QubesOS/qubes-core-admin-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
479 Commits 8 Branches 294 Tags 2.8 MiB
ee878fa40a
Commit Graph

9 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
d54d953af1
qrexec: use separate variables for original target type and value 
Avoid passing special characters (like '$' or '@') to the service, even
if in environment variable. Use separate variable (and
qubes-rpc-multiplexer argument) to provide type of original target.
There are two:
 - specific VM by name ("name")
 - special name, like $adminvm, $dispvm etc ("keyword")

Then, use separate variables to provide actual value:
 - QREXEC_REQUESTED_TARGET_KEYWORD (if _TYPE == "keyword")
 - QREXEC_REQUESTED_TARGET (if _TYPE == "name")

The later one intentionally is the same as in previous implementation,
to preserve compatibility.
 2018-02-19 03:30:04 +01:00
Marek Marczykowski-Górecki
8fd4d9e853
qrexec: adjust for new qrexec-policy 
New qrexec-policy can provide information about original target domain,
even if later overriden by policy (using target= keyword).
 2017-05-18 01:44:25 +02:00
Marek Marczykowski-Górecki
21bec492e8
qrexec: add service argument support 
Fixes QubesOS/qubes-issues#1876

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
 2016-05-19 15:39:08 +02:00
Marek Marczykowski-Górecki
c629529565
qrexec: prefer VM-local service file (if present) over default one 
This will allow a service to be overridden per-VM.

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
 2016-05-19 15:39:08 +02:00
Wojtek Porczyk
c4cf6b646b
qubes-rpc-multiplexer: deprecate /etc/qubes_rpc, allow /usr/local 
/usr/local resides in private.img, so it is possible to define per-appvm RPC

Also, with the upcoming 3.0 release support for old (R1) paths is
removed.

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
 2016-05-19 15:39:08 +02:00
Marek Marczykowski-Górecki
f8d23d0d64
qrexec: execute RPC service directly (without a shell) if it has executable bit set 
This will allow to use some different shell/language for a service (for
example python).

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
 2016-05-19 15:39:07 +02:00
Marek Marczykowski-Górecki
7b582e0339
qrexec: do not leak FDs to logger process 
This would prevent qrexec from detecting EOF.

Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
 2016-05-19 15:39:07 +02:00
Marek Marczykowski-Górecki
9de6171a43 qubes-rpc: log (local) service output to syslog, discard stderr from VMs (#842) 
Basically - store the logs where the service is running.
 2014-05-05 05:27:08 +02:00
Marek Marczykowski
158bfff3cf Add qrexec back, use qubes-utils libraries for common code 2013-03-20 06:24:17 +01:00