Commit Graph

53 Commits

Author SHA1 Message Date
palainp
fe99021dc0 add minimal README information about using mirage-firewall without netvm 2023-06-30 17:06:17 +02:00
palainp
eb4d0fc371 update documentation 2022-10-11 13:20:07 +02:00
Hannes Mehnert
61767ef0d5
Merge pull request #140 from palainp/mirage4
update to mirage 4.2.0 & mirage-xen 8.0.0
2022-08-30 16:29:10 +02:00
palainp
008b5b3b2f drop PV from README.md for recent versions of qubes-mirage-firewall 2022-08-13 16:59:09 +02:00
palainp
a99d7f8792 update to mirage 4.0.0 & mirage-xen 7.0.0 2022-03-30 03:12:01 -04:00
Thomas Leonard
d8ae7f749c Update README 2020-10-28 11:00:13 +00:00
Hannes Mehnert
c173bf1cb0 README: use kernelopts='' instead of None 2020-10-24 12:43:08 +02:00
Krzysztof Burghardt
f9842e8b18
Do not run tar in dom0 (closes #84).
Do not run tar and bzip2 in dom0 to decompresses and extract archive
data created in, or downloaded to domU as any vulnerabilities in them
can compromise Qubes OS security model.

Instead of that run both tar and bzip2 in domU and copy unikernel to
dom0 as described in official Qubes documentation ["Copying from (and to)
dom0"](https://www.qubes-os.org/doc/copy-from-dom0/#copying-to-dom0).

Auxiliary files required to run unikernel in Qubes OS domU can be easily
created directly in dom0 using trusted tools available there.
2020-06-20 01:16:29 +02:00
linse
3ee01b5243 changes for 0.7.1
Co-Authored-By: hannes <hannes@mehnert.org>
2020-06-19 09:44:15 +00:00
linse
60ebd61b72 Update documentation. 2020-05-19 16:48:48 +02:00
linse
87df5bdcc0 Read firewall rules from QubesDB. The module Rules contains a rule matcher instead of hardcoded rules now.
Co-Authored-By: Mindy Preston <yomimono@users.noreply.github.com>
2020-05-15 16:25:46 +02:00
Snowy Marmot
dad1f6a723
Update per review
Update with suggested wording per talex5
2019-12-14 00:24:55 +00:00
Snowy Marmot
315fe4681e
Note that AppVM Size may need to increase
Add note that AppVM used to build from source may need a private image larger than the default 2048MB.
2019-11-27 16:01:58 +00:00
xaki23
cac3e53be1 README: create the symlink-redirected docker dir
Otherwise, installing the docker package removes the dangling symlink.
2019-07-28 17:35:59 +01:00
jaseg
0a4b01a841
Fix ln(1) call in build instructions
The arguments were backwards. [```ln``` takes the link target first, then the link name](https://linux.die.net/man/1/ln).
2019-05-31 12:50:33 +09:00
yomimono
7d22eafa59
Merge pull request #68 from talex5/updatevm
Note that mirage-firewall cannot be used as UpdateVM
2019-05-29 17:55:25 -05:00
Thomas Leonard
3ab7284a64 Note that mirage-firewall cannot be used as UpdateVM
Reported at: https://groups.google.com/forum/#!topic/qubes-users/YPFtbwyoUjc
2019-05-29 15:25:10 +01:00
Thomas Leonard
de7d05ebfa Fix typos in docs 2019-05-29 09:01:08 +01:00
Thomas Leonard
eec1e985e5 Add overview of the main components of the firewall 2019-05-06 10:35:51 +01:00
Thomas Leonard
eb14f7e777 Link to security advisories from README
Also, link from binary installation to deployment section.
2019-04-26 12:39:34 +01:00
Thomas Leonard
5958cfed97 Clarify how to build from source 2019-04-08 10:43:30 +01:00
Thomas Leonard
bd7babeda0 Remove Qubes 3 instructions from README
See https://www.qubes-os.org/news/2019/03/28/qubes-3-2-has-reached-eol/
2019-04-04 11:05:49 +01:00
Thomas Leonard
ab88d413c4
Update links from talex5 to mirage 2019-02-26 16:57:40 +00:00
Thomas Leonard
2edb088650 Update to latest Debian and opam
Reported by Honzoo.
2019-02-01 09:36:08 +00:00
Thomas Leonard
0d0159b56f Update build instructions for latest Fedora
`yum` no longer exists. Also, show how to create a symlink for
/var/lib/docker on build VMs that aren't standalone.

Reported by xaki23.
2018-11-04 14:36:19 +00:00
Thomas Leonard
b77d91cb20 Add installation instructions for Qubes 4 2018-01-06 12:24:50 +00:00
Thomas Leonard
b114e569f2 Use Git master for shared-memory-ring and netchannel
This adds support for HVM and disposable domains.

Also, update the suggested RAM allocation slightly as 20 MB can be too
small with lots of VMs.
2017-11-09 17:08:59 +00:00
Thomas Leonard
f4df389713 Add more detailed installation instructions 2017-04-07 13:10:10 +01:00
Thomas Leonard
78f25ea2c5 Fix build instructions
No need to run `make tar` manually now.
2017-03-27 13:45:06 +01:00
Thomas Leonard
583366b22b Remove non-Docker build instructions
Fedora 24 doesn't work with opam (because the current binary release of
aspcud's clasp binary segfaults, which opam reports as `External solver
failed with inconsistent return value.`).
2017-03-18 17:59:06 +00:00
Thomas Leonard
5158853c30 Update README 2017-03-18 11:34:22 +00:00
Thomas Leonard
75dd8503c5 Use LRU cache to prevent out-of-memory errors 2017-03-18 09:56:07 +00:00
Thomas Leonard
b4079ac861 Update to new mirage-nat API 2017-03-05 17:04:05 +00:00
Thomas Leonard
bb78a726e4 Mirage 3 support 2017-03-04 17:22:58 +00:00
Thomas Leonard
036d92b0ff Update README: you need "sudo docker" by default 2017-01-28 15:19:05 +00:00
Thomas Leonard
d6074f2271 Add option to build with Docker 2017-01-09 18:44:30 +00:00
Thomas Leonard
0230cfaf1e Updates for mirage 2.9.0
- Unpin bootvar and use register ~argv:no_argv` instead.
- Use new name for uplink device ("0", not "tap0").
- Don't configure logging - mirage does that for us now.
2016-05-14 10:44:57 +01:00
Thomas Leonard
1134b64f5e Remove tcpip pin
The 2.7.0 release has the checksum feature we need.
2016-03-23 14:53:01 +00:00
Thomas Leonard
74ae5b6078 Remove mirage-xen pin
mirage-xen 2.4.0 has been released with the required features.

(also fixes indentation problem reported by @cfcs in #6)
2016-03-19 20:14:23 +00:00
Thomas Leonard
368d6e96c5 Add ncurses-dev to required yum packages
The ocamlfind package has started listing this as a required dependency
for some reason, although it appears not to need it.

Fixes #4, reported by cyrinux.
2016-03-05 11:54:58 +00:00
Thomas Leonard
08bc6e2b00 Add work-around for Qubes passing Linux kernel arguments
With the new Functoria release of Mirage, these unrecognised arguments
prevented the unikernel from booting.

See: https://github.com/mirage/mirage/issues/493
2016-03-01 09:41:43 +00:00
Thomas Leonard
70d7fe5d1b Remove mirage-logs pin
Now available from the main repository.
2016-02-19 09:47:44 +00:00
Thomas Leonard
26adeee1da Remove mirage-qubes pin
mirage-qubes 0.2 has been released, and supports the latests Logs API.
2016-01-20 12:02:36 +00:00
Thomas Leonard
987834f6a6 Use mirage-logs library for log reporter
Also, configure Xen debug messages to go to the log ring buffer but not
the console (they will be shown only if an error occurs).
2016-01-11 16:40:26 +00:00
Thomas Leonard
4ddb80cd9d Remove mirage-net-xen pin
Version 1.5 has now been released, and includes netback support.
2016-01-11 12:00:57 +00:00
Thomas Leonard
e05a92da50 Update to new Logs API
Note: this reintroduces mirage-qubes pin, as that uses Logs too.
2016-01-08 11:40:11 +00:00
Thomas Leonard
54ad568612 Remove pin for mirage-clock-xen
New version has been released now.
2016-01-05 18:37:32 +00:00
Thomas Leonard
7e68eebbc8 Remove mirage-qubes pin; it's released now 2016-01-05 13:49:16 +00:00
Thomas Leonard
61c4c730d4 Link to blog post 2016-01-02 08:34:39 +00:00
Thomas Leonard
7e76123a37 Build also requires patch
Reported by William Waites.
2016-01-02 08:30:29 +00:00