Marek Marczykowski-Górecki
54d5c7b35c
qrexec: allow ':' in call target specification
...
':' is used in DispVM special tags, like '$dispvm:something'.
Fixes QubesOS/qubes-issues#3137
7 years ago
Marek Marczykowski-Górecki
8719e5d74c
qrexec: fix pending requests cleanup code (cont)
...
There was a second place with exactly the same bug. See
dad208a
"qrexec: fix pending requests cleanup code" for details.
Fixes QubesOS/qubes-issues#2699
7 years ago
Marek Marczykowski-Górecki
1502eb4d59
qrexec: switch to new qrexec policy in core-admin
...
QubesOS/qubes-issues#910
7 years ago
Marek Marczykowski-Górecki
723d32b8b7
qrexec: fix pending requests cleanup code
...
There was a logic error in pending requests cleanup code, causing
policy_pending_max being set to 0, even if there were more pending
requests. This effectively limited maximum pending requests to 1, after
some system uptime, because policy_pending_max set to 0 makes the code
looks only at the first pending request slot.
While at it, remove outdated FIXME comment, actually this bug is in the
code implementing this FIXME.
Fixes QubesOS/qubes-issues#2699
8 years ago
Marek Marczykowski-Górecki
849b295384
qrexec: add option to wait for VM-VM connection termination
...
Normally when qrexec-client setup VM-VM connection it exits
immediatelly. But it may be useful to wait for the connection to
terminate - for example to cleanup DispVM.
qrexec-daemon (the one that allocated vchan port) do receive such
notification, so expose such option to qrexec-client.
QubesOS/qubes-issues#2253
8 years ago
Marek Marczykowski-Górecki
0607d9021a
qrexec: add support for service argument
...
Fixes QubesOS/qubes-issues#1876
9 years ago
Marek Marczykowski-Górecki
ad28f4df62
qrexec: deny spaces in service domain name
...
Fixes QubesOS/qubes-issues#1877
9 years ago
Marek Marczykowski-Górecki
3f29b411d0
qrexec: do not send spurious MSG_SERVICE_REFUSED
...
This causes closing connection (FD) to still alive client.
Fixes qubesos/qubes-issues#993
10 years ago
Marek Marczykowski-Górecki
b07475efea
qrexec: make the log writable by qubes group
...
Otherwise if VM was started as root, it will never start as normal user
again.
10 years ago
Marek Marczykowski-Górecki
d031126737
Add "--" to separate options from (untrusted) non-options arguments
...
This will prevent passing an option instead of command (qvm-run) /
domain name (qrexec-policy). In both cases when VM tries to pass some
option it would fail because missing argument then - VM can not pass
additional arguments, so if one act as an option, one argument will be
missing).
10 years ago
Marek Marczykowski-Górecki
1d017449d0
qrexec: fix compile warnings
10 years ago
Marek Marczykowski-Górecki
6efbbb88da
qrexec: new protocol - direct data vchan connections
10 years ago
Marek Marczykowski-Górecki
0ba692c85a
code style: change tabs to spaces
10 years ago
Marek Marczykowski
43770dae36
qrexec: handle vchan connect errors
10 years ago
Marek Marczykowski
d08831cc7e
qrexec: get domain name from cmdline
...
libvchan_get_domain_name will be removed
10 years ago
Marek Marczykowski
7bdf7b3f36
use domain name in error messages and log file name
...
Should be much more convenient than XID.
10 years ago
Marek Marczykowski
9215c09656
update for new vchan API
10 years ago
Marek Marczykowski-Górecki
6cca9a377f
qrexec: add -q option to silence "Waiting for VM's qrexec agent" message
10 years ago
Marek Marczykowski-Górecki
3f9cbe63b8
qrexec: use proper unsigned type instead of muting compiler warning
11 years ago
Vincent Penquerc'h
36c8885ff2
Fix some potential aliasing issues
11 years ago
Marek Marczykowski-Górecki
aa0fda1984
Fix -Wextra warnings
11 years ago
Marek Marczykowski-Górecki
f77e2d656d
qrexec: remove dialog box in case of connect timeout ( #790 )
...
Instead exit with failure (keeping child process for further connect
retries) and let the core/user decide what to do.
11 years ago
Marek Marczykowski-Górecki
c03a37f2bf
qrexec: remove socket at daemon exit
11 years ago
Vincent Penquerc'h
4a81560536
qrexec-daemon: check symlink success
11 years ago
Vincent Penquerc'h
63c46b2f8c
qrexec-daemon: add a few consts where appropriate
11 years ago
Vincent Penquerc'h
951e51d274
core-admin-linux: misc const/etc fixups
11 years ago
Vincent Penquerc'h
771be64912
qrexec-daemon: fix read underflow when the last fd goes
...
If no remaining fd is alive in the list, the loop breaks when i
is negative, but by then clients[-1] would have been dereferenced.
11 years ago
Vincent Penquerc'h
bac950c5ce
qrexec-daemon: check we really did drop root privileges
...
and drop group privileges too while we're at it
11 years ago
Vincent Penquerc'h
5e4e1fe6ac
qrexec-daemon: fix pathological break-out-of-wait-loop
...
If the timeout is 1, attempting to retry would not actually retry,
since i would be incremented just after being reset to 0, and would
thus break out of the loop.
11 years ago
Vincent Penquerc'h
e88faee9dd
qrexec-daemon: reject negative timeouts
11 years ago
Vincent Penquerc'h
259d7aaf78
qrexec-daemon: use fully qualified path to kdialog/zenity
11 years ago
Vincent Penquerc'h
67f27bd94f
qrexec-daemon: make children_count volatile
...
It's decremented in a signal handler
11 years ago
Marek Marczykowski-Górecki
ce971eaa54
qrexec: don't wait indefinitely if the daemon startup failed
...
Count started children and if the last one exits before getting SIGUSR1
(confirmation of successful daemon startup) report failure.
11 years ago
Marek Marczykowski-Górecki
19e7663928
qrexec-daemon: optionally don't wait for connection to the VM
...
Will be used to keep qrexec-daemon running in the background even if no
qrexec-agent installed (yet). Specifically to give the VM a chance to
inform about just installed agent.
11 years ago
Marek Marczykowski-Górecki
72b528ddd1
Revert "rpm: fix policy/qubes.SyncAppMenus name"
...
This reverts commit de087e9b8d
.
Mangled two changes together.
11 years ago
Marek Marczykowski-Górecki
de087e9b8d
rpm: fix policy/qubes.SyncAppMenus name
11 years ago
Marek Marczykowski-Górecki
28aa4d992f
qrexec: display VM name in connect timeout message ( #723 )
...
Now it is possible, as we have domain name from cmdline.
11 years ago
Marek Marczykowski-Górecki
c92bc0a05c
qrexec: use VM name in log filename
11 years ago
Marek Marczykowski
cf8959dbfe
qrexec: get domain name from cmdline
...
libvchan_get_domain_name will be removed
11 years ago
Marek Marczykowski
158bfff3cf
Add qrexec back, use qubes-utils libraries for common code
12 years ago