Those parameters eventually may eventually be passed to a shell script
(at least /usr/lib/qubes/qubes-rpc-multiplexer). While it is possible to
properly escape shell special characters, lets do safer and less fragile
thing: forbid such characters entirely.
In case of target name, qrexec policy keywords are allowed, and after
recent change, those contains '@', so allow this char.
- only have one button, because "yes/no" makes no sense in this context
- inform use to use "-t pv" for xl console, because otherwise it won't
work for HVM domains.
- use the actual VM name, not "vmname"
There was a second place with exactly the same bug. See
dad208a "qrexec: fix pending requests cleanup code" for details.
FixesQubesOS/qubes-issues#2699
There was a logic error in pending requests cleanup code, causing
policy_pending_max being set to 0, even if there were more pending
requests. This effectively limited maximum pending requests to 1, after
some system uptime, because policy_pending_max set to 0 makes the code
looks only at the first pending request slot.
While at it, remove outdated FIXME comment, actually this bug is in the
code implementing this FIXME.
FixesQubesOS/qubes-issues#2699
Normally when qrexec-client setup VM-VM connection it exits
immediatelly. But it may be useful to wait for the connection to
terminate - for example to cleanup DispVM.
qrexec-daemon (the one that allocated vchan port) do receive such
notification, so expose such option to qrexec-client.
QubesOS/qubes-issues#2253
This will prevent passing an option instead of command (qvm-run) /
domain name (qrexec-policy). In both cases when VM tries to pass some
option it would fail because missing argument then - VM can not pass
additional arguments, so if one act as an option, one argument will be
missing).
If the timeout is 1, attempting to retry would not actually retry,
since i would be incremented just after being reset to 0, and would
thus break out of the loop.
Will be used to keep qrexec-daemon running in the background even if no
qrexec-agent installed (yet). Specifically to give the VM a chance to
inform about just installed agent.
