When file opened with O_TMPFILE but use_tmpfile==0, the file will not be
linked to the directory (the code at the end of process_one_file_reg).
Additionally it is waste of time trying using O_TMPFILE when it's
already known it shouldn't be.
Also use_tmpfile==0 can mean we don't have access to /proc
(set_procfs_fd wasn't called), so even if linking the file to its
directory would be attempted, it would fail. This is the case for
dom0-updates copy.
Otherwise source domain can modify (append) the file while the user
already is accessing it. While incoming files should be treated as
untrusted, this problem could allow file modification after the user
makes some sanity checks.
It can happen that we already cleared libvchan_fd pending state via
libvchan_wait, but data arrived later. This is especially true just
after connection, when client send unsolicited notification to server,
which can confuse it with some requested notification.
add support for netvm, proxyvm, dispvm.
-----BEGIN PGP SIGNATURE-----
iQIcBAABCgAGBQJUWAv1AAoJEIwFIWzgnAk887EP/2c9kc72kY/24vgDfo4zDIHu
yfaYjlEUmqTH8MDNpA2JnOz4caSGNpHcLWt68Cn0zsi40Tq2G1kQGmoPJRrpKdnO
muqqI+vjCcNymar7XTa4XpRxQ4PTfVW/XQ4GyzGja0JKnBW6IrtrbRDF+bW7KqjP
8CxAjv+Pnm0hdkWXgvFLCt7uwDgXQ7oPb2a5G1eqfHKZ84HzXElU2PPr2Fh4Rh4x
jWu/nsXDwY5XoT8YdaPfZ0vkmExfNfQXHgc6wnvZmW4ZuDvpldshhFI3iyZwa0zy
dJyzykEM7FWT8RxnsLqalhjycjF9mX+7KUUDL0quQNArUuRR4hAnA/85kCaHAgaE
3XjpWiwRJPhFKVj00rqxxBgYKQYPszr0Wy2X3AgMdB50/YNa7ct43v+OG8RZFjkW
HLC4tfnwwMyDbpwc/Hy4Ltfcy2LIMM2w8AsO74wPmTwy5CcvlViUMiV5AEUssjE5
cTx9iiAP76oOe0ewY7lmJ6pkMDMuYSM44PtwhHdITXR8XxgkDOiolkMtYNvsJ21q
C4ECW5JoktvgDJZsKGWz0nB599+WVGeq7Kj/Km45PI+9NeVPrlS6IrVDdm7M55pJ
zaRm/WhtuL6SJ152iCn9u40m/+3XcE+jruewPoxbxSV4/a6bVKflVtElffVm6MZK
pmaIZmr9X5bKbr2Aub3h
=EbZd
-----END PGP SIGNATURE-----
Merge tag 'hw42_debian-systemd-1'
Use native systemd services (like in the fedora templates). This should also
add support for netvm, proxyvm, dispvm.
# gpg: Signature made Tue Nov 4 00:12:53 2014 CET using RSA key ID E09C093C
# gpg: Good signature from "HW42 (Qubes Signing Key) <hw42-qubes@ipsumj.de>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: FC1A C023 76D0 4C68 341F 406F 8C05 216C E09C 093C
It can happen during device reconfiguration - do not decide to expose
the device until its known what device it will be.
This fixes bug where root.img was visible in qvm-block as normal device
and could be detached.
We have no control over package installation, so it can happen to be
before qubes-release got installed. Simply enable both dom0 and VM
services - they contains relevant start conditions.
By passing an empty file with a declared negative size,
a hostile VM can decrease the total bytes counter, while
not have do supply a huge amount of data, thus disabing
the byte size check, and potentially filling the target
filesystem.
