Commit Graph

106 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
4b6924a27b
imgconverter: ensure that connection to the VM is properly closed
Even in case of some error (for example invalid image).

(cherry picked from commit fc3347c914)
2015-09-27 23:53:52 +02:00
Marek Marczykowski-Górecki
5c6ad4c669
imgconverter: use more meaningful error for empty icon image
(cherry picked from commit 6e69ce2234)
2015-09-27 23:53:07 +02:00
Marek Marczykowski-Górecki
6e4fa03459
udev: fix block devices ignoring rule
First of all there was missing ']'. Bu additionally change that rule to
detect partitioned loop devices instead of device-mapper.

(cherry picked from commit 68bbd408d7)
2015-09-27 23:51:33 +02:00
Marek Marczykowski-Górecki
11365e353e
udev: ignore temporary devices created during VM startup
(cherry picked from commit c731fa5b28)
2015-09-27 23:51:02 +02:00
Marek Marczykowski-Górecki
d4b23691f1
qrexec-lib: enable compiler optimization
(cherry picked from commit 015015d940)

Conflicts:
	qrexec-lib/Makefile
2015-09-27 23:48:19 +02:00
Marek Marczykowski-Górecki
0771ddaab3 fedora: fix systemd service files permission 2015-06-16 03:00:36 +02:00
Marek Marczykowski-Górecki
9b762acd0b version 2.0.20 2015-02-02 00:19:22 +01:00
Olivier MEDOC
f6460d6e95 archlinux: fix new packaging requirements related to run, sbin, lib64... 2015-02-01 23:27:09 +01:00
Marek Marczykowski-Górecki
034b066700 version 2.0.19 2015-02-01 03:07:29 +01:00
Marek Marczykowski-Górecki
d0a23bdd09 debian: O_TMPFILE already defined 2015-02-01 03:06:47 +01:00
Marek Marczykowski-Górecki
ba61c8405c version 2.0.18 2015-01-23 01:22:10 +01:00
Marek Marczykowski-Górecki
bbdb5ed67f filecopy: fix handling ENOENT error
Do not fail when file was successfully created.

I will test before commit. I will test before commit. I will...
2015-01-23 00:21:36 +01:00
Marek Marczykowski-Górecki
d6eb7e5c58 version 2.0.17 2015-01-21 16:07:40 +01:00
Marek Marczykowski-Górecki
d88242bb99 filecopy: really do not use O_TMPFILE when use_tmpfile==0
When file opened with O_TMPFILE but use_tmpfile==0, the file will not be
linked to the directory (the code at the end of process_one_file_reg).
Additionally it is waste of time trying using O_TMPFILE when it's
already known it shouldn't be.
Also use_tmpfile==0 can mean we don't have access to /proc
(set_procfs_fd wasn't called), so even if linking the file to its
directory would be attempted, it would fail. This is the case for
dom0-updates copy.
2015-01-21 16:05:19 +01:00
Marek Marczykowski-Górecki
509ae49001 version 2.0.16 2015-01-18 18:05:35 +01:00
Marek Marczykowski-Górecki
72069d8526 filecopy: create new file unaccessible to the user until fully written
Otherwise source domain can modify (append) the file while the user
already is accessing it. While incoming files should be treated as
untrusted, this problem could allow file modification after the user
makes some sanity checks.
2015-01-11 05:39:25 +01:00
Marek Marczykowski-Górecki
129aeeacd5 version 2.0.15 2014-12-01 04:32:48 +01:00
Marek Marczykowski-Górecki
4476a1fe71 Use native systemd services (like in the fedora templates). This should also
add support for netvm, proxyvm, dispvm.
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCgAGBQJUWAv1AAoJEIwFIWzgnAk887EP/2c9kc72kY/24vgDfo4zDIHu
 yfaYjlEUmqTH8MDNpA2JnOz4caSGNpHcLWt68Cn0zsi40Tq2G1kQGmoPJRrpKdnO
 muqqI+vjCcNymar7XTa4XpRxQ4PTfVW/XQ4GyzGja0JKnBW6IrtrbRDF+bW7KqjP
 8CxAjv+Pnm0hdkWXgvFLCt7uwDgXQ7oPb2a5G1eqfHKZ84HzXElU2PPr2Fh4Rh4x
 jWu/nsXDwY5XoT8YdaPfZ0vkmExfNfQXHgc6wnvZmW4ZuDvpldshhFI3iyZwa0zy
 dJyzykEM7FWT8RxnsLqalhjycjF9mX+7KUUDL0quQNArUuRR4hAnA/85kCaHAgaE
 3XjpWiwRJPhFKVj00rqxxBgYKQYPszr0Wy2X3AgMdB50/YNa7ct43v+OG8RZFjkW
 HLC4tfnwwMyDbpwc/Hy4Ltfcy2LIMM2w8AsO74wPmTwy5CcvlViUMiV5AEUssjE5
 cTx9iiAP76oOe0ewY7lmJ6pkMDMuYSM44PtwhHdITXR8XxgkDOiolkMtYNvsJ21q
 C4ECW5JoktvgDJZsKGWz0nB599+WVGeq7Kj/Km45PI+9NeVPrlS6IrVDdm7M55pJ
 zaRm/WhtuL6SJ152iCn9u40m/+3XcE+jruewPoxbxSV4/a6bVKflVtElffVm6MZK
 pmaIZmr9X5bKbr2Aub3h
 =EbZd
 -----END PGP SIGNATURE-----

Merge tag 'hw42_debian-systemd-1'

Use native systemd services (like in the fedora templates). This should also
add support for netvm, proxyvm, dispvm.

# gpg: Signature made Tue Nov  4 00:12:53 2014 CET using RSA key ID E09C093C
# gpg: Good signature from "HW42 (Qubes Signing Key) <hw42-qubes@ipsumj.de>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: FC1A C023 76D0 4C68 341F  406F 8C05 216C E09C 093C
2014-11-05 05:00:42 +01:00
HW42
7693f097d4 use systemd in debian 2014-09-26 23:33:38 +02:00
Marek Marczykowski-Górecki
6e965d0093 version 2.0.14 2014-07-28 02:46:39 +02:00
Marek Marczykowski-Górecki
35300b54ac udev: update dmsetup path
Debian has it in /sbin/dmsetup. Fedora has /sbin->/usr/sbin symlink, so
it should work on both.
2014-07-26 15:47:15 +02:00
Marek Marczykowski-Górecki
91766f9b5d gitignore 2014-07-26 03:36:31 +02:00
Marek Marczykowski-Górecki
098a93bab0 debian: rename package to qubes-utils, update deps 2014-07-26 03:35:57 +02:00
Davíð Steinn Geirsson
566bd2901b Initial native debian packaging 2014-07-23 04:32:46 +02:00
Davíð Steinn Geirsson
bc75b6559b Use xenstore.h when xen >= 4.2 2014-07-23 04:32:46 +02:00
Davíð Steinn Geirsson
b4751c55dc Add qmemman to make clean 2014-07-23 04:32:46 +02:00
Joanna Rutkowska
8284ed0c44 version 2.0.13 2014-07-12 14:07:56 +02:00
Marek Marczykowski-Górecki
43ec024616 rpm: add missing dependency 2014-07-08 12:07:38 +02:00
Marek Marczykowski-Górecki
60fe01e11f version 2.0.12 2014-07-05 16:13:31 +02:00
Marek Marczykowski-Górecki
644372149f udev: convert device description to ascii only 2014-07-05 16:13:08 +02:00
Marek Marczykowski-Górecki
36a2c99b49 udev: filter out template's root device 2014-07-05 16:12:37 +02:00
Marek Marczykowski-Górecki
6722b17333 version 2.0.11 2014-07-05 14:51:15 +02:00
Marek Marczykowski-Górecki
58df64ad20 udev: skip empty device-mapper nodes
It can happen during device reconfiguration - do not decide to expose
the device until its known what device it will be.
This fixes bug where root.img was visible in qvm-block as normal device
and could be detached.
2014-07-04 03:29:38 +02:00
Marek Marczykowski-Górecki
44e5c20806 udev: fix perms of udev-block-add-change
Accidentally "x" was removed.
2014-06-29 21:57:20 +02:00
Marek Marczykowski-Górecki
32a0a4156c version 2.0.10 2014-06-10 17:57:11 +02:00
Marek Marczykowski-Górecki
570446f448 udev: better support device-mapper/LVM
Do not ignore them completely.
2014-06-07 04:53:32 +02:00
Wojciech Zygmunt Porczyk
affc4fd3a9 imgconverter.py: really close stdout in get_through_dvm 2014-05-27 16:13:34 +02:00
Wojciech Zygmunt Porczyk
e18bfc5dad move site-packages/qubes/__init__.py from core-admin 2014-05-27 16:13:34 +02:00
Marek Marczykowski-Górecki
136d342dd6 version 2.0.9 2014-05-23 02:44:17 +02:00
Marek Marczykowski-Górecki
821a1c2fe9 qrexec-lib: use _exit in child process to not fire atexit hooks
Otherwise it would remove qrexec socket.
2014-05-19 16:52:27 +02:00
Marek Marczykowski-Górecki
f01b1a16ba version 2.0.8 2014-04-05 00:50:39 +02:00
Marek Marczykowski-Górecki
ed146390d6 rpm: fix meminfo-writer setup during system installation
We have no control over package installation, so it can happen to be
before qubes-release got installed. Simply enable both dom0 and VM
services - they contains relevant start conditions.
2014-03-21 02:47:49 +01:00
Marek Marczykowski-Górecki
11e9e89341 version 2.0.7 2014-02-20 01:01:26 +01:00
Marek Marczykowski-Górecki
b8b4e105c0 qrexec-lib: return unsigned where only non-negative value is returned 2014-02-19 20:52:24 +01:00
Marek Marczykowski-Górecki
b12f1539a4 Add -Wextra -Werror to all C code
Not only the security-critical one.
2014-02-16 11:10:38 +01:00
Marek Marczykowski-Górecki
12a9049cfe Fix some more -Wextra warnings 2014-02-16 11:10:31 +01:00
Vincent Penquerc'h
03c9cb1388 Add a few consts where appropriate 2014-02-16 11:08:22 +01:00
Vincent Penquerc'h
9f3a74fd77 unpack: prevent ability to bypass the byte limit
By passing an empty file with a declared negative size,
a hostile VM can decrease the total bytes counter, while
not have do supply a huge amount of data, thus disabing
the byte size check, and potentially filling the target
filesystem.
2014-02-15 14:14:20 +01:00
Davíð Steinn Geirsson
b95e80779e archlinux: Fix missing symlink for archlinux template build 2014-02-15 08:32:31 +01:00
Marek Marczykowski-Górecki
c3f924373a version 2.0.6 2014-02-07 05:42:52 +01:00