From 1a24c1970267256580f3fdf0ac002e7c7c8c39af Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Mon, 29 Aug 2011 16:46:44 +0200 Subject: [PATCH] qrexec: implement qvm-run command for AppVMs It is build upon qrexec2, qubes.VMShell command. So, in order to e.g. start firefox in a fresh dispVM, do qvm-run '$dispvm' firefox http://www.qubes-os.org --- appvm/qrun-in-vm | 4 ++++ appvm/qubes.VMShell | 1 + appvm/qubes.VMShell.policy | 7 +++++++ appvm/qvm-run | 29 +++++++++++++++++++++++++++++ appvm/vm-shell | 3 +++ rpm_spec/core-appvm.spec | 7 +++++++ 6 files changed, 51 insertions(+) create mode 100755 appvm/qrun-in-vm create mode 100644 appvm/qubes.VMShell create mode 100644 appvm/qubes.VMShell.policy create mode 100755 appvm/qvm-run create mode 100755 appvm/vm-shell diff --git a/appvm/qrun-in-vm b/appvm/qrun-in-vm new file mode 100755 index 0000000..6b2e1bb --- /dev/null +++ b/appvm/qrun-in-vm @@ -0,0 +1,4 @@ +#!/bin/sh +# pass aguments to the remote stdin, shovel back the remote output +echo "$@" +exec /bin/cat >&$SAVED_FD_1 diff --git a/appvm/qubes.VMShell b/appvm/qubes.VMShell new file mode 100644 index 0000000..7ca3b5e --- /dev/null +++ b/appvm/qubes.VMShell @@ -0,0 +1 @@ +/usr/lib/qubes/vm-shell \ No newline at end of file diff --git a/appvm/qubes.VMShell.policy b/appvm/qubes.VMShell.policy new file mode 100644 index 0000000..4121733 --- /dev/null +++ b/appvm/qubes.VMShell.policy @@ -0,0 +1,7 @@ +## Note that policy parsing stops at the first match, +## so adding anything below "$anyvm $anyvm action" line will have no effect + +## Please use a single # to start your custom comments + +$anyvm $dispvm allow +$anyvm $anyvm ask diff --git a/appvm/qvm-run b/appvm/qvm-run new file mode 100755 index 0000000..eaae613 --- /dev/null +++ b/appvm/qvm-run @@ -0,0 +1,29 @@ +#!/bin/bash +# +# The Qubes OS Project, http://www.qubes-os.org +# +# Copyright (C) 2010 Rafal Wojtczuk +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# +# + +if [ $# -lt 2 ] ; then + echo "Usage: $0 vmname command arguments" + exit 1 +fi +VMNAME=$1 +shift +exec /usr/lib/qubes/qrexec_client_vm $VMNAME qubes.VMShell "/usr/lib/qubes/qrun-in-vm" "$@" diff --git a/appvm/vm-shell b/appvm/vm-shell new file mode 100755 index 0000000..d06e398 --- /dev/null +++ b/appvm/vm-shell @@ -0,0 +1,3 @@ +#!/bin/sh +# just ignore the cmdline argument (the remote vm name) +exec /bin/bash diff --git a/rpm_spec/core-appvm.spec b/rpm_spec/core-appvm.spec index 5822770..229ac11 100644 --- a/rpm_spec/core-appvm.spec +++ b/rpm_spec/core-appvm.spec @@ -77,6 +77,7 @@ mkdir -p $RPM_BUILD_ROOT/usr/bin cp qubes_timestamp qvm-open-in-dvm2 $RPM_BUILD_ROOT/usr/bin cp qvm-open-in-vm $RPM_BUILD_ROOT/usr/bin cp qvm-copy-to-vm $RPM_BUILD_ROOT/usr/bin +cp qvm-run $RPM_BUILD_ROOT/usr/bin mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes cp qvm-copy-to-vm2.kde $RPM_BUILD_ROOT/usr/lib/qubes cp qvm-copy-to-vm2.gnome $RPM_BUILD_ROOT/usr/lib/qubes @@ -84,6 +85,7 @@ cp ../qrexec/qrexec_agent $RPM_BUILD_ROOT/usr/lib/qubes cp ../qrexec/qrexec_client_vm $RPM_BUILD_ROOT/usr/lib/qubes cp ../qrexec/qubes_rpc_multiplexer $RPM_BUILD_ROOT/usr/lib/qubes cp vm-file-editor qfile-agent qopen-in-vm qfile-unpacker $RPM_BUILD_ROOT/usr/lib/qubes +cp vm-shell qrun-in-vm $RPM_BUILD_ROOT/usr/lib/qubes cp ../common/meminfo-writer $RPM_BUILD_ROOT/usr/lib/qubes mkdir -p $RPM_BUILD_ROOT/%{kde_service_dir} cp qvm-copy.desktop qvm-dvm.desktop $RPM_BUILD_ROOT/%{kde_service_dir} @@ -91,6 +93,7 @@ mkdir -p $RPM_BUILD_ROOT/mnt/removable mkdir -p $RPM_BUILD_ROOT/etc/qubes_rpc cp qubes.Filecopy $RPM_BUILD_ROOT/etc/qubes_rpc cp qubes.OpenInVM $RPM_BUILD_ROOT/etc/qubes_rpc +cp qubes.VMShell $RPM_BUILD_ROOT/etc/qubes_rpc mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/dom0-updates mkdir -p $RPM_BUILD_ROOT/etc/X11 @@ -143,6 +146,7 @@ rm -rf $RPM_BUILD_ROOT /usr/lib/qubes/qvm-copy-to-vm2.gnome /usr/bin/qvm-open-in-dvm2 /usr/bin/qvm-open-in-vm +/usr/bin/qvm-run /usr/lib/qubes/meminfo-writer /usr/lib/qubes/vm-file-editor %{kde_service_dir}/qvm-copy.desktop @@ -153,10 +157,13 @@ rm -rf $RPM_BUILD_ROOT /usr/lib/qubes/qfile-agent /usr/lib/qubes/qopen-in-vm /usr/lib/qubes/qfile-unpacker +/usr/lib/qubes/vm-shell +/usr/lib/qubes/qrun-in-vm %dir /mnt/removable %dir /etc/qubes_rpc /etc/qubes_rpc/qubes.Filecopy /etc/qubes_rpc/qubes.OpenInVM +/etc/qubes_rpc/qubes.VMShell /usr/bin/qubes_timestamp %dir /home_volatile %attr(700,user,user) /home_volatile/user