QubesOS/qubes-core-admin-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
472 Commits 8 Branches 294 Tags 2.8 MiB
7c1cad00b0
Commit Graph

6 Commits

Author SHA1 Message Date
Rusty Bird
629d02948f
Don't let udev parse 'file' driver .img anywhere 2018-01-19 18:04:56 +01:00
Marek Marczykowski-Górecki
5c84a0be92
udev: don't exclude loop devices pointing outside of /var/lib/qubes 
Generally list loop devices in qvm-block, but exclude only those
pointing at files in /var/lib/qubes (VM disk images).

Fixes QubesOS/qubes-issues#3084
 2017-09-12 04:22:25 +02:00
Rusty Bird
6c8df74b7f
Get rid of forked f23 60-persistent-storage.rules 
Use UDEV_DISABLE_PERSISTENT_STORAGE_RULES_FLAG instead, which is
available since systemd 231.

- Do not merge to branches where dom0 is older than Fedora 25 -
 2017-05-18 01:42:08 +00:00
Marek Marczykowski-Górecki
4449d51d98 udev: prevent race with kpartx -d 
udevd calls (internal) blkid, which opens the device, so kpartx -d
cannot remove it.
 2015-02-01 04:05:05 +01:00
Marek Marczykowski-Górecki
9687180a62 udev: prevent dom0 processes from accessing templates root image 2014-07-04 04:29:31 +02:00
Marek Marczykowski-Górecki
5af0530e8d udev: prevent VM disks content from being accessed by dom0 processes 
To not expose dom0 processes like blkid for attacks from VM (e.g. by
placing malicious filesystem header in private.img).
 2014-06-11 02:41:20 +02:00