From 1a24c1970267256580f3fdf0ac002e7c7c8c39af Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Mon, 29 Aug 2011 16:46:44 +0200 Subject: [PATCH 1/3] qrexec: implement qvm-run command for AppVMs It is build upon qrexec2, qubes.VMShell command. So, in order to e.g. start firefox in a fresh dispVM, do qvm-run '$dispvm' firefox http://www.qubes-os.org --- appvm/qrun-in-vm | 4 ++++ appvm/qubes.VMShell | 1 + appvm/qubes.VMShell.policy | 7 +++++++ appvm/qvm-run | 29 +++++++++++++++++++++++++++++ appvm/vm-shell | 3 +++ rpm_spec/core-appvm.spec | 7 +++++++ 6 files changed, 51 insertions(+) create mode 100755 appvm/qrun-in-vm create mode 100644 appvm/qubes.VMShell create mode 100644 appvm/qubes.VMShell.policy create mode 100755 appvm/qvm-run create mode 100755 appvm/vm-shell diff --git a/appvm/qrun-in-vm b/appvm/qrun-in-vm new file mode 100755 index 0000000..6b2e1bb --- /dev/null +++ b/appvm/qrun-in-vm @@ -0,0 +1,4 @@ +#!/bin/sh +# pass aguments to the remote stdin, shovel back the remote output +echo "$@" +exec /bin/cat >&$SAVED_FD_1 diff --git a/appvm/qubes.VMShell b/appvm/qubes.VMShell new file mode 100644 index 0000000..7ca3b5e --- /dev/null +++ b/appvm/qubes.VMShell @@ -0,0 +1 @@ +/usr/lib/qubes/vm-shell \ No newline at end of file diff --git a/appvm/qubes.VMShell.policy b/appvm/qubes.VMShell.policy new file mode 100644 index 0000000..4121733 --- /dev/null +++ b/appvm/qubes.VMShell.policy @@ -0,0 +1,7 @@ +## Note that policy parsing stops at the first match, +## so adding anything below "$anyvm $anyvm action" line will have no effect + +## Please use a single # to start your custom comments + +$anyvm $dispvm allow +$anyvm $anyvm ask diff --git a/appvm/qvm-run b/appvm/qvm-run new file mode 100755 index 0000000..eaae613 --- /dev/null +++ b/appvm/qvm-run @@ -0,0 +1,29 @@ +#!/bin/bash +# +# The Qubes OS Project, http://www.qubes-os.org +# +# Copyright (C) 2010 Rafal Wojtczuk +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +# +# + +if [ $# -lt 2 ] ; then + echo "Usage: $0 vmname command arguments" + exit 1 +fi +VMNAME=$1 +shift +exec /usr/lib/qubes/qrexec_client_vm $VMNAME qubes.VMShell "/usr/lib/qubes/qrun-in-vm" "$@" diff --git a/appvm/vm-shell b/appvm/vm-shell new file mode 100755 index 0000000..d06e398 --- /dev/null +++ b/appvm/vm-shell @@ -0,0 +1,3 @@ +#!/bin/sh +# just ignore the cmdline argument (the remote vm name) +exec /bin/bash diff --git a/rpm_spec/core-appvm.spec b/rpm_spec/core-appvm.spec index 5822770..229ac11 100644 --- a/rpm_spec/core-appvm.spec +++ b/rpm_spec/core-appvm.spec @@ -77,6 +77,7 @@ mkdir -p $RPM_BUILD_ROOT/usr/bin cp qubes_timestamp qvm-open-in-dvm2 $RPM_BUILD_ROOT/usr/bin cp qvm-open-in-vm $RPM_BUILD_ROOT/usr/bin cp qvm-copy-to-vm $RPM_BUILD_ROOT/usr/bin +cp qvm-run $RPM_BUILD_ROOT/usr/bin mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes cp qvm-copy-to-vm2.kde $RPM_BUILD_ROOT/usr/lib/qubes cp qvm-copy-to-vm2.gnome $RPM_BUILD_ROOT/usr/lib/qubes @@ -84,6 +85,7 @@ cp ../qrexec/qrexec_agent $RPM_BUILD_ROOT/usr/lib/qubes cp ../qrexec/qrexec_client_vm $RPM_BUILD_ROOT/usr/lib/qubes cp ../qrexec/qubes_rpc_multiplexer $RPM_BUILD_ROOT/usr/lib/qubes cp vm-file-editor qfile-agent qopen-in-vm qfile-unpacker $RPM_BUILD_ROOT/usr/lib/qubes +cp vm-shell qrun-in-vm $RPM_BUILD_ROOT/usr/lib/qubes cp ../common/meminfo-writer $RPM_BUILD_ROOT/usr/lib/qubes mkdir -p $RPM_BUILD_ROOT/%{kde_service_dir} cp qvm-copy.desktop qvm-dvm.desktop $RPM_BUILD_ROOT/%{kde_service_dir} @@ -91,6 +93,7 @@ mkdir -p $RPM_BUILD_ROOT/mnt/removable mkdir -p $RPM_BUILD_ROOT/etc/qubes_rpc cp qubes.Filecopy $RPM_BUILD_ROOT/etc/qubes_rpc cp qubes.OpenInVM $RPM_BUILD_ROOT/etc/qubes_rpc +cp qubes.VMShell $RPM_BUILD_ROOT/etc/qubes_rpc mkdir -p $RPM_BUILD_ROOT/var/lib/qubes/dom0-updates mkdir -p $RPM_BUILD_ROOT/etc/X11 @@ -143,6 +146,7 @@ rm -rf $RPM_BUILD_ROOT /usr/lib/qubes/qvm-copy-to-vm2.gnome /usr/bin/qvm-open-in-dvm2 /usr/bin/qvm-open-in-vm +/usr/bin/qvm-run /usr/lib/qubes/meminfo-writer /usr/lib/qubes/vm-file-editor %{kde_service_dir}/qvm-copy.desktop @@ -153,10 +157,13 @@ rm -rf $RPM_BUILD_ROOT /usr/lib/qubes/qfile-agent /usr/lib/qubes/qopen-in-vm /usr/lib/qubes/qfile-unpacker +/usr/lib/qubes/vm-shell +/usr/lib/qubes/qrun-in-vm %dir /mnt/removable %dir /etc/qubes_rpc /etc/qubes_rpc/qubes.Filecopy /etc/qubes_rpc/qubes.OpenInVM +/etc/qubes_rpc/qubes.VMShell /usr/bin/qubes_timestamp %dir /home_volatile %attr(700,user,user) /home_volatile/user From 890030354db5965eb3ed1f5581d8a6cec12ea16a Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Mon, 29 Aug 2011 17:27:48 +0200 Subject: [PATCH 2/3] qvm-open-in-*: recognize when the parameter is an url and wrap it in html meta refresh tag, so that it will be opened by the default browser. --- appvm/qvm-open-in-dvm2 | 5 ++++- appvm/qvm-open-in-vm | 5 +++-- appvm/wrap_in_html_if_url.sh | 17 +++++++++++++++++ rpm_spec/core-appvm.spec | 2 ++ 4 files changed, 26 insertions(+), 3 deletions(-) create mode 100644 appvm/wrap_in_html_if_url.sh diff --git a/appvm/qvm-open-in-dvm2 b/appvm/qvm-open-in-dvm2 index 25e8904..2e04aaf 100755 --- a/appvm/qvm-open-in-dvm2 +++ b/appvm/qvm-open-in-dvm2 @@ -25,4 +25,7 @@ if ! [ $# = 1 ] ; then exit 1 fi -exec /usr/lib/qubes/qrexec_client_vm '$dispvm' qubes.OpenInVM "/usr/lib/qubes/qopen-in-vm" "$1" +. /usr/lib/qubes/wrap_in_html_if_url.sh +wrap_in_html_if_url "$1" + +exec /usr/lib/qubes/qrexec_client_vm '$dispvm' qubes.OpenInVM "/usr/lib/qubes/qopen-in-vm" "$FILE_ARGUMENT" diff --git a/appvm/qvm-open-in-vm b/appvm/qvm-open-in-vm index ffd087e..5751270 100755 --- a/appvm/qvm-open-in-vm +++ b/appvm/qvm-open-in-vm @@ -24,5 +24,6 @@ if ! [ $# = 2 ] ; then echo "Usage: $0 vmname filename" exit 1 fi - -exec /usr/lib/qubes/qrexec_client_vm "$1" qubes.OpenInVM "/usr/lib/qubes/qopen-in-vm" "$2" +. /usr/lib/qubes/wrap_in_html_if_url.sh +wrap_in_html_if_url "$2" +exec /usr/lib/qubes/qrexec_client_vm "$1" qubes.OpenInVM "/usr/lib/qubes/qopen-in-vm" "$FILE_ARGUMENT" diff --git a/appvm/wrap_in_html_if_url.sh b/appvm/wrap_in_html_if_url.sh new file mode 100644 index 0000000..12d9225 --- /dev/null +++ b/appvm/wrap_in_html_if_url.sh @@ -0,0 +1,17 @@ +wrap_in_html_if_url() +{ + case "$1" in + *://*) + FILE_ARGUMENT=$(mktemp) + + echo -n '> $FILE_ARGUMENT + echo '">' >> $FILE_ARGUMENT + ;; + *) + FILE_ARGUMENT="$1" + ;; + esac +} + + \ No newline at end of file diff --git a/rpm_spec/core-appvm.spec b/rpm_spec/core-appvm.spec index 229ac11..5b26f83 100644 --- a/rpm_spec/core-appvm.spec +++ b/rpm_spec/core-appvm.spec @@ -79,6 +79,7 @@ cp qvm-open-in-vm $RPM_BUILD_ROOT/usr/bin cp qvm-copy-to-vm $RPM_BUILD_ROOT/usr/bin cp qvm-run $RPM_BUILD_ROOT/usr/bin mkdir -p $RPM_BUILD_ROOT/usr/lib/qubes +cp wrap_in_html_if_url.sh $RPM_BUILD_ROOT/usr/lib/qubes cp qvm-copy-to-vm2.kde $RPM_BUILD_ROOT/usr/lib/qubes cp qvm-copy-to-vm2.gnome $RPM_BUILD_ROOT/usr/lib/qubes cp ../qrexec/qrexec_agent $RPM_BUILD_ROOT/usr/lib/qubes @@ -159,6 +160,7 @@ rm -rf $RPM_BUILD_ROOT /usr/lib/qubes/qfile-unpacker /usr/lib/qubes/vm-shell /usr/lib/qubes/qrun-in-vm +/usr/lib/qubes/wrap_in_html_if_url.sh %dir /mnt/removable %dir /etc/qubes_rpc /etc/qubes_rpc/qubes.Filecopy From 98ca80a9813e2c024940b93ee66601e568438d85 Mon Sep 17 00:00:00 2001 From: Rafal Wojtczuk Date: Mon, 29 Aug 2011 17:34:15 +0200 Subject: [PATCH 3/3] qvm-run (in vm): accept --dispvm argument --- appvm/qvm-run | 3 +++ 1 file changed, 3 insertions(+) diff --git a/appvm/qvm-run b/appvm/qvm-run index eaae613..54e296f 100755 --- a/appvm/qvm-run +++ b/appvm/qvm-run @@ -26,4 +26,7 @@ if [ $# -lt 2 ] ; then fi VMNAME=$1 shift +if [ $VMNAME = "--dispvm" ] ; then + VMNAME='$dispvm' +fi exec /usr/lib/qubes/qrexec_client_vm $VMNAME qubes.VMShell "/usr/lib/qubes/qrun-in-vm" "$@"