Home Explore Help
Sign In
Qubes
/
core-admin-client
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: bc9fd47aa0
Branches Tags
core-admin-clie...
/
doc
/
manpages
/
qvm-service.rst

qvm-service.rst 4.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151 
  1. .. program:: qvm-service
    2. 

  2. 

  3. ========================================================================
    4. 

  4. :program:`qvm-service` -- Manage (Qubes-specific) services started in VM
    5. 

  5. ========================================================================
    6. 

  6. 

  7. Synopsis
    8. 

  8. ========
    9. 

  9. | :command:`qvm-service` [-l] <*vmname*>
    10. 

  10. | :command:`qvm-service` [-e|-d|-D] <*vmname*> <*service*>
    11. 

  11. | :command:`qvm-service` <*vmname*> <*service*> [on|off]
    12. 

  12. 

  13. Options
    14. 

  14. =======
    15. 

  15. .. option:: --help, -h
    16. 

  16. 

  17.     Show this help message and exit
    18. 

  18. 

  19. .. option:: --list, -l
    20. 

  20. 

  21.     List services (default action)
    22. 

  22. 

  23. .. option:: --enable, -e
    24. 

  24. 

  25.     Enable service
    26. 

  26. 

  27. .. option:: --disable, -d
    28. 

  28. 

  29.     Disable service
    30. 

  30. 

  31. .. option:: --default, -D, --delete, --unset
    32. 

  32. 

  33.     Reset service to its default state (remove from the list). Default state
    34. 

  34.     means "lets VM choose" and can depend on VM type (NetVM, AppVM etc).
    35. 

  35. 

  36. .. option:: --verbose, -v
    37. 

  37. 

  38.    increase verbosity
    39. 

  39. 

  40. .. option:: --quiet, -q
    41. 

  41. 

  42.    decrease verbosity
    43. 

  43. 

  44. Supported services
    45. 

  45. ==================
    46. 

  46. 

  47. This list can be incomplete as VM can implement any additional service without
    48. 

  48. knowledge of qubes-core code.
    49. 

  49. 

  50. meminfo-writer
    51. 

  51.     Default: enabled everywhere excluding NetVM
    52. 

  52. 

  53.     This service reports VM memory usage to dom0, which effectively enables
    54. 

  54.     dynamic memory management for the VM.
    55. 

  55. 

  56.     .. note::
    57. 

  57. 

  58.         This service is enforced to be set by dom0 code. If you try to
    59. 

  59.         remove it (reset to default state), will be recreated with the rule: enabled
    60. 

  60.         if VM have no PCI devices assigned, otherwise disabled.
    61. 

  61. 

  62. qubes-firewall
    63. 

  63.     Default: enabled only in ProxyVM
    64. 

  64. 

  65.     Dynamic firewall manager, based on settings in dom0 (qvm-firewall, firewall tab in qubes-manager).
    66. 

  66.     This service is not supported in netvms.
    67. 

  67.     
    68. 

  68. qubes-network
    69. 

  69.     Default: enabled only in NetVM and ProxyVM
    70. 

  70. 

  71.     Expose network for other VMs. This includes enabling network forwarding, MASQUERADE, DNS redirection and basic firewall.
    72. 

  72. 

  73. qubes-network
    74. 

  74.     Default: enabled only in NetVM and ProxyVM
    75. 

  75. 

  76.     Expose network for other VMs. This includes enabling network forwarding,
    77. 

  77.     MASQUERADE, DNS redirection and basic firewall.
    78. 

  78. 

  79. qubes-update-check
    80. 

  80.     Default: enabled
    81. 

  81. 

  82.     Notify dom0 about updates available for this VM. This is shown in
    83. 

  83.     qubes-manager as 'update-pending' flag.
    84. 

  84. 

  85. cups
    86. 

  86.     Default: enabled only in AppVM
    87. 

  87. 

  88.     Enable CUPS service. The user can disable cups in VM which do not need
    89. 

  89.     printing to speed up booting.
    90. 

  90. 

  91. crond
    92. 

  92.     Default: disabled
    93. 

  93. 

  94.     Enable CRON service.
    95. 

  95. 

  96. network-manager
    97. 

  97.     Default: enabled in NetVM
    98. 

  98. 

  99.     Enable NetworkManager. Only VM with direct access to network device needs
    100. 

  100.     this service, but can be useful in ProxyVM to ease VPN setup.
    101. 

  101. 

  102. clocksync
    103. 

  103.     Default: disabled
    104. 

  104. 

  105.     Enable NTPD (or equivalent) service. If disabled, VM will sync clock with
    106. 

  106.     selected VM (aka ClockVM) instead. ClockVM for particular VM can be set in
    107. 

  107.     policy of qubes.GetDate service, using target= parameter.
    108. 

  108. 

  109. qubes-yum-proxy
    110. 

  110.     Deprecated name for qubes-updates-proxy.
    111. 

  111. 

  112. qubes-updates-proxy
    113. 

  113.     Default: enabled in NetVM
    114. 

  114. 

  115.     Provide proxy service, which allow access only to yum repos. Filtering is
    116. 

  116.     done based on URLs, so it shouldn't be used as leak control (pretty easy to
    117. 

  117.     bypass), but is enough to prevent some erroneous user actions.
    118. 

  118. 

  119. yum-proxy-setup
    120. 

  120.     Deprecated name for updates-proxy-setup.
    121. 

  121. 

  122. updates-proxy-setup
    123. 

  123.     Default: enabled in AppVM (also in templates)
    124. 

  124. 

  125.     Setup yum at startup to use qubes-yum-proxy service.
    126. 

  126. 

  127.     .. note::
    128. 

  128. 

  129.        this service is automatically enabled when you allow VM to access updates
    130. 

  130.        proxy and disabled when you deny access to updates proxy.
    131. 

  131. 

  132. disable-default-route
    133. 

  133.     Default: disabled
    134. 

  134. 

  135.     Disables the default route for networking.  Enabling  this  service
    136. 

  136.     will  prevent the creation of the default route, but the VM will
    137. 

  137.     still be able to reach it's direct neighbors.  The functionality
    138. 

  138.     is implemented in /usr/lib/qubes/setup-ip.
    139. 

  139. 

  140. disable-dns-server
    141. 

  141.     Default: disabled
    142. 

  142. 

  143.     Enabling this service will result in an empty /etc/resolv.conf.
    144. 

  144.     The functionality is implemented in /usr/lib/qubes/setup-ip.
    145. 

  145. 

  146. 

  147. Authors
    148. 

  148. =======
    149. 

  149. | Joanna Rutkowska <joanna at invisiblethingslab dot com>
    150. 

  150. | Rafal Wojtczuk <rafal at invisiblethingslab dot com>
    151. 

  151. | Marek Marczykowski <marmarek at invisiblethingslab dot com>
    152.