Marek Marczykowski-Górecki
a7910fab71
qrexec: deny spaces in service domain name
...
Fixes QubesOS/qubes-issues#1877
(cherry picked from commit ad28f4df62
)
8 years ago
Marek Marczykowski-Górecki
3f29b411d0
qrexec: do not send spurious MSG_SERVICE_REFUSED
...
This causes closing connection (FD) to still alive client.
Fixes qubesos/qubes-issues#993
10 years ago
Marek Marczykowski-Górecki
b07475efea
qrexec: make the log writable by qubes group
...
Otherwise if VM was started as root, it will never start as normal user
again.
10 years ago
Marek Marczykowski-Górecki
d031126737
Add "--" to separate options from (untrusted) non-options arguments
...
This will prevent passing an option instead of command (qvm-run) /
domain name (qrexec-policy). In both cases when VM tries to pass some
option it would fail because missing argument then - VM can not pass
additional arguments, so if one act as an option, one argument will be
missing).
10 years ago
Marek Marczykowski-Górecki
1d017449d0
qrexec: fix compile warnings
10 years ago
Marek Marczykowski-Górecki
6efbbb88da
qrexec: new protocol - direct data vchan connections
10 years ago
Marek Marczykowski-Górecki
0ba692c85a
code style: change tabs to spaces
10 years ago
Marek Marczykowski
43770dae36
qrexec: handle vchan connect errors
10 years ago
Marek Marczykowski
d08831cc7e
qrexec: get domain name from cmdline
...
libvchan_get_domain_name will be removed
10 years ago
Marek Marczykowski
7bdf7b3f36
use domain name in error messages and log file name
...
Should be much more convenient than XID.
10 years ago
Marek Marczykowski
9215c09656
update for new vchan API
10 years ago
Marek Marczykowski-Górecki
6cca9a377f
qrexec: add -q option to silence "Waiting for VM's qrexec agent" message
10 years ago
Marek Marczykowski-Górecki
3f9cbe63b8
qrexec: use proper unsigned type instead of muting compiler warning
11 years ago
Vincent Penquerc'h
36c8885ff2
Fix some potential aliasing issues
11 years ago
Marek Marczykowski-Górecki
aa0fda1984
Fix -Wextra warnings
11 years ago
Marek Marczykowski-Górecki
f77e2d656d
qrexec: remove dialog box in case of connect timeout ( #790 )
...
Instead exit with failure (keeping child process for further connect
retries) and let the core/user decide what to do.
11 years ago
Marek Marczykowski-Górecki
c03a37f2bf
qrexec: remove socket at daemon exit
11 years ago
Vincent Penquerc'h
4a81560536
qrexec-daemon: check symlink success
11 years ago
Vincent Penquerc'h
63c46b2f8c
qrexec-daemon: add a few consts where appropriate
11 years ago
Vincent Penquerc'h
951e51d274
core-admin-linux: misc const/etc fixups
11 years ago
Vincent Penquerc'h
771be64912
qrexec-daemon: fix read underflow when the last fd goes
...
If no remaining fd is alive in the list, the loop breaks when i
is negative, but by then clients[-1] would have been dereferenced.
11 years ago
Vincent Penquerc'h
bac950c5ce
qrexec-daemon: check we really did drop root privileges
...
and drop group privileges too while we're at it
11 years ago
Vincent Penquerc'h
5e4e1fe6ac
qrexec-daemon: fix pathological break-out-of-wait-loop
...
If the timeout is 1, attempting to retry would not actually retry,
since i would be incremented just after being reset to 0, and would
thus break out of the loop.
11 years ago
Vincent Penquerc'h
e88faee9dd
qrexec-daemon: reject negative timeouts
11 years ago
Vincent Penquerc'h
259d7aaf78
qrexec-daemon: use fully qualified path to kdialog/zenity
11 years ago
Vincent Penquerc'h
67f27bd94f
qrexec-daemon: make children_count volatile
...
It's decremented in a signal handler
11 years ago
Marek Marczykowski-Górecki
ce971eaa54
qrexec: don't wait indefinitely if the daemon startup failed
...
Count started children and if the last one exits before getting SIGUSR1
(confirmation of successful daemon startup) report failure.
11 years ago
Marek Marczykowski-Górecki
19e7663928
qrexec-daemon: optionally don't wait for connection to the VM
...
Will be used to keep qrexec-daemon running in the background even if no
qrexec-agent installed (yet). Specifically to give the VM a chance to
inform about just installed agent.
11 years ago
Marek Marczykowski-Górecki
72b528ddd1
Revert "rpm: fix policy/qubes.SyncAppMenus name"
...
This reverts commit de087e9b8d
.
Mangled two changes together.
11 years ago
Marek Marczykowski-Górecki
de087e9b8d
rpm: fix policy/qubes.SyncAppMenus name
11 years ago
Marek Marczykowski-Górecki
28aa4d992f
qrexec: display VM name in connect timeout message ( #723 )
...
Now it is possible, as we have domain name from cmdline.
11 years ago
Marek Marczykowski-Górecki
c92bc0a05c
qrexec: use VM name in log filename
11 years ago
Marek Marczykowski
cf8959dbfe
qrexec: get domain name from cmdline
...
libvchan_get_domain_name will be removed
11 years ago
Marek Marczykowski
158bfff3cf
Add qrexec back, use qubes-utils libraries for common code
12 years ago