Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2025-07-27 00:35:57 -04:00
Code Issues Projects Releases Packages Wiki Activity

preparation rst conversion

Browse source
This commit is contained in:
m 2024-07-28 12:04:31 -04:00 committed by GitHub
parent 38cfff0ca2
commit b7c6ff3cc9
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 12 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

24
developer/services/qrexec2.md
View file

@ -17,7 +17,7 @@ Qubes **qrexec** is a framework for implementing inter-VM (incl. Dom0-VM)
services. It offers a mechanism to start programs in VMs, redirect their services. It offers a mechanism to start programs in VMs, redirect their
stdin/stdout, and a policy framework to control this all. stdin/stdout, and a policy framework to control this all.
## Qrexec basics ## ## Qrexec basics
During each domain creation a process named `qrexec-daemon` is started in During each domain creation a process named `qrexec-daemon` is started in
dom0, and a process named `qrexec-agent` is started in the VM. They are dom0, and a process named `qrexec-agent` is started in the VM. They are
@ -56,7 +56,7 @@ There is a similar command line utility available inside Linux AppVMs (note
the `-vm` suffix): `qrexec-client-vm` that will be described in subsequent the `-vm` suffix): `qrexec-client-vm` that will be described in subsequent
sections. sections.
## Qubes RPC services ## ## Qubes RPC services
Apart from simple Dom0-\>VM command executions, as discussed above, it is Apart from simple Dom0-\>VM command executions, as discussed above, it is
also useful to have more advanced infrastructure for controlled inter-VM also useful to have more advanced infrastructure for controlled inter-VM
@ -90,7 +90,7 @@ themselves. Qrexec framework is careful about connecting the stdin/stdout
of the server process with the corresponding stdin/stdout of the requesting of the server process with the corresponding stdin/stdout of the requesting
process in the requesting VM (see example Hello World service described below). process in the requesting VM (see example Hello World service described below).
## Qubes RPC administration ## ## Qubes RPC administration
Besides each VM needing to provide explicit programs to serve each supported Besides each VM needing to provide explicit programs to serve each supported
service, the inter-VM service RPC is also governed by a central policy in Dom0. service, the inter-VM service RPC is also governed by a central policy in Dom0.
@ -135,7 +135,7 @@ if still there is no policy file after prompting, the action is denied.
On the target VM, the `/etc/qubes-rpc/XYZ` must exist, containing the file On the target VM, the `/etc/qubes-rpc/XYZ` must exist, containing the file
name of the program that will be invoked. name of the program that will be invoked.
### Requesting VM-VM (and VM-Dom0) services execution ### ### Requesting VM-VM (and VM-Dom0) services execution
In a src VM, one should invoke the qrexec client via the following command: In a src VM, one should invoke the qrexec client via the following command:
@ -161,7 +161,7 @@ If requesting VM-VM (and VM-Dom0) services execution *without cmdline helper*,
connect directly to `/var/run/qubes/qrexec-agent-fdpass` socket as described connect directly to `/var/run/qubes/qrexec-agent-fdpass` socket as described
[below](#all-the-pieces-together-at-work). [below](#all-the-pieces-together-at-work).
### Revoking "Yes to All" authorization ### ### Revoking "Yes to All" authorization
Qubes RPC policy supports an "ask" action, that will prompt the user whether Qubes RPC policy supports an "ask" action, that will prompt the user whether
a given RPC call should be allowed. It is set as default for services such a given RPC call should be allowed. It is set as default for services such
@ -184,7 +184,7 @@ A user might also want to set their own policies in this section. This may
mostly serve to prevent the user from mistakenly copying files or text from mostly serve to prevent the user from mistakenly copying files or text from
a trusted to untrusted domain, or vice-versa. a trusted to untrusted domain, or vice-versa.
### Qubes RPC "Hello World" service ### ### Qubes RPC "Hello World" service
We will show the necessary files to create a simple RPC call that adds two We will show the necessary files to create a simple RPC call that adds two
integers on the target VM and returns back the result to the invoking VM. integers on the target VM and returns back the result to the invoking VM.
@ -232,7 +232,7 @@ be allowed.
**Note:** For a real world example of writing a qrexec service, see this **Note:** For a real world example of writing a qrexec service, see this
[blog post](https://blog.invisiblethings.org/2013/02/21/converting-untrusted-pdfs-into-trusted.html). [blog post](https://blog.invisiblethings.org/2013/02/21/converting-untrusted-pdfs-into-trusted.html).
### More high-level RPCs? ### ### More high-level RPCs?
As previously noted, Qubes aims to provide mechanisms that are very simple As previously noted, Qubes aims to provide mechanisms that are very simple
and thus with very small attack surface. This is the reason why the inter-VM and thus with very small attack surface. This is the reason why the inter-VM
@ -242,14 +242,14 @@ users/app developers are always free to run more high-level RPC protocols on
top of qrexec. Care should be taken, however, to consider potential attack top of qrexec. Care should be taken, however, to consider potential attack
surfaces that are exposed to untrusted or less trusted VMs in that case. surfaces that are exposed to untrusted or less trusted VMs in that case.
# Qubes RPC internals # ## Qubes RPC internals
(*This is about the implementation of qrexec v2. For the implementation of (*This is about the implementation of qrexec v2. For the implementation of
qrexec v3, see [here](/doc/qrexec-internals/). Note that the user qrexec v3, see [here](/doc/qrexec-internals/). Note that the user
API in v3 is backward compatible: qrexec apps written for Qubes R2 should API in v3 is backward compatible: qrexec apps written for Qubes R2 should
run without modification on Qubes R3.*) run without modification on Qubes R3.*)
## Dom0 tools implementation ## ## Dom0 tools implementation
Players: Players:
@ -262,7 +262,7 @@ Players:
**Note:** None of the above tools are designed to be used by users. **Note:** None of the above tools are designed to be used by users.
## Linux VMs implementation ## ## Linux VMs implementation
Players: Players:
@ -275,7 +275,7 @@ Players:
**Note:** None of the above tools are designed to be used by **Note:** None of the above tools are designed to be used by
users. `qrexec-client-vm` is designed to be wrapped up by Qubes apps. users. `qrexec-client-vm` is designed to be wrapped up by Qubes apps.
## Windows VMs implementation ## ## Windows VMs implementation
`%QUBES_DIR%` is the installation path (`c:\Program Files\Invisible Things `%QUBES_DIR%` is the installation path (`c:\Program Files\Invisible Things
Lab\Qubes OS Windows Tools` by default). Lab\Qubes OS Windows Tools` by default).
@ -291,7 +291,7 @@ Lab\Qubes OS Windows Tools` by default).
**Note:** None of the above tools are designed to be used by **Note:** None of the above tools are designed to be used by
users. `qrexec-client-vm` is designed to be wrapped up by Qubes apps. users. `qrexec-client-vm` is designed to be wrapped up by Qubes apps.
## All the pieces together at work ## ## All the pieces together at work
**Note:** This section is not needed to use qrexec for writing Qubes **Note:** This section is not needed to use qrexec for writing Qubes
apps. Also note the [qrexec framework implemention in Qubes R3](/doc/qrexec3/) apps. Also note the [qrexec framework implemention in Qubes R3](/doc/qrexec3/)