Thomas Leonard
d8ae7f749c
Update README
2020-10-28 11:00:13 +00:00
Hannes Mehnert
c173bf1cb0
README: use kernelopts='' instead of None
2020-10-24 12:43:08 +02:00
Krzysztof Burghardt
f9842e8b18
Do not run tar in dom0 ( closes #84 ).
...
Do not run tar and bzip2 in dom0 to decompresses and extract archive
data created in, or downloaded to domU as any vulnerabilities in them
can compromise Qubes OS security model.
Instead of that run both tar and bzip2 in domU and copy unikernel to
dom0 as described in official Qubes documentation ["Copying from (and to)
dom0"](https://www.qubes-os.org/doc/copy-from-dom0/#copying-to-dom0 ).
Auxiliary files required to run unikernel in Qubes OS domU can be easily
created directly in dom0 using trusted tools available there.
2020-06-20 01:16:29 +02:00
linse
3ee01b5243
changes for 0.7.1
...
Co-Authored-By: hannes <hannes@mehnert.org>
2020-06-19 09:44:15 +00:00
linse
60ebd61b72
Update documentation.
2020-05-19 16:48:48 +02:00
linse
87df5bdcc0
Read firewall rules from QubesDB. The module Rules contains a rule matcher instead of hardcoded rules now.
...
Co-Authored-By: Mindy Preston <yomimono@users.noreply.github.com>
2020-05-15 16:25:46 +02:00
Snowy Marmot
dad1f6a723
Update per review
...
Update with suggested wording per talex5
2019-12-14 00:24:55 +00:00
Snowy Marmot
315fe4681e
Note that AppVM Size may need to increase
...
Add note that AppVM used to build from source may need a private image larger than the default 2048MB.
2019-11-27 16:01:58 +00:00
xaki23
cac3e53be1
README: create the symlink-redirected docker dir
...
Otherwise, installing the docker package removes the dangling symlink.
2019-07-28 17:35:59 +01:00
jaseg
0a4b01a841
Fix ln(1) call in build instructions
...
The arguments were backwards. [```ln``` takes the link target first, then the link name](https://linux.die.net/man/1/ln ).
2019-05-31 12:50:33 +09:00
yomimono
7d22eafa59
Merge pull request #68 from talex5/updatevm
...
Note that mirage-firewall cannot be used as UpdateVM
2019-05-29 17:55:25 -05:00
Thomas Leonard
3ab7284a64
Note that mirage-firewall cannot be used as UpdateVM
...
Reported at: https://groups.google.com/forum/#!topic/qubes-users/YPFtbwyoUjc
2019-05-29 15:25:10 +01:00
Thomas Leonard
de7d05ebfa
Fix typos in docs
2019-05-29 09:01:08 +01:00
Thomas Leonard
eec1e985e5
Add overview of the main components of the firewall
2019-05-06 10:35:51 +01:00
Thomas Leonard
eb14f7e777
Link to security advisories from README
...
Also, link from binary installation to deployment section.
2019-04-26 12:39:34 +01:00
Thomas Leonard
5958cfed97
Clarify how to build from source
2019-04-08 10:43:30 +01:00
Thomas Leonard
bd7babeda0
Remove Qubes 3 instructions from README
...
See https://www.qubes-os.org/news/2019/03/28/qubes-3-2-has-reached-eol/
2019-04-04 11:05:49 +01:00
Thomas Leonard
ab88d413c4
Update links from talex5 to mirage
2019-02-26 16:57:40 +00:00
Thomas Leonard
2edb088650
Update to latest Debian and opam
...
Reported by Honzoo.
2019-02-01 09:36:08 +00:00
Thomas Leonard
0d0159b56f
Update build instructions for latest Fedora
...
`yum` no longer exists. Also, show how to create a symlink for
/var/lib/docker on build VMs that aren't standalone.
Reported by xaki23.
2018-11-04 14:36:19 +00:00
Thomas Leonard
b77d91cb20
Add installation instructions for Qubes 4
2018-01-06 12:24:50 +00:00
Thomas Leonard
b114e569f2
Use Git master for shared-memory-ring and netchannel
...
This adds support for HVM and disposable domains.
Also, update the suggested RAM allocation slightly as 20 MB can be too
small with lots of VMs.
2017-11-09 17:08:59 +00:00
Thomas Leonard
f4df389713
Add more detailed installation instructions
2017-04-07 13:10:10 +01:00
Thomas Leonard
78f25ea2c5
Fix build instructions
...
No need to run `make tar` manually now.
2017-03-27 13:45:06 +01:00
Thomas Leonard
583366b22b
Remove non-Docker build instructions
...
Fedora 24 doesn't work with opam (because the current binary release of
aspcud's clasp binary segfaults, which opam reports as `External solver
failed with inconsistent return value.`).
2017-03-18 17:59:06 +00:00
Thomas Leonard
5158853c30
Update README
2017-03-18 11:34:22 +00:00
Thomas Leonard
75dd8503c5
Use LRU cache to prevent out-of-memory errors
2017-03-18 09:56:07 +00:00
Thomas Leonard
b4079ac861
Update to new mirage-nat API
2017-03-05 17:04:05 +00:00
Thomas Leonard
bb78a726e4
Mirage 3 support
2017-03-04 17:22:58 +00:00
Thomas Leonard
036d92b0ff
Update README: you need "sudo docker" by default
2017-01-28 15:19:05 +00:00
Thomas Leonard
d6074f2271
Add option to build with Docker
2017-01-09 18:44:30 +00:00
Thomas Leonard
0230cfaf1e
Updates for mirage 2.9.0
...
- Unpin bootvar and use register ~argv:no_argv` instead.
- Use new name for uplink device ("0", not "tap0").
- Don't configure logging - mirage does that for us now.
2016-05-14 10:44:57 +01:00
Thomas Leonard
1134b64f5e
Remove tcpip pin
...
The 2.7.0 release has the checksum feature we need.
2016-03-23 14:53:01 +00:00
Thomas Leonard
74ae5b6078
Remove mirage-xen pin
...
mirage-xen 2.4.0 has been released with the required features.
(also fixes indentation problem reported by @cfcs in #6 )
2016-03-19 20:14:23 +00:00
Thomas Leonard
368d6e96c5
Add ncurses-dev to required yum packages
...
The ocamlfind package has started listing this as a required dependency
for some reason, although it appears not to need it.
Fixes #4 , reported by cyrinux.
2016-03-05 11:54:58 +00:00
Thomas Leonard
08bc6e2b00
Add work-around for Qubes passing Linux kernel arguments
...
With the new Functoria release of Mirage, these unrecognised arguments
prevented the unikernel from booting.
See: https://github.com/mirage/mirage/issues/493
2016-03-01 09:41:43 +00:00
Thomas Leonard
70d7fe5d1b
Remove mirage-logs pin
...
Now available from the main repository.
2016-02-19 09:47:44 +00:00
Thomas Leonard
26adeee1da
Remove mirage-qubes pin
...
mirage-qubes 0.2 has been released, and supports the latests Logs API.
2016-01-20 12:02:36 +00:00
Thomas Leonard
987834f6a6
Use mirage-logs library for log reporter
...
Also, configure Xen debug messages to go to the log ring buffer but not
the console (they will be shown only if an error occurs).
2016-01-11 16:40:26 +00:00
Thomas Leonard
4ddb80cd9d
Remove mirage-net-xen pin
...
Version 1.5 has now been released, and includes netback support.
2016-01-11 12:00:57 +00:00
Thomas Leonard
e05a92da50
Update to new Logs API
...
Note: this reintroduces mirage-qubes pin, as that uses Logs too.
2016-01-08 11:40:11 +00:00
Thomas Leonard
54ad568612
Remove pin for mirage-clock-xen
...
New version has been released now.
2016-01-05 18:37:32 +00:00
Thomas Leonard
7e68eebbc8
Remove mirage-qubes pin; it's released now
2016-01-05 13:49:16 +00:00
Thomas Leonard
61c4c730d4
Link to blog post
2016-01-02 08:34:39 +00:00
Thomas Leonard
7e76123a37
Build also requires patch
...
Reported by William Waites.
2016-01-02 08:30:29 +00:00
Thomas Leonard
a801e538f2
Add 'make tar' build target
2016-01-01 15:49:06 +00:00
Thomas Leonard
cd69ce5a86
Move NAT code to router and add DNS redirects
2015-12-30 19:34:04 +00:00
Thomas Leonard
914b6bbbf6
Initial import
2015-12-30 11:07:17 +00:00