 11:30:55 +02:00
Marek Marczykowski
dbe9693851
Other Linux-specific files
2013-03-16 19:52:16 +01:00