Compare commits
18 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
0be42e4354 | ||
|
4b6924a27b | ||
|
5c6ad4c669 | ||
|
6e4fa03459 | ||
|
11365e353e | ||
|
d4b23691f1 | ||
|
0771ddaab3 | ||
|
9b762acd0b | ||
|
f6460d6e95 | ||
|
034b066700 | ||
|
d0a23bdd09 | ||
|
ba61c8405c | ||
|
bbdb5ed67f | ||
|
d6eb7e5c58 | ||
|
d88242bb99 | ||
|
509ae49001 | ||
|
72069d8526 | ||
|
129aeeacd5 |
2
Makefile
2
Makefile
@ -1,8 +1,10 @@
|
||||
ifndef LIBDIR
|
||||
ifeq ($(shell uname -m),x86_64)
|
||||
LIBDIR = /usr/lib64
|
||||
else
|
||||
LIBDIR = /usr/lib
|
||||
endif
|
||||
endif
|
||||
INCLUDEDIR = /usr/include
|
||||
|
||||
export LIBDIR INCLUDEDIR
|
||||
|
@ -6,7 +6,7 @@
|
||||
# Maintainer: Olivier Medoc <o_medoc@yahoo.fr>
|
||||
pkgname=qubes-vm-utils
|
||||
pkgver=`cat version`
|
||||
pkgrel=8
|
||||
pkgrel=9
|
||||
epoch=
|
||||
pkgdesc="Common Linux files for Qubes VM."
|
||||
arch=("x86_64")
|
||||
@ -37,13 +37,13 @@ for source in qrexec-lib udev qmemman core Makefile; do
|
||||
(ln -s $srcdir/../$source $srcdir/$source)
|
||||
done
|
||||
|
||||
make all
|
||||
make all LIBDIR=/usr/lib SBINDIR=/usr/bin
|
||||
|
||||
}
|
||||
|
||||
package() {
|
||||
|
||||
make install DESTDIR=$pkgdir
|
||||
make install DESTDIR=$pkgdir LIBDIR=/usr/lib SBINDIR=/usr/bin
|
||||
|
||||
}
|
||||
|
||||
|
@ -115,6 +115,8 @@ get_from_stream(), get_from_vm(), get_xdg_icon_from_vm(), get_through_dvm()'''
|
||||
maxhdrlen = imghdrlen(max_width, max_height)
|
||||
|
||||
untrusted_header = stream.readline(maxhdrlen)
|
||||
if len(untrusted_header) == 0:
|
||||
raise ValueError('No icon received')
|
||||
if not re_imghdr.match(untrusted_header):
|
||||
raise ValueError('Image format violation')
|
||||
header = untrusted_header
|
||||
@ -150,8 +152,9 @@ get_from_stream(), get_from_vm(), get_xdg_icon_from_vm(), get_through_dvm()'''
|
||||
p.stdin.write('{0}\n'.format(src))
|
||||
p.stdin.close()
|
||||
|
||||
try:
|
||||
img = cls.get_from_stream(p.stdout, **kwargs)
|
||||
|
||||
finally:
|
||||
p.stdout.close()
|
||||
if p.wait():
|
||||
raise Exception('Something went wrong with receiver')
|
||||
|
50
debian/changelog
vendored
50
debian/changelog
vendored
@ -1,3 +1,53 @@
|
||||
qubes-utils (2.0.21) wheezy; urgency=medium
|
||||
|
||||
* fedora: fix systemd service files permission
|
||||
* qrexec-lib: enable compiler optimization
|
||||
* udev: ignore temporary devices created during VM startup
|
||||
* udev: fix block devices ignoring rule
|
||||
* imgconverter: use more meaningful error for empty icon image
|
||||
* imgconverter: ensure that connection to the VM is properly closed
|
||||
|
||||
-- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Tue, 29 Sep 2015 12:47:50 +0200
|
||||
|
||||
qubes-utils (2.0.20) jessie; urgency=medium
|
||||
|
||||
* archlinux: fix new packaging requirements related to run, sbin,
|
||||
lib64...
|
||||
|
||||
-- Olivier MEDOC <o_medoc@yahoo.fr> Mon, 02 Feb 2015 00:19:22 +0100
|
||||
|
||||
qubes-utils (2.0.19) jessie; urgency=medium
|
||||
|
||||
* debian: O_TMPFILE already defined
|
||||
|
||||
-- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Sun, 01 Feb 2015 03:07:29 +0100
|
||||
|
||||
qubes-utils (2.0.18) jessie; urgency=medium
|
||||
|
||||
* filecopy: fix handling ENOENT error
|
||||
|
||||
-- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Fri, 23 Jan 2015 01:22:10 +0100
|
||||
|
||||
qubes-utils (2.0.17) jessie; urgency=medium
|
||||
|
||||
* filecopy: really do not use O_TMPFILE when use_tmpfile==0
|
||||
|
||||
-- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Wed, 21 Jan 2015 16:07:40 +0100
|
||||
|
||||
qubes-utils (2.0.16) jessie; urgency=medium
|
||||
|
||||
* filecopy: create new file unaccessible to the user until fully
|
||||
written
|
||||
|
||||
-- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Sun, 18 Jan 2015 18:05:35 +0100
|
||||
|
||||
qubes-utils (2.0.15) jessie; urgency=medium
|
||||
|
||||
[ HW42 ]
|
||||
* use systemd in debian
|
||||
|
||||
-- Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com> Mon, 01 Dec 2014 04:32:48 +0100
|
||||
|
||||
qubes-utils (2.0.14) jessie; urgency=medium
|
||||
|
||||
[ Marek Marczykowski-Górecki ]
|
||||
|
@ -1,5 +1,7 @@
|
||||
CC=gcc
|
||||
CFLAGS=-Wall -Wextra -Werror -g -O3
|
||||
SBINDIR ?= /usr/sbin
|
||||
|
||||
all: meminfo-writer
|
||||
|
||||
_XENSTORE_H=$(shell ls /usr/include/xenstore.h)
|
||||
@ -10,13 +12,13 @@ endif
|
||||
meminfo-writer: meminfo-writer.o
|
||||
$(CC) -g -o meminfo-writer meminfo-writer.o -lxenstore
|
||||
install:
|
||||
install -D meminfo-writer $(DESTDIR)/usr/sbin/meminfo-writer
|
||||
install -D meminfo-writer $(DESTDIR)$(SBINDIR)/meminfo-writer
|
||||
ifeq (1,${DEBIANBUILD})
|
||||
install -d $(DESTDIR)/lib/systemd/system/
|
||||
install -m 0644 qubes-meminfo-writer.service $(DESTDIR)/lib/systemd/system/
|
||||
else
|
||||
install -d $(DESTDIR)/usr/lib/systemd/system/
|
||||
install qubes-meminfo-writer*service $(DESTDIR)/usr/lib/systemd/system/
|
||||
install -m 0644 qubes-meminfo-writer*service $(DESTDIR)/usr/lib/systemd/system/
|
||||
endif
|
||||
clean:
|
||||
rm -f meminfo-writer xenstore-watch *.o
|
||||
|
@ -1,5 +1,5 @@
|
||||
CC=gcc
|
||||
CFLAGS+=-I. -g -Wall -Wextra -Werror -pie -fPIC
|
||||
CFLAGS+=-I. -g -O2 -Wall -Wextra -Werror -pie -fPIC
|
||||
XENLIBS=-lxenctrl -lxenstore -lvchan
|
||||
COMMONIOALL=ioall.o
|
||||
SO_VER=1
|
||||
|
@ -66,6 +66,8 @@ int copy_file(int outfd, int infd, long long size, unsigned long *crc32);
|
||||
const char *copy_file_status_to_str(int status);
|
||||
void set_size_limit(unsigned long long new_bytes_limit, unsigned long long new_files_limit);
|
||||
void set_verbose(int value);
|
||||
/* register open fd to /proc/PID/fd of this process */
|
||||
void set_procfs_fd(int value);
|
||||
int write_all(int fd, const void *buf, int size);
|
||||
int read_all(int fd, void *buf, int size);
|
||||
int copy_fd_all(int fdout, int fdin);
|
||||
|
@ -18,9 +18,21 @@ unsigned long long files_limit = 0;
|
||||
unsigned long long total_bytes = 0;
|
||||
unsigned long long total_files = 0;
|
||||
int verbose = 0;
|
||||
int use_tmpfile = 0;
|
||||
int procdir_fd = -1;
|
||||
|
||||
void send_status_and_crc(int code, const char *last_filename);
|
||||
|
||||
/* copy from asm-generic/fcntl.h */
|
||||
#ifndef __O_TMPFILE
|
||||
#define __O_TMPFILE 020000000
|
||||
#endif
|
||||
#ifndef O_TMPFILE
|
||||
/* a horrid kludge trying to make sure that this will fail on old kernels */
|
||||
#define O_TMPFILE (__O_TMPFILE | O_DIRECTORY)
|
||||
#define O_TMPFILE_MASK (__O_TMPFILE | O_DIRECTORY | O_CREAT)
|
||||
#endif
|
||||
|
||||
void do_exit(int code, const char *last_filename)
|
||||
{
|
||||
close(0);
|
||||
@ -39,6 +51,12 @@ void set_verbose(int value)
|
||||
verbose = value;
|
||||
}
|
||||
|
||||
void set_procfs_fd(int value)
|
||||
{
|
||||
procdir_fd = value;
|
||||
use_tmpfile = 1;
|
||||
}
|
||||
|
||||
unsigned long crc32_sum = 0;
|
||||
int read_all_with_crc(int fd, void *buf, int size) {
|
||||
int ret;
|
||||
@ -88,7 +106,21 @@ void process_one_file_reg(struct file_header *untrusted_hdr,
|
||||
const char *untrusted_name)
|
||||
{
|
||||
int ret;
|
||||
int fdout = open(untrusted_name, O_WRONLY | O_CREAT | O_EXCL | O_NOFOLLOW, 0700); /* safe because of chroot */
|
||||
int fdout = -1;
|
||||
|
||||
/* make the file inaccessible until fully written */
|
||||
if (use_tmpfile) {
|
||||
fdout = open(".", O_WRONLY | O_TMPFILE, 0700);
|
||||
if (fdout < 0) {
|
||||
if (errno==ENOENT)
|
||||
/* if it fails, do not attempt further use - most likely kernel too old */
|
||||
use_tmpfile = 0;
|
||||
else
|
||||
do_exit(errno, untrusted_name);
|
||||
}
|
||||
}
|
||||
if (fdout < 0)
|
||||
fdout = open(untrusted_name, O_WRONLY | O_CREAT | O_EXCL | O_NOFOLLOW, 0000); /* safe because of chroot */
|
||||
if (fdout < 0)
|
||||
do_exit(errno, untrusted_name);
|
||||
/* sizes are signed elsewhere */
|
||||
@ -105,6 +137,13 @@ void process_one_file_reg(struct file_header *untrusted_hdr,
|
||||
else
|
||||
do_exit(errno, untrusted_name);
|
||||
}
|
||||
fdatasync(fdout);
|
||||
if (use_tmpfile) {
|
||||
char fd_str[7];
|
||||
snprintf(fd_str, sizeof(fd_str), "%d", fdout);
|
||||
if (linkat(procdir_fd, fd_str, AT_FDCWD, untrusted_name, AT_SYMLINK_FOLLOW) < 0)
|
||||
do_exit(errno, untrusted_name);
|
||||
}
|
||||
close(fdout);
|
||||
fix_times_and_perms(untrusted_hdr, untrusted_name);
|
||||
}
|
||||
|
@ -34,6 +34,13 @@ if [ "$MAJOR" -eq 7 -a ! -d /sys/$DEVPATH/loop ]; then
|
||||
xs_remove
|
||||
exit 0
|
||||
fi
|
||||
# ... and temporary devices used during VM startup
|
||||
if [[ "$NAME" = 'loop'* ]] && \
|
||||
[[ "`cat /sys/block/${NAME%p*}/loop/backing_file`" = \
|
||||
'/var/lib/qubes/'*'/volatile.img' ]]; then
|
||||
xs_remove
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Check if device is read-only
|
||||
if [ "`cat /sys/$DEVPATH/ro`" -eq 1 ]; then
|
||||
|
Loading…
Reference in New Issue
Block a user