Commit Graph

196 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
9687180a62 udev: prevent dom0 processes from accessing templates root image 2014-07-04 04:29:31 +02:00
Marek Marczykowski-Górecki
7bfa26bd2f version 2.0.20 2014-07-01 03:47:12 +02:00
Marek Marczykowski-Górecki
79abec9038 qrexec: fix deadlock in qrexec-client
When VM-VM qrexec service is called, two qrexec-clients are connected in
dom0. If both VMs are sending data simultaneously it can happen that
both qrexec-client processes will call write(2) and none of them will be
reading -> deadlock.
Solve it by handling I/O in two separate threads (one for reading from
VM, another for writing), at any time qrexec-client is ready to accept
data from either direction.
2014-07-01 03:24:46 +02:00
Marek Marczykowski-Górecki
6ab53c9456 version 2.0.19 2014-06-30 16:17:23 +02:00
Marek Marczykowski-Górecki
a74b69ce08 dom0-updates: ensure that metadata are available to normal user 2014-06-30 16:16:59 +02:00
Marek Marczykowski-Górecki
a013cb3eca dom0-updates: call "apper --updates" to go directly to updates tab 2014-06-30 16:16:08 +02:00
Marek Marczykowski-Górecki
8627ef9a80 dom0-updates: use GUI tool appropriate to current DE (#824) 2014-06-29 22:02:00 +02:00
Marek Marczykowski-Górecki
d63c27f79a version 2.0.18 2014-06-18 00:37:05 +02:00
Marek Marczykowski-Górecki
5af0530e8d udev: prevent VM disks content from being accessed by dom0 processes
To not expose dom0 processes like blkid for attacks from VM (e.g. by
placing malicious filesystem header in private.img).
2014-06-11 02:41:20 +02:00
Marek Marczykowski-Górecki
c443264fae dom0-updates: move GUI notification to qubes-manager (#824)
It is hard to get user session D-Bus address from outside of session. In
some cases there are even multiple dbus-daemon instances of the same
user...
2014-06-10 01:14:15 +02:00
Marek Marczykowski-Górecki
b8bd6e2d49 Additional options to hide PCI devices from dom0 (#861) 2014-05-29 05:12:42 +02:00
Marek Marczykowski-Górecki
9a206a5c4e version 2.0.17 2014-05-23 02:43:49 +02:00
Wojciech Zygmunt Porczyk
66234f41ee regexp fixes and validation (#829) 2014-05-19 13:36:02 +02:00
Wojciech Zygmunt Porczyk
38b1845e97 Merge branch 'master' of git://git.qubes-os.org/marmarek/core-admin-linux 2014-05-19 12:28:10 +02:00
Marek Marczykowski-Górecki
a7c43e6148 dom0-updates: clean local repo when --clean given 2014-05-12 00:30:48 +02:00
Marek Marczykowski-Górecki
15207dadcc doc: mention yum opts in qubes-dom0-update manual page 2014-05-11 17:49:52 +02:00
Wojciech Zygmunt Porczyk
df7e67784a qubes-receive-appmenus: filter categories
Allow only whitelisted categories, specified in freedesktop.org
"Desktop Menu Specification" 1.1-draft.

http://standards.freedesktop.org/menu-spec/latest/apa.html
2014-05-08 11:40:45 +02:00
Marek Marczykowski-Górecki
c5129a04e0 Merge branch 'master' of http://git.woju.eu/qubes/core-admin-linux 2014-05-07 15:22:07 +02:00
Wojciech Zygmunt Porczyk
c6f24d8ba8 qubes-receive-appmenus: use old icons when retrieval fails (#836) 2014-05-07 14:54:59 +02:00
Marek Marczykowski-Górecki
dbd7be5c90 Merge branch 'master' of http://git.woju.eu/qubes/core-admin-linux 2014-05-07 03:18:33 +02:00
Marek Marczykowski-Górecki
c74ac87582 dom0-updates: only notify about updates from cron, do not install them (#824)
It doesn't work and isn't simple to fix (needs the whole user
environment). So just notify about updates and let the user install them
from Qubes Manager or cmdline.
2014-05-06 04:19:55 +02:00
Wojciech Zygmunt Porczyk
bad449f235 qubes-core-appmenus.py: create/remove appmenus only when attribtute changes
This is part of #827 bug.
2014-05-05 22:26:53 +02:00
Marek Marczykowski-Górecki
553e914af5 version 2.0.16 2014-05-05 21:31:01 +02:00
Wojciech Zygmunt Porczyk
a9980d6d34 qubes-core-appmenus.py: create/remove appmenus when re/setting internal
This is part of #827 bug.
2014-05-05 16:47:34 +02:00
Marek Marczykowski-Górecki
9de6171a43 qubes-rpc: log (local) service output to syslog, discard stderr from VMs (#842)
Basically - store the logs where the service is running.
2014-05-05 05:27:08 +02:00
Marek Marczykowski-Górecki
c103f3713c dom0-updates: force 'C' locale for rpm --checksig call
Otherwise "OK", searched by regex, might be translated (which is the
case for es_ES locale).
2014-05-05 04:00:52 +02:00
Marek Marczykowski-Górecki
85dd4a84f6 version 2.0.15 2014-04-19 16:48:53 +02:00
Marek Marczykowski-Górecki
5bac404079 appmenus: use os.path.join instead of manual string concatenation
This will ease porting the code to other OSes. Also be consistent with
other parts of the script.
2014-04-19 16:46:49 +02:00
Marek Marczykowski-Górecki
ffd8db5d06 appmenus: don't output untrusted strings on terminal
Especially those which failed verification.
2014-04-19 16:46:03 +02:00
Marek Marczykowski-Górecki
0afaa60093 appmenus: fix regexp for parsing received line
The '-' must be the last character. Otherwise it means character range.
In this case it was ')-_', which include '/', so path was incorrectly
sanitised.
2014-04-19 16:39:37 +02:00
Marek Marczykowski-Górecki
1483f009e6 version 2.0.14 2014-04-16 17:06:03 +02:00
Marek Marczykowski-Górecki
6fc4c0ae3f appmenus: allow '_' in filenames 2014-04-16 17:00:25 +02:00
Marek Marczykowski-Górecki
7afc15dcf0 appmenus: workarounds for non-refreshing icon caches (#751) 2014-04-16 16:59:47 +02:00
Marek Marczykowski-Górecki
3e66cfbd97 version 2.0.13 2014-04-15 13:23:03 +02:00
Marek Marczykowski-Górecki
46f85b7f3f dom0-updates: fix command quotation, hide only harmless error msgs 2014-04-15 13:22:28 +02:00
Marek Marczykowski-Górecki
f55d04eef8 version 2.0.12 2014-04-15 04:08:16 +02:00
Marek Marczykowski-Górecki
793dec27ff dom0-updates: use qvm-run, not qrexec-client directly 2014-04-15 03:32:52 +02:00
Marek Marczykowski-Górecki
0be6f8431f qrexec: add support for filtering terminal escape chars 2014-04-15 03:12:53 +02:00
Marek Marczykowski-Górecki
6f1ba98230 rpm: disable non-Xen grub entry on upgrade 2014-04-14 04:14:18 +02:00
Marek Marczykowski-Górecki
167f30d063 dracut: fix loading xen-pciback module into initramfs
instmods will not install module in hostonly mode, so forcefully disable
hostonly mode (this is the way recommended by dracut documentation).
2014-04-14 04:12:51 +02:00
Marek Marczykowski-Górecki
aea6b3c1f5 appmenus: fix creating appmenus when no entry is selected 2014-04-14 04:12:00 +02:00
Marek Marczykowski-Górecki
84a9d12c48 dom0-updates: add flag file for disabling update check (#800) 2014-04-11 07:04:57 +02:00
Marek Marczykowski-Górecki
0b850b931e version 2.0.11 2014-04-05 00:37:09 +02:00
Marek Marczykowski-Górecki
123c529ffa appmenus: extend allowed chars set for Windows paths 2014-04-04 11:32:54 +02:00
Marek Marczykowski-Górecki
2c4aae132a Use 'conntrack' iptables module instead of obsoleted 'state' 2014-04-04 11:30:55 +02:00
Marek Marczykowski-Górecki
677cb769e1 dracut: remove 'fpu' module reference
It doesn't exists in the current kernel.
2014-03-13 18:31:22 +01:00
Marek Marczykowski-Górecki
4d09139066 version 2.0.10 2014-03-10 01:06:30 +01:00
Marek Marczykowski-Górecki
1205d9e01f rpm: fix dom0 updates with F20 firewallvm
F20 yum version have changed a way of parsing system-release package
version (so $releasever variable). Force it to use qubes-release package
version, not redhat-release.
2014-03-04 02:07:50 +01:00
Marek Marczykowski-Górecki
0c1e45cb3d appmenus: recreate child VM appmenus after template update
For example refresh the icons, or commands.
2014-02-22 01:26:01 +01:00
Marek Marczykowski-Górecki
849b8450ce appmenus: include appicons in clone_disk_files hook 2014-02-22 01:25:18 +01:00