Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2025-05-29 03:31:33 -04:00
Code Issues Projects Releases Packages Wiki Activity

Qrexec changed

Browse source 
Requesting services without cmdline helper
This commit is contained in:
Joanna Rutkowska 2014-10-10 09:34:56 +00:00
parent a6932cd1ce
commit beba488de3
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
Qrexec.md
View file

@ -91,6 +91,11 @@ By default, stderr of client and server is logged to respective `/var/log/qubes/
Be very careful when coding and adding a new RPC service! Any vulnerability in a RPC server can be fatal to security of the target VM!
Requesting VM-VM (and VM-Dom0) services execution (without cmdline helper)
--------------------------------------------------------------------------
Connect directly to `/var/run/qubes/qrexec-agent-fdpass` socket as described [here](https://wiki.qubes-os.org/wiki/Qrexec2Implementation#Allthepiecestogetheratwork).
### Revoking "Yes to All" authorization
Qubes RPC policy supports the "ask" action. This will prompt the user whether a given RPC call should be allowed. That prompt window has an option to click "Yes to All", which allows the action and adds a new entry to the policy file, which will unconditionally allow further calls for given service-srcVM-dstVM tuple.