core-admin/doc/manpages/qvm-service.rst

.. program:: qvm-service

========================================================================
:program:`qvm-service` -- Manage (Qubes-specific) services started in VM
========================================================================

Synopsis
========
| :command:`qvm-service` [-l] <*vmname*>
| :command:`qvm-service` [-e|-d|-D] <*vmname*> <*service*>

Options
=======
.. option:: --help, -h

    Show this help message and exit

.. option:: --list, -l

    List services (default action)

.. option:: --enable, -e

    Enable service

.. option:: --disable, -d

    Disable service

.. option:: --default, -D

    Reset service to its default state (remove from the list). Default state
    means "lets VM choose" and can depend on VM type (NetVM, AppVM etc).

Supported services
==================

This list can be incomplete as VM can implement any additional service without
knowledge of qubes-core code.

meminfo-writer
    Default: enabled everywhere excluding NetVM

    This service reports VM memory usage to dom0, which effectively enables
    dynamic memory management for the VM.

    .. note::

        This service is enforced to be set by dom0 code. If you try to
        remove it (reset to default state), will be recreated with the rule: enabled
        if VM have no PCI devices assigned, otherwise disabled.

qubes-dvm
    Default: disabled

    Used internally when creating DispVM savefile.

qubes-firewall
    Default: enabled only in ProxyVM

    Dynamic firewall manager, based on settings in dom0 (qvm-firewall, firewall tab in qubes-manager).
    This service is not supported in netvms.
    
qubes-network
    Default: enabled only in NetVM and ProxyVM

    Expose network for other VMs. This includes enabling network forwarding, MASQUERADE, DNS redirection and basic firewall.

qubes-network
    Default: enabled only in NetVM and ProxyVM

    Expose network for other VMs. This includes enabling network forwarding,
    MASQUERADE, DNS redirection and basic firewall.

qubes-netwatcher
    Default: enabled only in ProxyVM

    Monitor IP change notification from NetVM. When received, reload
    qubes-firewall service (to force DNS resolution).

    This service makes sense only with qubes-firewall enabled.

qubes-update-check
    Default: enabled

    Notify dom0 about updates available for this VM. This is shown in
    qubes-manager as 'update-pending' flag.

cups
    Default: enabled only in AppVM

    Enable CUPS service. The user can disable cups in VM which do not need
    printing to speed up booting.

crond
    Default: disabled

    Enable CRON service.

network-manager
    Default: enabled in NetVM

    Enable NetworkManager. Only VM with direct access to network device needs
    this service, but can be useful in ProxyVM to ease VPN setup.

ntpd
    Default: disabled

    Enable NTPD service. By default Qubes calls ntpdate every 6 minutes in
    selected VM (aka ClockVM), then propagate the result using qrexec calls.
    Enabling ntpd *do not* disable this behaviour.

qubes-yum-proxy
    Deprecated name for qubes-updates-proxy.

qubes-updates-proxy
    Default: enabled in NetVM

    Provide proxy service, which allow access only to yum repos. Filtering is
    done based on URLs, so it shouldn't be used as leak control (pretty easy to
    bypass), but is enough to prevent some erroneous user actions.

yum-proxy-setup
    Deprecated name for updates-proxy-setup.

updates-proxy-setup
    Default: enabled in AppVM (also in templates)

    Setup yum at startup to use qubes-yum-proxy service.

    .. note::

       this service is automatically enabled when you allow VM to access yum
       proxy (in firewall settings) and disabled when you deny access to yum
       proxy.

disable-default-route
    Default: disabled

    Disables the default route for networking.  Enabling  this  service
    will  prevent the creation of the default route, but the VM will
    still be able to reach it's direct neighbors.  The functionality
    is implemented in /usr/lib/qubes/setup-ip.

disable-dns-server
    Default: disabled

    Enabling this service will result in an empty /etc/resolv.conf.
    The functionality is implemented in /usr/lib/qubes/setup-ip.


Authors
=======
| Joanna Rutkowska <joanna at invisiblethingslab dot com>
| Rafal Wojtczuk <rafal at invisiblethingslab dot com>
| Marek Marczykowski <marmarek at invisiblethingslab dot com>
doc: swallow manpages into sphinx 2014-11-21 12:30:23 +01:00			`.. program:: qvm-service`

			`========================================================================`
			:program:`qvm-service` -- Manage (Qubes-specific) services started in VM
			`========================================================================`
Move manpages here from separate repo 2013-03-12 16:55:05 +01:00
doc: swallow manpages into sphinx 2014-11-21 12:30:23 +01:00			`Synopsis`
Move manpages here from separate repo 2013-03-12 16:55:05 +01:00			`========`
doc: manpage formatting 2014-11-28 18:37:17 +01:00			\| :command:`qvm-service` [-l] <vmname>
			\| :command:`qvm-service` [-e\|-d\|-D] <vmname> <service>
Move manpages here from separate repo 2013-03-12 16:55:05 +01:00
doc: swallow manpages into sphinx 2014-11-21 12:30:23 +01:00			`Options`
Move manpages here from separate repo 2013-03-12 16:55:05 +01:00			`=======`
doc: swallow manpages into sphinx 2014-11-21 12:30:23 +01:00			`.. option:: --help, -h`

Move manpages here from separate repo 2013-03-12 16:55:05 +01:00			`Show this help message and exit`
doc: swallow manpages into sphinx 2014-11-21 12:30:23 +01:00
			`.. option:: --list, -l`

Move manpages here from separate repo 2013-03-12 16:55:05 +01:00			`List services (default action)`
doc: swallow manpages into sphinx 2014-11-21 12:30:23 +01:00
			`.. option:: --enable, -e`

Move manpages here from separate repo 2013-03-12 16:55:05 +01:00			`Enable service`
doc: swallow manpages into sphinx 2014-11-21 12:30:23 +01:00
			`.. option:: --disable, -d`

Move manpages here from separate repo 2013-03-12 16:55:05 +01:00			`Disable service`
doc: swallow manpages into sphinx 2014-11-21 12:30:23 +01:00
			`.. option:: --default, -D`

Move manpages here from separate repo 2013-03-12 16:55:05 +01:00			`Reset service to its default state (remove from the list). Default state`
			`means "lets VM choose" and can depend on VM type (NetVM, AppVM etc).`

doc: swallow manpages into sphinx 2014-11-21 12:30:23 +01:00			`Supported services`
Move manpages here from separate repo 2013-03-12 16:55:05 +01:00			`==================`

doc: manpage formatting 2014-11-28 18:37:17 +01:00			`This list can be incomplete as VM can implement any additional service without`
Fixed typos 2014-12-18 14:36:09 +01:00			`knowledge of qubes-core code.`
Move manpages here from separate repo 2013-03-12 16:55:05 +01:00
			`meminfo-writer`
			`Default: enabled everywhere excluding NetVM`

doc: manpage formatting 2014-11-28 18:37:17 +01:00			`This service reports VM memory usage to dom0, which effectively enables`
			`dynamic memory management for the VM.`
Move manpages here from separate repo 2013-03-12 16:55:05 +01:00
doc: manpage formatting 2014-11-28 18:37:17 +01:00			`.. note::`

			`This service is enforced to be set by dom0 code. If you try to`
Fixed typos 2014-12-18 14:36:09 +01:00			`remove it (reset to default state), will be recreated with the rule: enabled`
doc: manpage formatting 2014-11-28 18:37:17 +01:00			`if VM have no PCI devices assigned, otherwise disabled.`
Move manpages here from separate repo 2013-03-12 16:55:05 +01:00
doc: sync qvm-service documentation 2015-01-25 14:06:11 +01:00			`qubes-dvm`
			`Default: disabled`

			`Used internally when creating DispVM savefile.`

Move manpages here from separate repo 2013-03-12 16:55:05 +01:00			`qubes-firewall`
			`Default: enabled only in ProxyVM`

qubes-firewall is not supported in netvms 2015-03-16 19:12:04 +01:00			`Dynamic firewall manager, based on settings in dom0 (qvm-firewall, firewall tab in qubes-manager).`
			`This service is not supported in netvms.`

Move manpages here from separate repo 2013-03-12 16:55:05 +01:00			`qubes-network`
			`Default: enabled only in NetVM and ProxyVM`

doc: typo fix 2015-01-26 23:43:33 +01:00			`Expose network for other VMs. This includes enabling network forwarding, MASQUERADE, DNS redirection and basic firewall.`
Move manpages here from separate repo 2013-03-12 16:55:05 +01:00
doc: manpage formatting 2014-11-28 18:37:17 +01:00			`qubes-network`
			`Default: enabled only in NetVM and ProxyVM`

			`Expose network for other VMs. This includes enabling network forwarding,`
			`MASQUERADE, DNS redirection and basic firewall.`

Move manpages here from separate repo 2013-03-12 16:55:05 +01:00			`qubes-netwatcher`
			`Default: enabled only in ProxyVM`

doc: manpage formatting 2014-11-28 18:37:17 +01:00			`Monitor IP change notification from NetVM. When received, reload`
			`qubes-firewall service (to force DNS resolution).`

Move manpages here from separate repo 2013-03-12 16:55:05 +01:00			`This service makes sense only with qubes-firewall enabled.`

			`qubes-update-check`
			`Default: enabled`

doc: manpage formatting 2014-11-28 18:37:17 +01:00			`Notify dom0 about updates available for this VM. This is shown in`
			`qubes-manager as 'update-pending' flag.`
Move manpages here from separate repo 2013-03-12 16:55:05 +01:00
			`cups`
			`Default: enabled only in AppVM`

doc: manpage formatting 2014-11-28 18:37:17 +01:00			`Enable CUPS service. The user can disable cups in VM which do not need`
			`printing to speed up booting.`
Move manpages here from separate repo 2013-03-12 16:55:05 +01:00
doc: Change qvm-service name from "cron" to "crond" 2015-12-29 14:19:44 +01:00			`crond`
doc: sync qvm-service documentation 2015-01-25 14:06:11 +01:00			`Default: disabled`

			`Enable CRON service.`

Move manpages here from separate repo 2013-03-12 16:55:05 +01:00			`network-manager`
			`Default: enabled in NetVM`

			`Enable NetworkManager. Only VM with direct access to network device needs`
doc: update description of network-manager service setting (#774) As #774 is resolved, it is no longer true that NetworkManger in non-NetVM will cause network problems. 2014-04-11 01:30:18 +02:00			`this service, but can be useful in ProxyVM to ease VPN setup.`
Move manpages here from separate repo 2013-03-12 16:55:05 +01:00
doc: sync qvm-service documentation 2015-01-25 14:06:11 +01:00			`ntpd`
			`Default: disabled`

			`Enable NTPD service. By default Qubes calls ntpdate every 6 minutes in`
			`selected VM (aka ClockVM), then propagate the result using qrexec calls.`
			`Enabling ntpd do not disable this behaviour.`

Move manpages here from separate repo 2013-03-12 16:55:05 +01:00			`qubes-yum-proxy`
doc: sync qvm-service documentation 2015-01-25 14:06:11 +01:00			`Deprecated name for qubes-updates-proxy.`

			`qubes-updates-proxy`
Move manpages here from separate repo 2013-03-12 16:55:05 +01:00			`Default: enabled in NetVM`

			`Provide proxy service, which allow access only to yum repos. Filtering is`
			`done based on URLs, so it shouldn't be used as leak control (pretty easy to`
			`bypass), but is enough to prevent some erroneous user actions.`

			`yum-proxy-setup`
doc: sync qvm-service documentation 2015-01-25 14:06:11 +01:00			`Deprecated name for updates-proxy-setup.`

			`updates-proxy-setup`
Move manpages here from separate repo 2013-03-12 16:55:05 +01:00			`Default: enabled in AppVM (also in templates)`

			`Setup yum at startup to use qubes-yum-proxy service.`

doc: swallow manpages into sphinx 2014-11-21 12:30:23 +01:00			`.. note::`

			`this service is automatically enabled when you allow VM to access yum`
			`proxy (in firewall settings) and disabled when you deny access to yum`
			`proxy.`
Move manpages here from separate repo 2013-03-12 16:55:05 +01:00
qvm-service: +disable-dns-server/disable-default-route The logic for set-default-route/set-dns-server has been inverted. 2015-03-16 19:05:09 +01:00			`disable-default-route`
			`Default: disabled`
doc: add qvm-services: set-default-route, set-dns-server 2015-01-25 13:58:16 +01:00
qvm-service: +disable-dns-server/disable-default-route The logic for set-default-route/set-dns-server has been inverted. 2015-03-16 19:05:09 +01:00			`Disables the default route for networking. Enabling this service`
doc: add qvm-services: set-default-route, set-dns-server 2015-01-25 13:58:16 +01:00			`will prevent the creation of the default route, but the VM will`
			`still be able to reach it's direct neighbors. The functionality`
			`is implemented in /usr/lib/qubes/setup-ip.`

qvm-service: +disable-dns-server/disable-default-route The logic for set-default-route/set-dns-server has been inverted. 2015-03-16 19:05:09 +01:00			`disable-dns-server`
			`Default: disabled`
doc: add qvm-services: set-default-route, set-dns-server 2015-01-25 13:58:16 +01:00
qvm-service: +disable-dns-server/disable-default-route The logic for set-default-route/set-dns-server has been inverted. 2015-03-16 19:05:09 +01:00			`Enabling this service will result in an empty /etc/resolv.conf.`
doc: add qvm-services: set-default-route, set-dns-server 2015-01-25 13:58:16 +01:00			`The functionality is implemented in /usr/lib/qubes/setup-ip.`

Move manpages here from separate repo 2013-03-12 16:55:05 +01:00
doc: swallow manpages into sphinx 2014-11-21 12:30:23 +01:00			`Authors`
Move manpages here from separate repo 2013-03-12 16:55:05 +01:00			`=======`
			`\| Joanna Rutkowska <joanna at invisiblethingslab dot com>`
			`\| Rafal Wojtczuk <rafal at invisiblethingslab dot com>`
			`\| Marek Marczykowski <marmarek at invisiblethingslab dot com>`