Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: QubesOS/qubes-core-agent-linux
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v4.2.38
Choose a base ref
...
head repository: QubesOS/qubes-core-agent-linux
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v4.2.39
Choose a head ref
  • 5 commits
  • 5 files changed
  • 4 contributors

Commits on Dec 8, 2024

  1. qubes-fs-tree-check: Detect if a directory is unsafe for display 

    When processing directories, process_dirent() detected filenames that
are unsafe for display and set "bad" to true, but "bad" was not used to
determine the return value of process_dirent().  Instead, the function
tail-called simple_fs_walk().  Therefore, directories with unsafe
filenames were not detected.  This caused qubes.Filecopy to be used
instead of qubes.Filecopy+allow-all-names.  qubes.Filecopy (correctly)
rejects the directory.

Fix the bug by ensuring that if bad is set to true, process_dirent()
returns true even if the function recurses into simple_fs_walk().  This
will cause qubes.Filecopy+allow-all-names to be used, which will accept
the directory and allow the copy to succeed.

Fixes: QubesOS/qubes-issues#9567
(cherry picked from commit 9004e75)
    @DemiMarie @marmarek
    DemiMarie authored and marmarek committed Dec 8, 2024
    Configuration menu
    Copy the full SHA
    59b2959 View commit details
    Browse the repository at this point in the history

  2. debian: use polkitd instead of policykit-1 

    In bookworm, policykit-1 is a "transitional package".
For example, see Debian Changelog for network-manager (1.40.6-1).

(cherry picked from commit c9c80e5)
    @m-dhooge @marmarek
    m-dhooge authored and marmarek committed Dec 8, 2024
    Configuration menu
    Copy the full SHA
    31cf726 View commit details
    Browse the repository at this point in the history

  3. qubes-fs-tree-check: add --help 

    This improves UX.

(cherry picked from commit 4210c63)
    @DemiMarie @marmarek
    DemiMarie authored and marmarek committed Dec 8, 2024
    Configuration menu
    Copy the full SHA
    9b79581 View commit details
    Browse the repository at this point in the history

  4. Sync other systemd /tmp mount options with Fedora 

    The Qubes config for systemd /tmp mount options overrides the size of
/tmp due to memory ballooning. However, it only copies some of the
other options. This patch syncs with Fedora by also adding the options
nosuid,nodev,nr_inodes=1m. Setting nosuid and nodev should have minor
security benefits.

Increasing nr_inodes is important because otherwise the default is
nr_inodes=44492, which is too few inodes for software like "opam" which
uses /tmp as a staging directory.

(cherry picked from commit eb83bb7)
    @dmoerner @marmarek
    dmoerner authored and marmarek committed Dec 8, 2024
    Configuration menu
    Copy the full SHA
    305f034 View commit details
    Browse the repository at this point in the history

  5. version 4.2.39

    @marmarek
    marmarek committed Dec 8, 2024
    Configuration menu
    Copy the full SHA
    e42183b View commit details
    Browse the repository at this point in the history
Loading