After the change of target keywords, apply transparen translation from
old names. This will avoid breaking calls from not updated VMs. Apply
this change only in stable branch.
Those parameters eventually may eventually be passed to a shell script
(at least /usr/lib/qubes/qubes-rpc-multiplexer). While it is possible to
properly escape shell special characters, lets do safer and less fragile
thing: forbid such characters entirely.
In case of target name, qrexec policy keywords are allowed, and after
recent change, those contains '@', so allow this char.
(cherry picked from commit cf28dad1943bd424b2ed23000cdcfd32d8e3190c)
There was a second place with exactly the same bug. See
dad208a "qrexec: fix pending requests cleanup code" for details.
FixesQubesOS/qubes-issues#2699
(cherry picked from commit 8719e5d74c)
There was a logic error in pending requests cleanup code, causing
policy_pending_max being set to 0, even if there were more pending
requests. This effectively limited maximum pending requests to 1, after
some system uptime, because policy_pending_max set to 0 makes the code
looks only at the first pending request slot.
While at it, remove outdated FIXME comment, actually this bug is in the
code implementing this FIXME.
FixesQubesOS/qubes-issues#2699
This will prevent passing an option instead of command (qvm-run) /
domain name (qrexec-policy). In both cases when VM tries to pass some
option it would fail because missing argument then - VM can not pass
additional arguments, so if one act as an option, one argument will be
missing).
If the timeout is 1, attempting to retry would not actually retry,
since i would be incremented just after being reset to 0, and would
thus break out of the loop.
Will be used to keep qrexec-daemon running in the background even if no
qrexec-agent installed (yet). Specifically to give the VM a chance to
inform about just installed agent.