Commit Graph

262 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
8acd40905d Disable lesspipe in dom0
It can be dangerous when processing untrusted content (for example VM
logs).
Details:
https://groups.google.com/d/msgid/qubes-users/20150527215812.GA13915%40mail-itl
2015-06-25 02:37:29 +02:00
Marek Marczykowski-Górecki
1288a13520 qrexec: do not terminate before sending all the data
Make sure that all the data from local process is sent (including final
EOF), before handling its exit code - which would include terminating
qrexec-client process.
2015-06-23 02:44:59 +02:00
Marek Marczykowski-Górecki
7ce62cbd98 dracut: support the case when xen-pciback is built-in, not a module
In such case, we can't set module parameters in initramfs. But we can
bind the driver to appropriate devices manually - which is also doable
in case of module.
2015-06-15 03:26:04 +02:00
Marek Marczykowski-Górecki
07de8f7515 appmenus: allow '_' in Exec and other fields 2015-05-17 00:07:01 +02:00
Marek Marczykowski-Górecki
7e80d203ff version 3.0.6 2015-05-15 03:29:37 +02:00
Marek Marczykowski-Górecki
a5650d3251 dom0-update: improve package validation regexp - include DSA case (#988)
Apparently when package is signed with DSA key, rpm -K output is totally
different. This is the case for bumblebee package on rpmfusion.

Fixes qubesos/qubes-issues#988
2015-05-15 03:13:01 +02:00
Marek Marczykowski-Górecki
f2b5cf1cc0 dom0-update: clear error marker before downloading new packages (#987)
Otherwise if some package download fails once - further tries will also
report errors.

Fixes qubesos/qubes-issues#987
2015-05-13 02:34:51 +02:00
Marek Marczykowski-Górecki
4cab815317 dom0-update: prevent template package upgrades (#996)
This would override user changes to the template. Previous method
(Obsoletes: rpm header) doesn't work now, so add explicit exclude list
as yum option

Fixes qubesos/qubes-issues#996
2015-05-13 02:33:12 +02:00
Marek Marczykowski-Górecki
3f29b411d0 qrexec: do not send spurious MSG_SERVICE_REFUSED
This causes closing connection (FD) to still alive client.

Fixes qubesos/qubes-issues#993
2015-05-10 04:36:33 +02:00
Marek Marczykowski-Górecki
0d75af86d8 version 3.0.5 2015-05-03 16:05:37 +02:00
Marek Marczykowski-Górecki
ed363452c9 gitignore 2015-05-03 16:05:02 +02:00
Marek Marczykowski-Górecki
50eb23d60e appmenus: add missing appicons_cleanup function
Commit f05f214f "appmenus: update icons only when changed" introduced
usage of vm.appicons_cleanup, but that function wasn't implemented. That
caused not generating appmenus at all after template update (old
appmenus was removed, but script crashes before adding the new one).
2015-05-02 23:49:40 +02:00
Marek Marczykowski-Górecki
b40008a06d appmenus: do not regenerate all the icons for the template itself 2015-05-02 21:09:42 +02:00
Marek Marczykowski-Górecki
febac40b05 appmenus: convert eval's to lambda's 2015-05-02 21:09:42 +02:00
Marek Marczykowski-Górecki
59d9dc0307 appmenus: minor code style fixes
Use 'in' instead of has_key, remove unused code.
2015-05-02 21:09:42 +02:00
Marek Marczykowski-Górecki
2a08357fa4 appmenus: script formatting
Wrap long lines, fix whitespaces
2015-05-02 21:09:42 +02:00
Marek Marczykowski-Górecki
d43a421dee version 3.0.4 2015-04-28 13:23:31 +02:00
Marek Marczykowski-Górecki
f05f214f6c appmenus: update icons only when changed
Do not regenerate all the icons when the source is unchanged.

Also add preliminary code to support the same improvement for .desktop
files, but it requires some more work, especially because KDE does a lot
of caching and we need to force update sometimes (for example when VM
label color has changed).
2015-04-28 12:45:29 +02:00
Marek Marczykowski-Górecki
d6f0cfcbad qrexec: fix waiting for qrexec-agent data connection
In case of vchan server libvchan_is_open() returns VCHAN_WAITING (2) when
client is not yet connected.
2015-04-20 05:46:47 +02:00
Marek Marczykowski-Górecki
6cf84a7319 version 3.0.3 2015-04-12 03:07:42 +02:00
Marek Marczykowski-Górecki
5d5a33f90b appmenus: fix template's icon 2015-04-12 02:06:26 +02:00
Marek Marczykowski-Górecki
c457b485cb Load xen-acpi-processor module
It is required for cpufreq to work.
2015-04-10 17:56:58 +02:00
Marek Marczykowski-Górecki
5a7813c05c version 3.0.2 2015-04-01 00:12:43 +02:00
Marek Marczykowski-Górecki
5035fc7eed Remove iptables config
Dom0 have no network at all, it isn't needed.
2015-03-31 22:55:25 +02:00
Marek Marczykowski-Górecki
2866196dad version 3.0.1 2015-03-26 23:53:33 +01:00
Marek Marczykowski-Górecki
3c151ca509 dom0-update: allow to specify custom yum action
This can be useful for actions like "downgrade", "reinstall" etc.

Needs additional testing if whole distribution upgrade using
"distro-sync" action will work as expected.
2015-03-26 00:58:10 +01:00
Marek Marczykowski-Górecki
51c736a92c qrexec: enable compiler optimization 2015-03-20 12:16:28 +01:00
Marek Marczykowski-Górecki
18d079a99a qrexec: fix compiler warnings 2015-03-20 12:16:19 +01:00
Marek Marczykowski-Górecki
b07475efea qrexec: make the log writable by qubes group
Otherwise if VM was started as root, it will never start as normal user
again.
2015-03-20 03:06:06 +01:00
Marek Marczykowski-Górecki
04816e014b qrexec: do not exit from qrexec-client until local process exit code is sent 2015-03-17 22:55:15 +01:00
Marek Marczykowski-Górecki
662813dc18 appmenus: recreate appmenus for the template itself after update 2015-03-11 00:00:37 +01:00
Marek Marczykowski-Górecki
735788dbd6 appmenus: do not force GUI connection when retrieving appmenus
There could be no GUI available - for example at firstboot.
2015-03-10 23:59:30 +01:00
Marek Marczykowski-Górecki
e76007fe20 qrexec: periodically check if remote domain/process still exists 2015-02-22 18:25:14 +01:00
Marek Marczykowski-Górecki
9ea5790a9b appmenus: really call kbuildsycoca4 only once after template update (#886) 2015-02-22 02:08:49 +01:00
Marek Marczykowski-Górecki
5645b4c307 qrexec: wait for remote exit code, even when both stdin/out are closed 2015-02-17 03:57:17 +01:00
Marek Marczykowski-Górecki
61eb2e7764 qrexec: fix handling of remote exit code 2015-02-11 16:11:38 +01:00
Marek Marczykowski-Górecki
d031126737 Add "--" to separate options from (untrusted) non-options arguments
This will prevent passing an option instead of command (qvm-run) /
domain name (qrexec-policy). In both cases when VM tries to pass some
option it would fail because missing argument then - VM can not pass
additional arguments, so if one act as an option, one argument will be
missing).
2015-02-10 01:57:33 +01:00
Marek Marczykowski-Górecki
4449d51d98 udev: prevent race with kpartx -d
udevd calls (internal) blkid, which opens the device, so kpartx -d
cannot remove it.
2015-02-01 04:05:05 +01:00
Marek Marczykowski-Górecki
a28e6e1044 appmenus: call kbuildsycoca4 only once after template update (#886) 2015-01-30 01:57:19 +01:00
Marek Marczykowski-Górecki
04770e4037 version 3.0.0 2014-11-22 16:24:11 +01:00
Marek Marczykowski-Górecki
af66472c36 rpm: add missing vchan-devel build requires 2014-11-19 15:23:10 +01:00
Marek Marczykowski-Górecki
1d017449d0 qrexec: fix compile warnings 2014-11-19 15:23:10 +01:00
Marek Marczykowski-Górecki
6efbbb88da qrexec: new protocol - direct data vchan connections 2014-11-19 15:23:10 +01:00
Marek Marczykowski-Górecki
0ba692c85a code style: change tabs to spaces 2014-11-19 15:21:42 +01:00
Marek Marczykowski-Górecki
6e47f12118 Revert "qrexec: fix deadlock in qrexec-client"
This reverts commit 79abec9038.

The problem will not be applicable in new protocol, where vchan
connection is directly between VMs, so there is no longer two connected
qrexec-clients - always one end of data flow in qrexec-client is vchan,
which provide information about amount of data to read or buffer
space to write (lack of the later in case of pipes was a cause of the
original problem).
2014-11-19 15:21:42 +01:00
Marek Marczykowski-Górecki
9a1c071f40 qrexec-policy: remove trailing spaces 2014-11-19 15:21:42 +01:00
Marek Marczykowski-Górecki
29d94c6478 dracut: change the way to include ehci-pci module
Apparently add_drivers doesn't work. Looking at kernel-modules dracut
code, it can only be used for block-device driver and only makes sense
in --host-only mode.
So add additional module, which unconditionally install kernel modules.
2014-11-19 15:21:42 +01:00
Marek Marczykowski-Górecki
76e3a34e7c dracut: include ehci-pci module in initramfs image
In recent kernel releases this additional module is required
to support USB 2.0 controllers.
2014-11-19 15:21:41 +01:00
Marek Marczykowski
0eaae9790c Use QubesVMMConnection object
Introduced in core-admin:
af521bd Wrap all VMM connection related object into QubesVMMConnection
class
2014-11-19 15:21:41 +01:00
Marek Marczykowski
43770dae36 qrexec: handle vchan connect errors 2014-11-19 15:21:41 +01:00