Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add qrexec-client-vm man page

Browse Source 
This clarifies and also defines some corner cases like exit code
reporting.

QubesOS/qubes-issues#2861
This commit is contained in:
Marek Marczykowski-Górecki 2017-06-20 23:34:43 +02:00
parent cfbd50a936
commit ff26dcfe53
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
3 changed files with 78 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
debian/qubes-core-agent-qrexec.install vendored
View File

@ -5,3 +5,4 @@ usr/lib/qubes/qrexec-agent
usr/lib/qubes/qrexec-client-vm
usr/lib/qubes/qrexec_client_vm
usr/lib/qubes/qubes-rpc-multiplexer
usr/share/man/man1/qrexec-client-vm.1.gz

76
doc/vm-tools/qrexec-client-vm.rst Normal file
View File

@ -0,0 +1,76 @@
================
qrexec-client-vm
================
NAME
====
qrexec-client-vm - call Qubes RPC service
SYNOPSIS
========
| qrexec-client-vm *target_vmname* *service* [*local_program* [*local program arguments*]]
DESCRIPTION
===========
Call Qubes RPC (aka qrexec) service to a different VM. The service call request
is sent to dom0, where Qubes RPC policy is evaluated and when it allows the
call, it is forwarded to appropriate target VM (which may be different than
requested, if policy says so). Local program (if given) is started only
when service call is allowed by the policy.
Remote service can communicate with the caller (``qrexec-client-vm``) using
stdin/stdout. When *local_program* is given, its stdin/stdout is connected to
service stdin/stdout (stderr is not redirected), otherwise - service
stdin/stdout is connected to those of ``qrexec-client-vm``.
OPTIONS
=======
*target_vmname*
Name of target VM to which service is requested. Qubes RPC policy may
ignore this value and redirect call somewhere else.
This argument, can contain VM name, or one of special values:
* ``$default`` or empty string - let Qubes RPC policy decide, without giving any preference
* ``$dispvm`` - new Disposable VM
* ``$dispvm:dispvm-template`` - new Disposable VM based on *dispvm-template*
This field is limited to 31 characters (alphanumeric, plus ``-_.$``).
*service*
Requested service. Besides service name, it can contain a service argument
after ``+`` character. For example ``some.service+argument``.
This field is limited to 63 characters (alphanumeric, plus ``-_.$+``).
*local_program*
Full path to local program to be connected with remote service. Optional.
*local program arguments*
Arguments to *local_program*. Optional.
EXIT STATUS
===========
If service call is allowed by dom0 and ``qrexec-client-vm`` is started without
*local_program* argument, it reports remote service exit code.
If service call is allowed by dom0 and ``qrexec-client-vm`` is started with
*local_program* argument, it reports the local program exit code. There is no
way to learn exit code of remote service in this case.
If service call is denied by dom0, ``qrexec-client-vm`` exit with status 126.
AUTHORS
=======
| Joanna Rutkowska <joanna at invisiblethingslab dot com>
| Rafal Wojtczuk <rafal at invisiblethingslab dot com>
| Marek Marczykowski-Górecki <marmarek at invisiblethingslab dot com>

1
rpm_spec/core-agent.spec
View File

@ -618,6 +618,7 @@ rm -f %{name}-%{version}
/usr/lib/qubes/qrexec_client_vm
/usr/lib/qubes/qubes-rpc-multiplexer
/lib/systemd/system/qubes-qrexec-agent.service
%{_mandir}/man1/qrexec-client-vm.1*
%files nautilus
/usr/lib/qubes/qvm-copy-to-vm.gnome