qvm-service.rst 2.9 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697
  1. ===========
  2. qvm-service
  3. ===========
  4. NAME
  5. ====
  6. qvm-service - manage (Qubes-specific) services started in VM
  7. :Date: 2012-05-30
  8. SYNOPSIS
  9. ========
  10. | qvm-service [-l] <vmname>
  11. | qvm-service [-e|-d|-D] <vmname> <service>
  12. OPTIONS
  13. =======
  14. -h, --help
  15. Show this help message and exit
  16. -l, --list
  17. List services (default action)
  18. -e, --enable
  19. Enable service
  20. -d, --disable
  21. Disable service
  22. -D, --default
  23. Reset service to its default state (remove from the list). Default state
  24. means "lets VM choose" and can depend on VM type (NetVM, AppVM etc).
  25. SUPPORTED SERVICES
  26. ==================
  27. This list can be incomplete as VM can implement any additional service without knowlege of qubes-core code.
  28. meminfo-writer
  29. Default: enabled everywhere excluding NetVM
  30. This service reports VM memory usage to dom0, which effectively enables dynamic memory management for the VM.
  31. *Note:* this service is enforced to be set by dom0 code. If you try to
  32. remove it (reset to defult state), will be recreated with the rule: enabled
  33. if VM have no PCI devices assigned, otherwise disabled.
  34. qubes-firewall
  35. Default: enabled only in ProxyVM
  36. Dynamic firewall manager, based on settings in dom0 (qvm-firewall, firewall tab in qubes-manager)
  37. qubes-network
  38. Default: enabled only in NetVM and ProxyVM
  39. Expose network for other VMs. This includes enabling network forwardnig, MASQUERADE, DNS redirection and basic firewall.
  40. qubes-netwatcher
  41. Default: enabled only in ProxyVM
  42. Monitor IP change notification from NetVM. When received, reload qubes-firewall service (to force DNS resolution).
  43. This service makes sense only with qubes-firewall enabled.
  44. qubes-update-check
  45. Default: enabled
  46. Notify dom0 about updates available for this VM. This is shown in qubes-manager as 'update-pending' flag.
  47. cups
  48. Default: enabled only in AppVM
  49. Enable CUPS service. The user can disable cups in VM which do not need printing to speed up booting.
  50. network-manager
  51. Default: enabled in NetVM
  52. Enable NetworkManager. Only VM with direct access to network device needs
  53. this service, but can be useful in ProxyVM to ease VPN setup.
  54. qubes-yum-proxy
  55. Default: enabled in NetVM
  56. Provide proxy service, which allow access only to yum repos. Filtering is
  57. done based on URLs, so it shouldn't be used as leak control (pretty easy to
  58. bypass), but is enough to prevent some erroneous user actions.
  59. yum-proxy-setup
  60. Default: enabled in AppVM (also in templates)
  61. Setup yum at startup to use qubes-yum-proxy service.
  62. *Note:* this service is automatically enabled when you allow VM to access
  63. yum proxy (in firewall settings) and disabled when you deny access to yum
  64. proxy.
  65. AUTHORS
  66. =======
  67. | Joanna Rutkowska <joanna at invisiblethingslab dot com>
  68. | Rafal Wojtczuk <rafal at invisiblethingslab dot com>
  69. | Marek Marczykowski <marmarek at invisiblethingslab dot com>