Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2024-10-01 01:25:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

Edit qrexec sockets docs

Browse Source 
Simplify description in "How it works" section and
expand abbreviation for "file descriptor."
This commit is contained in:
pierwill 2020-03-05 18:12:24 -08:00
parent 14fb3fd63a
commit 9ba79fda5a
No known key found for this signature in database
GPG Key ID: D48E7EBDF0C3AEA0
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
developer/services/qrexec-socket-services.md
View File

@ -13,8 +13,8 @@ This allows Qubes RPC requests to be handled by a server running in a VM and lis
## How it works
When a Qubes RPC service is invoked, such as `qubes.Service+arg`, qrexec searches for a file that handles it in the qubes-rpc directories
(`qubes.Service+arg` or `qubes.Service`, in either `/etc/qubes-rpc` or `/usr/local/etc/qubes-rpc` directory).
When a Qubes RPC service is invoked,
qrexec searches for a file that handles it in the qubes-rpc directories (`/etc/qubes-rpc` or `/usr/local/etc/qubes-rpc`).
If the file is a Unix socket, qrexec will try to connect to it.
Before passing user input, the socket service will receive a null-terminated service descriptor, i.e. the part after `QUBESRPC`.
@ -128,7 +128,7 @@ sudo ln -s /var/run/qubes/policy-agent.sock /etc/qubes-rpc/policy.Ask
### Python server with socket activation
Socket activation in systemd works by starting our program with the socket file already bound at a specific FD.
Socket activation in systemd works by starting our program with the socket file already bound at a specific file descriptor.
It's a simple mechanism based on a few environment variables, but the canonical way is to use the `sd_listen_fds()` function from systemd library (or, in our case, its Python version).
Install the Python systemd library: