qubes-core-admin-linux

Author	SHA1	Message	Date
Jean-Philippe Ouellet	be1d984364	Mitigate GUI DoS (part 2: qvm-xkill) Can close windows of a VM while it's paused, and can not accidentally harm dom0 by errant clicking. Discussion in https://github.com/QubesOS/qubes-issues/issues/881 Thanks to rustybird for suggested implementation.	2016-11-26 21:59:16 -05:00
Marek Marczykowski-Górecki	73ba5f805b	version 3.2.10	2016-11-18 03:17:29 +01:00
Marek Marczykowski-Górecki	981a11cee1	qrexec: really do not match 'dom0' at '$anyvm', as documented Design documentation says: 'note string dom0 does not match the $anyvm pattern; all other names do' This behaviour was broken, because 'is not' in python isn't the same as string comparison. In theory this could result in some service erroneously allowed to execute in dom0, but in practice such services are not installed in dom0 at all, so the only impact was misleading error message. Fixes QubesOS/qubes-issues#2031 Reported by @Jeeppler	2016-11-18 02:51:25 +01:00
Jean-Philippe Ouellet	9b7667c3a5	Ignore EFI boot args when parsing for filename I need to set some flags in order to boot as described here: https://www.qubes-os.org/doc/uefi-troubleshooting/ My settings look like this: $ efibootmgr -v BootCurrent: 0000 Boot0000* Qubes HD(...)/File(\EFI\qubes\xen.efi)p.l.a.c.e.h.o... which causes awk to get confused and think my $EFI_DIR should be: /EFI/qubesp.l.a.c.e.h.o.l.d.e.r. ./.m.a.p.b.s. ./.n.o.e.x.i.t.b.o.o.t. This causes the script to later bail: if [ ! -d "$EFI_DIR" ]; then # non-EFI system exit 0; fi So my xen.cfg did not get new entries when installing dom0 kernel packages.	2016-11-11 16:22:23 -05:00
Marek Marczykowski-Górecki	c73dcd2786	Merge remote-tracking branch 'qubesos/pr/12' * qubesos/pr/12: Keep Makefile DRY	2016-11-11 14:24:48 +01:00
Jean-Philippe Ouellet	e24f3535ff	Keep Makefile DRY	2016-11-10 06:42:39 -05:00
Marek Marczykowski-Górecki	35d32aa3d7	version 3.2.9	2016-10-31 14:18:21 +01:00
Marek Marczykowski-Górecki	610902a5c1	Revert "qrexec: fix "yes to all" for qrexec calls with custom argument" Do not copy policy file at arbitrary time. This reverts commit `1dff6361b7`.	2016-10-31 14:17:54 +01:00
Marek Marczykowski-Górecki	c15841c828	version 3.2.8	2016-10-30 21:32:21 +01:00
Marek Marczykowski-Górecki	1dff6361b7	qrexec: fix "yes to all" for qrexec calls with custom argument If argument-specific policy file do not exists, create one based on generic one. Fixes QubesOS/qubes-issues#2403 Reported by @Rudd-O	2016-10-28 13:28:04 +02:00
Marek Marczykowski-Górecki	2768b22494	version 3.2.7	2016-10-03 11:50:07 +02:00
Marek Marczykowski-Górecki	875866c3c0	Merge remote-tracking branch 'qubesos/pr/11' * qubesos/pr/11: qubes-dom0-update: Show sync and download progress	2016-10-03 11:49:43 +02:00
Marek Marczykowski-Górecki	34ed18527b	Merge branch 'bug1676' * bug1676: install-kernel: handle custom EFI directory	2016-10-03 11:48:19 +02:00
Rusty Bird	be30203d81	qubes-dom0-update: Show sync and download progress Use "script" (part of util-linux) to fake a dumb terminal in the updatevm, so dnf will show sync and download progress indicators.	2016-09-05 13:57:07 +00:00
Marek Marczykowski-Górecki	1cee27275e	version 3.2.6	2016-08-31 13:14:55 +02:00
Rusty Bird	c7ad14320f	qrexec-client: Also allow the bell character	2016-08-17 13:10:13 +00:00
Rusty Bird	e005836286	qrexec-client: Filter terminal output much more strictly qrexec-client -t/-T (and therefore, qvm-run --pass-io) only handled the escape character, \033. Everything else, such as Unicode and obscure control characters, was passed through from the VM to the dom0 terminal. Instead, replace all bytes except for a benign subset of ASCII. That's still enough to allow progress bars to be drawn (tested using "wget --progress=bar:force" and "pv --force").	2016-08-17 02:41:38 +02:00
Marek Marczykowski-Górecki	37f92396c4	install-kernel: handle custom EFI directory Fixes QubesOS/qubes-issues#1676	2016-07-21 14:16:52 +02:00
Marek Marczykowski-Górecki	769e70e76a	version 3.2.5	2016-07-17 04:57:35 +02:00
Marek Marczykowski-Górecki	db32b65d81	appmenus: add xterm in Disposable VM menu entry Fixes QubesOS/qubes-issues#1612	2016-07-17 00:00:47 +02:00
Marek Marczykowski-Górecki	7080c0371d	appmenus: force X-Qubes-VM category for all VM-related entries This will ease filtering entries when constructing applications menu. For example '<OnlyUnallocated/>' key used in Xfce4 before looks to introduce some problems. Fixes QubesOS/qubes-issues#2129	2016-07-15 11:31:27 +02:00
Marek Marczykowski-Górecki	e90c8a97ff	appmenus: fix detection of desktop environment In Fedora 23-based dom0, DESKTOP_SESSION environment contains full path to session file, instead of just basename. QubesOS/qubes-issues#1606	2016-07-14 04:32:16 +02:00
Marek Marczykowski-Górecki	6cd45f88c5	Merge remote-tracking branch 'qubesos/pr/8' * qubesos/pr/8: Don't probe disk contents of loop* or xvd* Copy unmodified(!) 60-persistent-storage.rules from Fedora 23	2016-06-26 22:03:18 +02:00
Rusty Bird	fe6846d5eb	Add AEM services to 75-qubes-dom0.preset They will only start if booted with rd.antievilmaid anyway.	2016-06-26 15:17:38 +00:00
Rusty Bird	ae7656e348	Don't probe disk contents of loop* or xvd* Adds a standalone rule to the very top of 60-persistent-storage.rules.	2016-06-26 12:51:20 +00:00
Rusty Bird	e85363da20	Copy unmodified(!) 60-persistent-storage.rules from Fedora 23	2016-06-26 12:36:31 +00:00
Marek Marczykowski-Górecki	db8aa6cf15	version 3.2.4	2016-06-24 23:07:32 +02:00
Marek Marczykowski-Górecki	d9b37eec6c	dom0-updates: whitespace fixes	2016-06-24 02:24:52 +02:00
Marek Marczykowski-Górecki	3eed63b892	Merge remote-tracking branch 'ttasket/ttasket-patch-3' Fixes QubesOS/qubes-issues#2061 * ttasket/ttasket-patch-3: Fixes Re-create private.img if missing Try to handle private.img (fail) Fix syntax Backup root.img Update qubes-dom0-update Backup root.img Backup root.img Support in-place template reinstalls - for testing Add template reinstall support	2016-06-24 02:22:45 +02:00
ttasket	fbb58918af	Fixes Moved create private.img before yum. Shutdown templatevm first -- don't want to query possibly compromised vm running old private.img. Issue #2061	2016-06-21 15:15:34 -04:00
ttasket	ef1ab34234	Re-create private.img if missing This restores the netvm setting and also re-creates private.img if older rpm scriptlet doesn't create it. Issue #2061	2016-06-21 10:57:57 -04:00
ttasket	577944c8fb	Try to handle private.img (fail) mv and rm private.img like root.img, but this results in no private.img after reinstall. do not use.	2016-06-20 14:04:55 -04:00
ttasket	457b275800	Fix syntax @marmarek This works on my system.	2016-06-20 13:36:30 -04:00
ttasket	32a4269f4a	Backup root.img Just in case template %post scriptlet doesn't unlink during reinstall, or if reinstall fails. Also preserves Netvm prefs setting.	2016-06-18 12:00:00 -04:00
ttasket	d316624f61	Update qubes-dom0-update	2016-06-18 05:24:18 -04:00
ttasket	8c7a225070	Backup root.img Just in case template %post scriptlet doesn't unlink during reinstall, or if reinstall fails. Fixed PKGS test.	2016-06-18 04:22:23 -04:00
ttasket	6c7c25d9e7	Backup root.img Just in case template %post scriptlet doesn't unlink during reinstall, or if reinstall fails.	2016-06-18 03:02:46 -04:00
ttasket	17627cdf3c	Support in-place template reinstalls - for testing This doesn't yet prevent appvms from starting with invalid template during the reinstall, and doesn't deal with the Netvm setting problem. For issue #2061	2016-06-16 07:59:28 -04:00
ttasket	6b315b1dad	Add template reinstall support Issue #2061 Simple implementation checks for --action=reinstall but adds no sanity checks.	2016-06-12 12:05:28 -04:00
Marek Marczykowski-Górecki	30aac6b6a8	version 3.2.3	2016-06-07 06:13:07 +02:00
Marek Marczykowski-Górecki	60488d4439	system-config: add systemd-preset configuration Fixes QubesOS/qubes-issues#2049	2016-06-06 02:22:58 +02:00
Marek Marczykowski-Górecki	4d4e7cc5e9	kernel-install: do not add kernel entry if already present The entry may be already present for example when reinstalling package, or calling the script multiple times (which apparently is the case during system installation).	2016-06-03 20:51:18 +02:00
Marek Marczykowski-Górecki	dc9e3c9c11	travis: initial version QubesOS/qubes-issues#1926	2016-06-03 20:23:10 +02:00
Marek Marczykowski-Górecki	01f357ae3a	dom0-updates: patch dnf.conf to use local repository Add the same options as for yum. And do that with nice markers, instead of forcefully overriding the entries. QubesOS/qubes-issues#1807	2016-06-03 20:21:04 +02:00
Marek Marczykowski-Górecki	21bec492e8	qrexec: add service argument support Fixes QubesOS/qubes-issues#1876 Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>	2016-05-19 15:39:08 +02:00
Marek Marczykowski-Górecki	c629529565	qrexec: prefer VM-local service file (if present) over default one This will allow a service to be overridden per-VM. Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>	2016-05-19 15:39:08 +02:00
Wojtek Porczyk	c4cf6b646b	qubes-rpc-multiplexer: deprecate /etc/qubes_rpc, allow /usr/local /usr/local resides in private.img, so it is possible to define per-appvm RPC Also, with the upcoming 3.0 release support for old (R1) paths is removed. Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>	2016-05-19 15:39:08 +02:00
Marek Marczykowski-Górecki	f8d23d0d64	qrexec: execute RPC service directly (without a shell) if it has executable bit set This will allow to use some different shell/language for a service (for example python). Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>	2016-05-19 15:39:07 +02:00
Marek Marczykowski-Górecki	7b582e0339	qrexec: do not leak FDs to logger process This would prevent qrexec from detecting EOF. Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>	2016-05-19 15:39:07 +02:00
Marek Marczykowski-Górecki	888db2f7cf	version 3.2.2	2016-05-18 02:32:23 +02:00

1 2 3 4 5 ...

345 Commits