Qubes
/
core-agent-linux


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485
							================
qrexec-client-vm
================

NAME
====
qrexec-client-vm - call Qubes RPC service

SYNOPSIS
========
| qrexec-client-vm [--buffer-size=*BUFFER_SIZE*] *target_vmname* *service* [*local_program* [*local program arguments*]]

DESCRIPTION
===========

Call Qubes RPC (aka qrexec) service to a different VM. The service call request
is sent to dom0, where Qubes RPC policy is evaluated and when it allows the
call, it is forwarded to appropriate target VM (which may be different than
requested, if policy says so). Local program (if given) is started only
when service call is allowed by the policy.

Remote service can communicate with the caller (``qrexec-client-vm``) using
stdin/stdout.  When *local_program* is given, its stdin/stdout is connected to
service stdin/stdout (stderr is not redirected), otherwise - service
stdin/stdout is connected to those of ``qrexec-client-vm``.

OPTIONS
=======

--buffer-size=*BUFFER_SIZE*

    Optional buffer size for vchan connection. This size is used as minimum
    size for a buffer in each connection direction (read and write).
    Default: 64KiB.

*target_vmname*

    Name of target VM to which service is requested. Qubes RPC policy may
    ignore this value and redirect call somewhere else.

    This argument, can contain VM name, or one of special values:

    * ``$default`` or empty string - let Qubes RPC policy decide, without giving any preference 

    * ``$dispvm`` - new Disposable VM

    * ``$dispvm:dispvm-template`` - new Disposable VM based on *dispvm-template*

    This field is limited to 31 characters (alphanumeric, plus ``-_.$``).

*service*

    Requested service. Besides service name, it can contain a service argument
    after ``+`` character. For example ``some.service+argument``.

    This field is limited to 63 characters (alphanumeric, plus ``-_.$+``).

*local_program*

    Full path to local program to be connected with remote service. Optional.

*local program arguments*

    Arguments to *local_program*. Optional.

EXIT STATUS
===========

If service call is allowed by dom0 and ``qrexec-client-vm`` is started without
*local_program* argument, it reports remote service exit code.

If service call is allowed by dom0 and ``qrexec-client-vm`` is started with
*local_program* argument, it reports the local program exit code. There is no
way to learn exit code of remote service in this case.

In both cases, if process (local or remote) was terminated by a signal, exit
status is 128+signal number.

If service call is denied by dom0, ``qrexec-client-vm`` exit with status 126.

AUTHORS
=======
| Joanna Rutkowska <joanna at invisiblethingslab dot com>
| Rafal Wojtczuk <rafal at invisiblethingslab dot com>
| Marek Marczykowski-Górecki <marmarek at invisiblethingslab dot com>