WIP: Add README.md files describing qubes-core-agent-linux and its subprojects

filesystem/README.md

@@ -0,0 +1,17 @@
+Filesystem
+----------
+
+Defines filesystem layout for VM-s. Apart from rootfs, which is not
+persistent for App VM instances, there's read-write filesystem mounted
+for `/home/` and `/usr/local`.
+
+Bind-dirs
+---------
+
+`30_cron.conf` defines bind-dir for directory where cron keeps state.
+This is needed to avoid duplicate run of jobs.
+
+To learn more about bind-dirs, see
+[How to make any file in a TemplateBasedVM persistent
+using bind-dirs](https://www.qubes-os.org/doc/bind-dirs/) in [User
+Documentation](https://www.qubes-os.org/doc/#user-documentation).

package-managers/README.md

@@ -3,7 +3,7 @@ Package managers
 
 Each Qubes VM should notify Qubes updater in dom0 of new updates
 available for the particular template or standalone VM.
-The is the configuration and hooks for various package managers to
+This is the configuration and hooks for various package managers to
 interact with Qubes updater. Moreover Qubes OS dom0 updates are
 downloaded by a Qubes VM, rather directly in dom0 which doesn't have
 networking configured at all.
@@ -15,11 +15,41 @@ dom0 updates download
 in VM. It needs to be installed in VM which will handle dom0 updates
 download only.
 
+App VM
+------
+
+Below is the list of universal scripts intended to be installed for all
+distributions. The `upgrades-installed-check`  script should be extended
+with support for any new package manager that is used by a App VM.
+
+- `upgrades-installed-check` - Checks whether there are any pending
+  upgrades for various distributions.
+- `upgrades-status-notify` - Notifies dom0 of any pending upgrades.
+
 Apt
 ---
 
-The configuration includes:
+Below is the list of Apt specific files and configuration.
+
+- `apt-conf-00notify-hook` - Hook to notify dom0.
+- `apt-conf-70no-unattended` - Disables unattended upgrades. We don't
+  want to App VM instances to upgrade themselves. And the upgrades
+  installation is managed by Qubes updater.
+- `apt-qubes-archive-keyring.gpg` - Qubes public GPG key signing Qubes
+  deb packages.
+- `apt-qubes-r4.list.in`- List of repos with Qubes packages for VM.
+
+DNF/Yum
+-------
+
+Below is the list of DNF and Yum specific files and configuration.
 
-1. Hook to notify dom0.
-2. Disabling unattended upgrades (Qubes updater).
-3. List of repos with Qubes packages for VM.
+- `dnf-qubes-hooks.conf`
+- `dnf-qubes-hooks.py`
+- `qubes-download-dom0-updates.sh`
+- `RPM-GPG-KEY-qubes-4-centos`
+- `RPM-GPG-KEY-qubes-4-primary`
+- `RPM-GPG-KEY-qubes-4-unstable`
+- `yum-qubes-hooks.conf`
+- `yum-qubes-hooks.py`
+- `yum-qubes-r4.repo.in`

passwordless-root/README.md

@@ -0,0 +1,31 @@
+Passwordless root
+-----------------
+
+Disables any authentication for root user in App VM.
+
+In Qubes VMs there is no point in isolating the root account from
+the user account. This is because all the user data are already
+accessible from the user account, so there is no direct benefit for
+the attacker if she could escalate to root.
+
+At the same time allowing for easy user-to-root escalation in a VM
+is simply convenient for users, especially for update installation.
+
+
+Sudoers
+-------
+
+`qubes.sudoers` - grants the default user permission to run any commands
+as root without being prompted for password.
+
+
+Polkit
+------
+
+TODO
+
+
+PAM
+---
+
+For Debian only. TODO