Jean-Philippe Ouellet
be1d984364
Mitigate GUI DoS (part 2: qvm-xkill)
...
Can close windows of a VM while it's paused, and can not accidentally
harm dom0 by errant clicking.
Discussion in https://github.com/QubesOS/qubes-issues/issues/881
Thanks to rustybird for suggested implementation.
2016-11-26 21:59:16 -05:00
Marek Marczykowski-Górecki
db32b65d81
appmenus: add xterm in Disposable VM menu entry
...
Fixes QubesOS/qubes-issues#1612
2016-07-17 00:00:47 +02:00
Marek Marczykowski-Górecki
60488d4439
system-config: add systemd-preset configuration
...
Fixes QubesOS/qubes-issues#2049
2016-06-06 02:22:58 +02:00
Marek Marczykowski-Górecki
01f357ae3a
dom0-updates: patch dnf.conf to use local repository
...
Add the same options as for yum. And do that with nice markers, instead
of forcefully overriding the entries.
QubesOS/qubes-issues#1807
2016-06-03 20:21:04 +02:00
Marek Marczykowski-Górecki
8f52c83f0b
Require new enough qubes-utils package for updated libqrexec-utils (again)
...
It is required for additional file-copy functions, moved from
core-agent-linux (qfile-agent).
QubesOS/qubes-issues#1324
2015-11-11 05:12:42 +01:00
Marek Marczykowski-Górecki
4e498c90e6
Implement qvm-copy-to-vm and qvm-move-to-vm utilities
...
QubesOS/qubes-issues#1324
2015-11-11 05:09:21 +01:00
Marek Marczykowski-Górecki
520e250966
Require new enough qubes-utils package for updated libqrexec-utils
...
Required by 0c288aa
"qrexec: implement buffered write to child stdin to
prevent deadlock"
2015-10-30 15:10:18 +01:00
Marek Marczykowski-Górecki
867baa7266
kernel-install: add new kernel to xen.cfg for xen.efi
...
QubesOS/qubes-issues#794
2015-09-26 03:56:16 +02:00
Marek Marczykowski-Górecki
f795e58483
Undo 'Boot Loader Spec' by deleting /boot/MACHINE_ID
...
The specification doesn't cover how to boot Xen (or any other multiboot
binary), but the sole presence of such directory changes dracut default
path. So get rid of that directory.
2015-08-03 03:00:59 +02:00
Marek Marczykowski-Górecki
e062c431dd
rpm: move os-prober removing code to kernel-install subpackage
...
Main qubes-core-dom0 should not be installed as part of installer image,
but os-prober dependency pulls that in. So move it into
qubes-core-dom0-kernel-install subpackage. After all this is where grub
config regeneration code is placed, so it is more logical place.
2015-07-29 21:35:04 +02:00
Marek Marczykowski-Górecki
7fdff6a735
rpm: force removal os-prober package
...
It can be can be harmful, because it accesses (and mounts) every block
device, including VM controlled /dev/loop*.
2015-07-27 17:27:35 +02:00
Marek Marczykowski-Górecki
5e6d3a273d
Prevent installing all the qubes packages in the installer image
...
Split kernel-install hook into separate package, as only this part is
needed by the installer. This will prevent installing all the Qubes/Xen
staff in the installer, especially udev scripts and xenstored, which
doesn't play well with anaconda.
2015-07-14 23:27:03 +02:00
Marek Marczykowski-Górecki
f056e0341e
rpm: provide qubes-core-dom0-linux-kernel-install virtual pkg
...
This is for kernel package dependencies, since we have the same kernel
packages for both R2 and R3.0
2015-07-12 01:53:48 +02:00
Marek Marczykowski-Górecki
2a14ae9c0b
Add kernel post-installation script to regenerate grub2 config
...
Since we now allow using Fedora kernel, add a script to generate proper
bootloader configuration then. Standard Fedora mechanism relies on
Boot Loader Specification support in grub2, which sadly does not support
Xen, so it is useless in Qubes.
2015-07-10 17:54:24 +02:00
Marek Marczykowski-Górecki
8acd40905d
Disable lesspipe in dom0
...
It can be dangerous when processing untrusted content (for example VM
logs).
Details:
https://groups.google.com/d/msgid/qubes-users/20150527215812.GA13915%40mail-itl
2015-06-25 02:37:29 +02:00
Marek Marczykowski-Górecki
5035fc7eed
Remove iptables config
...
Dom0 have no network at all, it isn't needed.
2015-03-31 22:55:25 +02:00
Marek Marczykowski-Górecki
af66472c36
rpm: add missing vchan-devel build requires
2014-11-19 15:23:10 +01:00
Marek Marczykowski-Górecki
8f2a03e672
rpm: fix permissions of /etc/qubes-rpc{,/policy}
...
Group qubes should have write right there.
2014-10-30 06:40:34 +01:00
Marek Marczykowski-Górecki
1e8b3ea876
rpm: do not save removed udev script
...
As Qubes dom0 is standalone system, not an addon to Fedora (for some
time...), we do not longer need to save such scripts to handle
package remove.
2014-09-30 23:51:10 +02:00
Marek Marczykowski-Górecki
5af0530e8d
udev: prevent VM disks content from being accessed by dom0 processes
...
To not expose dom0 processes like blkid for attacks from VM (e.g. by
placing malicious filesystem header in private.img).
2014-06-11 02:41:20 +02:00
Marek Marczykowski-Górecki
6f1ba98230
rpm: disable non-Xen grub entry on upgrade
2014-04-14 04:14:18 +02:00
Marek Marczykowski-Górecki
1205d9e01f
rpm: fix dom0 updates with F20 firewallvm
...
F20 yum version have changed a way of parsing system-release package
version (so $releasever variable). Force it to use qubes-release package
version, not redhat-release.
2014-03-04 02:07:50 +01:00
Marek Marczykowski-Górecki
30535e59d2
rpm: require qubes-utils >= 2.0.6 for imgconverter
2014-02-07 05:46:19 +01:00
Marek Marczykowski-Górecki
ea7b4eb5cb
rpm: BR:qubes-utils-devel >= 2.0.5 - because of slight API change
...
Note that R: will be generated automatically (on library name).
2014-02-07 05:36:56 +01:00
Marek Marczykowski-Górecki
7ad1183793
rpm: speedup package installation
...
Do not rebuild cache after each icon installation.
2013-12-26 05:07:11 +01:00
Marek Marczykowski-Górecki
c000f24def
appmenus: fallback hardcoded appmenus for HVM with qrexec installed
...
If VM didn't returned any appmenus data, the service is most likely not
available there. Actually it hasn't been written yet.
2013-12-04 03:05:34 +01:00
Marek Marczykowski-Górecki
d0509caf9e
pm-utils: hook qubes suspend scripts to systemd
...
Apparently new KDE doesn't call pm-suspend anymore, instead use systemd
suspend logic. So hook our scripts also there.
2013-11-04 01:28:36 +01:00
Marek Marczykowski-Górecki
aa5635b4f5
rpm: fix policy/qubes.SyncAppMenus name (v2)
2013-10-23 05:40:27 +02:00
Marek Marczykowski-Górecki
72b528ddd1
Revert "rpm: fix policy/qubes.SyncAppMenus name"
...
This reverts commit de087e9b8d
.
Mangled two changes together.
2013-10-23 05:39:46 +02:00
Marek Marczykowski-Górecki
de087e9b8d
rpm: fix policy/qubes.SyncAppMenus name
2013-10-23 00:25:50 +02:00
Marek Marczykowski-Górecki
b4ab187793
dracut: change the way to include ehci-pci module
...
Apparently add_drivers doesn't work. Looking at kernel-modules dracut
code, it can only be used for block-device driver and only makes sense
in --host-only mode.
So add additional module, which unconditionally install kernel modules.
2013-08-13 00:39:35 +02:00
Marek Marczykowski
0f384aacd9
spec: create 'qubes' group is not exists
...
This group can be created also by qubes-core-dom0 package, but add
relevant code also here to simplify dependencies.
2013-03-25 16:21:43 +01:00
Marek Marczykowski
158bfff3cf
Add qrexec back, use qubes-utils libraries for common code
2013-03-20 06:24:17 +01:00
Marek Marczykowski
dbe9693851
Other Linux-specific files
2013-03-16 19:52:16 +01:00
Marek Marczykowski
e5f9e46e19
dom0-updates code
2013-03-16 18:54:21 +01:00
Marek Marczykowski
d06bbdc967
appmenus: include standalone qvm-sync-appmenus and its manpage
2013-03-16 18:34:40 +01:00
Marek Marczykowski
ad522026d3
Initial commit: appmenus handling code, icons
2013-03-16 18:23:22 +01:00