qvm-service.rst 4.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156
  1. .. program:: qvm-service
  2. ========================================================================
  3. :program:`qvm-service` -- Manage (Qubes-specific) services started in VM
  4. ========================================================================
  5. Synopsis
  6. ========
  7. | :command:`qvm-service` [-l] <*vmname*>
  8. | :command:`qvm-service` [-e|-d|-D] <*vmname*> <*service*>
  9. Options
  10. =======
  11. .. option:: --help, -h
  12. Show this help message and exit
  13. .. option:: --list, -l
  14. List services (default action)
  15. .. option:: --enable, -e
  16. Enable service
  17. .. option:: --disable, -d
  18. Disable service
  19. .. option:: --default, -D
  20. Reset service to its default state (remove from the list). Default state
  21. means "lets VM choose" and can depend on VM type (NetVM, AppVM etc).
  22. Supported services
  23. ==================
  24. This list can be incomplete as VM can implement any additional service without
  25. knowledge of qubes-core code.
  26. meminfo-writer
  27. Default: enabled everywhere excluding NetVM
  28. This service reports VM memory usage to dom0, which effectively enables
  29. dynamic memory management for the VM.
  30. .. note::
  31. This service is enforced to be set by dom0 code. If you try to
  32. remove it (reset to default state), will be recreated with the rule: enabled
  33. if VM have no PCI devices assigned, otherwise disabled.
  34. qubes-dvm
  35. Default: disabled
  36. Used internally when creating DispVM savefile.
  37. qubes-firewall
  38. Default: enabled only in ProxyVM
  39. Dynamic firewall manager, based on settings in dom0 (qvm-firewall, firewall tab in qubes-manager).
  40. This service is not supported in netvms.
  41. qubes-network
  42. Default: enabled only in NetVM and ProxyVM
  43. Expose network for other VMs. This includes enabling network forwarding, MASQUERADE, DNS redirection and basic firewall.
  44. qubes-network
  45. Default: enabled only in NetVM and ProxyVM
  46. Expose network for other VMs. This includes enabling network forwarding,
  47. MASQUERADE, DNS redirection and basic firewall.
  48. qubes-netwatcher
  49. Default: enabled only in ProxyVM
  50. Monitor IP change notification from NetVM. When received, reload
  51. qubes-firewall service (to force DNS resolution).
  52. This service makes sense only with qubes-firewall enabled.
  53. qubes-update-check
  54. Default: enabled
  55. Notify dom0 about updates available for this VM. This is shown in
  56. qubes-manager as 'update-pending' flag.
  57. cups
  58. Default: enabled only in AppVM
  59. Enable CUPS service. The user can disable cups in VM which do not need
  60. printing to speed up booting.
  61. cron
  62. Default: disabled
  63. Enable CRON service.
  64. network-manager
  65. Default: enabled in NetVM
  66. Enable NetworkManager. Only VM with direct access to network device needs
  67. this service, but can be useful in ProxyVM to ease VPN setup.
  68. ntpd
  69. Default: disabled
  70. Enable NTPD service. By default Qubes calls ntpdate every 6 minutes in
  71. selected VM (aka ClockVM), then propagate the result using qrexec calls.
  72. Enabling ntpd *do not* disable this behaviour.
  73. qubes-yum-proxy
  74. Deprecated name for qubes-updates-proxy.
  75. qubes-updates-proxy
  76. Default: enabled in NetVM
  77. Provide proxy service, which allow access only to yum repos. Filtering is
  78. done based on URLs, so it shouldn't be used as leak control (pretty easy to
  79. bypass), but is enough to prevent some erroneous user actions.
  80. yum-proxy-setup
  81. Deprecated name for updates-proxy-setup.
  82. updates-proxy-setup
  83. Default: enabled in AppVM (also in templates)
  84. Setup yum at startup to use qubes-yum-proxy service.
  85. .. note::
  86. this service is automatically enabled when you allow VM to access yum
  87. proxy (in firewall settings) and disabled when you deny access to yum
  88. proxy.
  89. disable-default-route
  90. Default: disabled
  91. Disables the default route for networking. Enabling this service
  92. will prevent the creation of the default route, but the VM will
  93. still be able to reach it's direct neighbors. The functionality
  94. is implemented in /usr/lib/qubes/setup-ip.
  95. disable-dns-server
  96. Default: disabled
  97. Enabling this service will result in an empty /etc/resolv.conf.
  98. The functionality is implemented in /usr/lib/qubes/setup-ip.
  99. Authors
  100. =======
  101. | Joanna Rutkowska <joanna at invisiblethingslab dot com>
  102. | Rafal Wojtczuk <rafal at invisiblethingslab dot com>
  103. | Marek Marczykowski <marmarek at invisiblethingslab dot com>