diff --git a/developer/system/gui.md b/developer/system/gui.md index dfd04801..6de31dc7 100644 --- a/developer/system/gui.md +++ b/developer/system/gui.md @@ -90,9 +90,10 @@ Clipboard sharing implementation Certainly, it would be insecure to allow AppVM to read/write the clipboards of other AppVMs unconditionally. Therefore, the following mechanism is used: -- there is a "qubes clipboard" in dom0 - its contents are stored in a regular file in dom0. +- there is a "qubes clipboard" in dom0 - its contents are stored in a regular file in dom0 as `/run/qubes/qubes-clipboard.bin`. - if the user wants to copy local AppVM clipboard to qubes clipboard, she must focus on any window belonging to this AppVM, and press **Ctrl-Shift-C**. This combination is trapped by `qubes-guid`, and `CLIPBOARD_REQ` message is sent to AppVM. `qubes-gui` responds with `CLIPBOARD_DATA` message followed by clipboard contents. - the user focuses on other AppVM window, presses **Ctrl-Shift-V**. This combination is trapped by `qubes-guid`, and `CLIPBOARD_DATA` message followed by qubes clipboard contents is sent to AppVM; `qubes-gui` copies data to the local clipboard, and then user can paste its contents to local applications normally. +- a supplementary JSON metadata file will be saved as `/run/qubes/qubes-clipboard.bin.metadata` on global clipboard copy or paste actions. Explanation of each field is available in `xside.h` header file of `qubes-guid` under `clipboard_metadata` structure. While the output from `qubes-guid` is fully JSON compatible, the `qubes-guid` parser is limited. It expects line breaks after each key-value pair and only one key-value pair per line. Opening and closing curly braces should be on their own lines. There should be no leading white-space. This way, the user can quickly copy clipboards between AppVMs. This action is fully controlled by the user, it cannot be triggered/forced by any AppVM. diff --git a/developer/system/template-implementation.md b/developer/system/template-implementation.md index 4feb91fb..1bd4dd2b 100644 --- a/developer/system/template-implementation.md +++ b/developer/system/template-implementation.md @@ -73,19 +73,9 @@ When TemplateVM is stopped, the xen script moves root-cow.img to root-cow.img.ol #### Rollback template changes -There is possibility to rollback last template changes. Saved root-cow.img.old contains all changes made during last TemplateVM run. Rolling back changes is done by reverting this "binary patch". +There is possibility to rollback last template changes. Using the automatic snapshot that is normally saved every time the template is shutdown. -This is done using snapshot-merge device-mapper target (available from 2.6.34 kernel). It requires that no other snapshot device uses underlying block devices (root.img, root-cow.img via loop device). Because of this all AppVMs based on this template must be halted during this operation. - -Steps performed by **qvm-revert-template-changes**: - -1. Ensure that no other VMs uses this template. -2. Prepare snapshot device with ***root-cow.img.old*** instead of *root-cow.img* (*/etc/xen/scripts/block-snapshot prepare*). -3. Replace *snapshot* device-mapper target with *snapshot-merge*, other parameters (chunk size etc) remains untouched. Now kernel starts merging changes stored in *root-cow.img.old* into *root.img*. d-m device can be used normally (if needed). -4. Waits for merge completed: *dmsetup status* shows used snapshot blocks – it should be equal to metadata size when completed. -5. Replace *snapshot-merge* d-m target back to *snapshot*. -6. Cleanup snapshot device (if nobody uses it at the moment). -7. Move *root-cow.img.old* to *root-cow.img* (overriding existing file). +Refer to volume backup and revert [documentation](/doc/volume-backup-revert) for more information. ### Snapshot device in AppVM diff --git a/introduction/intro.md b/introduction/intro.md index 142d4095..a9089ea6 100644 --- a/introduction/intro.md +++ b/introduction/intro.md @@ -19,7 +19,7 @@ title: Introduction
Qubes OS is a free and open-source, security-oriented operating system for single-user desktop computing. Qubes OS leverages - + Xen-based virtualization to allow for the creation and management of isolated compartments called qubes.
diff --git a/introduction/issue-tracking.md b/introduction/issue-tracking.md index 3296210e..5326e698 100644 --- a/introduction/issue-tracking.md +++ b/introduction/issue-tracking.md @@ -41,7 +41,7 @@ Great! Thank you for taking the time and effort to help improve Qubes! To ensure 1. Carefully read our issue tracking [guidelines](#guidelines). If your issue would violate any of the guidelines, **stop**. Please do not submit it. 2. [Search through the existing issues](#search-tips), both open and closed, to see if your issue already exists. If it does, **stop**. [Do not open a duplicate.](/doc/issue-tracking/#new-issues-should-not-be-duplicates-of-existing-issues) Instead, comment on the existing issue. 3. Go [here](https://github.com/QubesOS/qubes-issues/issues/new/choose). - 4. Select the [type](#type) of issue you want to open. + 4. Select the [type](#types) of issue you want to open. 5. Enter a descriptive title. 6. Do not delete the provided issue template. Fill out every applicable section. 7. Make sure to mention any relevant documentation and other issues you've already seen. We don't know what you've seen unless you tell us. If you don't list it, we'll assume you haven't seen it. @@ -51,36 +51,36 @@ Great! Thank you for taking the time and effort to help improve Qubes! To ensure Eventually, your issue may be closed. See [how issues get closed](/doc/issue-tracking/#how-issues-get-closed) for details about when, why, and how this occurs. -## Labels and projects +## How issues are organized -Labels and projects are features of GitHub's issue tracking system that we use to keep [qubes-issues](https://github.com/QubesOS/qubes-issues/issues) organized. +Issues can have several different properties and be organized in various ways. This section explains how we use labels, issue types, projects, and other features of GitHub's issue tracking system in order to keep [qubes-issues](https://github.com/QubesOS/qubes-issues/issues) organized. ### Labels -When an issue is first created, certain [labels](https://github.com/QubesOS/qubes-issues/labels) may automatically be applied to it based on the type of issue the reporter selected. For example, if someone selects the "Bug report" template, then the `T: bug` label will automatically be applied to that issue. After that, only Qubes team members have permission to modify labels. Many labels have descriptions on them that can be viewed by hovering over them or on the [list of labels](https://github.com/QubesOS/qubes-issues/labels). Let's go over some of the most important ones. - -#### Type - -There are three issue **types**: `T: bug`, `T: enhancement`, and `T: task`. - -- `T: bug` --- Type: bug report. A problem or defect resulting in unintended behavior in something that exists. -- `T: enhancement` --- Type: enhancement. A new feature that does not yet exist **or** improvement of existing functionality. -- `T: task` --- Type: task. An action item that is neither a bug nor an enhancement. - -Every open issue should have **exactly one** type. An open issue should not have more than one type, and it should not lack a type entirely. Bug reports are for problems in things that already exist. If something doesn't exist yet, but you think it ought to exist, then use `T: enhancement` instead. If something already exists, but you think it could be improved in some way, you should again use `T: enhancement`. `T: task` is for issues that fall under neither `T: bug` nor `T: enhancement`. +When an issue is first created, it will receive the `P: default` (i.e., default priority) [label](https://github.com/QubesOS/qubes-issues/labels) automatically. After an issue has been created, only Qubes team members have permission to modify labels. Many labels have descriptions on them that can be viewed by hovering over them or on the [list of labels](https://github.com/QubesOS/qubes-issues/labels). Let's go over some of the most important ones. #### Priority -There are several issue **priority** levels ranging from `P: minor` to `P: blocker` (see [here](https://github.com/QubesOS/qubes-issues/labels?q=P%3A) for the full list). Every open issue should have **exactly one** priority. An open issue should not have more than one priority, and it should not lack a priority entirely. See [here](/doc/version-scheme/#bug-priorities) for details about how the developers use these priorities. +There are several issue **priority** levels ranging from `P: minor` to `P: blocker` (see [here](https://github.com/QubesOS/qubes-issues/labels?q=P%3A) for the full list). Every open issue should have exactly one priority. An open issue should not have more than one priority, and it should not lack a priority entirely. See [here](/doc/version-scheme/#bug-priorities) for details about how the developers use these priorities. #### Component -There are many **component** labels, each beginning with `C:` (see [here](https://github.com/QubesOS/qubes-issues/labels?q=C%3A) for the full list). Every open issue should have **at least one** component. An open issue may have more than one component, but it should not lack a component entirely. When no other component applies, use `C: other`. +There are many **component** labels, each beginning with `C:` (see [here](https://github.com/QubesOS/qubes-issues/labels?q=C%3A) for the full list). Every open issue should have at least one component. An open issue may have more than one component, but it should not lack a component entirely. When no other component applies, use `C: other`. #### Affected release A label of the form `affects-qubes-dom0-update
, dnf update
, and apt update
is not recommended, since these bypass built-in Qubes OS update security measures. Instead, we strongly recommend using the Qubes Update tool or its command-line equivalents, as described below. (By contrast, installing packages using direct package manager commands is fine.)
+ Warning: Updating with direct commands such as dnf update
, and apt update
is not recommended, since these bypass built-in Qubes OS update security measures. Instead, we strongly recommend using the Qubes Update tool or its command-line equivalents, as described below. (By contrast, installing packages using direct package manager commands is fine.)