Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2024-12-27 16:29:28 -05:00
Code Issues Packages Projects Releases Wiki Activity

qrexec: update qrexec-client-vm usage and using script as a service

Browse Source 
QubesOS/qubes-issues#1392
This commit is contained in:
Marek Marczykowski-Górecki 2016-05-15 22:31:40 +02:00
parent dee26a04a7
commit c1aef22bbc
No known key found for this signature in database
GPG Key ID: F32894BE9684938A
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
developers/services/qrexec3.md
View File

@ -133,7 +133,8 @@ not exits, user is prompted to create one; if still there is no policy file
after prompting, the action is denied.
In the target VM, the `/etc/qubes-rpc/RPC_ACTION_NAME` must exist, containing
the file name of the program that will be invoked.
the file name of the program that will be invoked, or being that program itself
- in which case it must have executable permission set (`chmod +x`).
In the src VM, one should invoke the client via:
@ -143,6 +144,10 @@ Note that only stdin/stdout is passed between rpc server and client --
notably, no command line argument are passed. Source VM name is specified by
`QREXEC_REMOTE_DOMAIN` environment variable. By default, stderr of client
and server is logged to respective `/var/log/qubes/qrexec.XID` files.
It is also possible to call service without specific client program - in which
case server stdin/out will be connected with the terminal:
/usr/lib/qubes/qrexec-client-vm target_vm_name RPC_ACTION_NAME
Be very careful when coding and adding a new rpc service. Unless the
offered functionality equals full control over the target (it is the case