Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2024-12-26 07:49:34 -05:00
Code Issues Packages Projects Releases Wiki Activity

Edit qrexec-client command line examples

Browse Source 
- remove absolute paths from qrexec-client calls
- add shell prompt characters
This commit is contained in:
pierwill 2019-08-12 11:40:43 -05:00
parent 5ea1118fa1
commit 6bf95dab39
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
developer/services/qrexec.md
View File

@ -42,7 +42,7 @@ Once this channel is established, stdin/stdout/stderr from the VMprocess is pass
The `qrexec-client` command is used to make connections to VMs from dom0. The `qrexec-client` command is used to make connections to VMs from dom0.
For example, the following command For example, the following command
qrexec-client -e -d someVM user:'touch hello-world.txt' $ qrexec-client -e -d someVM user:'touch hello-world.txt'
creates an empty file called `hello-world.txt` in the home folder of `someVM`. creates an empty file called `hello-world.txt` in the home folder of `someVM`.
@ -51,7 +51,7 @@ The `-e` flag tells `qrexec-client` to exit immediately after sending the execut
With this option, no further data is passed between the domains. With this option, no further data is passed between the domains.
By contrast, the following command demonstrates an open channel between dom0 and someVM (in this case, a remote shell): By contrast, the following command demonstrates an open channel between dom0 and someVM (in this case, a remote shell):
qrexec-client -d someVM user:bash $ qrexec-client -d someVM user:bash
The `qvm-run` command is heavily based on `qrexec-client`. The `qvm-run` command is heavily based on `qrexec-client`.
It also takes care of additional activities, e.g. starting the domain if it is not up yet and starting the GUI daemon. It also takes care of additional activities, e.g. starting the domain if it is not up yet and starting the GUI daemon.
@ -121,14 +121,14 @@ In the target VM, the `/etc/qubes-rpc/RPC_ACTION_NAME` must exist, containing th
In the src VM, one should invoke the client via: In the src VM, one should invoke the client via:
/usr/lib/qubes/qrexec-client-vm target_vm_name RPC_ACTION_NAME rpc_client_path client arguments $ qrexec-client-vm target_vm_name RPC_ACTION_NAME rpc_client_path client arguments
Note that only stdin/stdout is passed between RPC server and client -- notably, no command line arguments are passed. Note that only stdin/stdout is passed between RPC server and client -- notably, no command line arguments are passed.
Source VM name is specified by `QREXEC_REMOTE_DOMAIN` environment variable. Source VM name is specified by `QREXEC_REMOTE_DOMAIN` environment variable.
By default, stderr of client and server is logged to respective `/var/log/qubes/qrexec.XID` files. By default, stderr of client and server is logged to respective `/var/log/qubes/qrexec.XID` files.
It is also possible to call service without specific client program - in which case server stdin/out will be connected with the terminal: It is also possible to call service without specific client program - in which case server stdin/out will be connected with the terminal:
/usr/lib/qubes/qrexec-client-vm target_vm_name RPC_ACTION_NAME $ qrexec-client-vm target_vm_name RPC_ACTION_NAME
Target VM can be specified also as `@dispvm:DISP_VM`, which is very similar to `@dispvm` but forces using a particular VM (`DISP_VM`) as a base VM to be started as DisposableVM. Target VM can be specified also as `@dispvm:DISP_VM`, which is very similar to `@dispvm` but forces using a particular VM (`DISP_VM`) as a base VM to be started as DisposableVM.
For example: For example:
@ -203,7 +203,7 @@ And generally the less choices the user must make, the lower the chance to make
The syntax is simple: when calling a service, add an argument to the service name separated with `+` sign, for example: The syntax is simple: when calling a service, add an argument to the service name separated with `+` sign, for example:
/usr/lib/qubes/qrexec-client-vm target_vm_name RPC_ACTION_NAME+ARGUMENT $ qrexec-client-vm target_vm_name RPC_ACTION_NAME+ARGUMENT
Then create a policy as usual, including the argument (`/etc/qubes-rpc/policy/RPC_ACTION_NAME+ARGUMENT`). Then create a policy as usual, including the argument (`/etc/qubes-rpc/policy/RPC_ACTION_NAME+ARGUMENT`).
If the policy for the specific argument is not set (file does not exist), then the default policy for this service is loaded (`/etc/qubes-rpc/policy/RPC_ACTION_NAME`). If the policy for the specific argument is not set (file does not exist), then the default policy for this service is loaded (`/etc/qubes-rpc/policy/RPC_ACTION_NAME`).