Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign upSupport a single qrexec service argument, available to qrexec policy #1876
Comments
marmarek
added
enhancement
C: core
P: major
release-notes
labels
Mar 27, 2016
marmarek
added this to the Release 3.2 milestone
Mar 27, 2016
marmarek
closed this
in
marmarek/qubes-core-admin-linux@0607d90
Mar 27, 2016
added a commit
to marmarek/old-qubes-core-agent-linux
that referenced
this issue
Mar 27, 2016
added a commit
to marmarek/old-qubes-core-admin
that referenced
this issue
Mar 29, 2016
added a commit
to QubesOS/qubes-doc
that referenced
this issue
May 15, 2016
added a commit
to marmarek/qubes-core-admin-linux
that referenced
this issue
May 20, 2016
added a commit
to marmarek/qubes-core-admin-linux
that referenced
this issue
May 25, 2016
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
marmarek commentedMar 27, 2016
The idea is to have control over qrexec policy not only based on service, but also based on some argument. This will allow to implement something like "allow service X, but only with argument Y". In most cases better idea is to have separate services or domains for that (for example multiple gpg backend domains), but there are use cases where it still can be a good idea. For example PV USB (#531) (USBIP variant) - "allow attaching this particular USB device" (creating separate services for that doesn't scale...).
As for implementation details, that argument will be encoded into service name, after
+sign. This way it doesn't require major protocol change. Changes include:+in service name+stripped) if full name isn't found - for both qrexec policy (/etc/qubes-rpc/policy/*) and qrexec target script (/etc/qubes-rpc/*).This means that target script may be named
/etc/qubes-rpc/some.service, and it will be called for bothsome.serviceandsome.service+argument(unless/etc/qubes-rpc/some.service+argumentexists). Policy can be set for different arguments in appropriate/etc/qubes-rpc/policy/some.service+argument, then default policy in/etc/qubes-rpc/policy/some.service(most likely plain deny - empty file will do).Target script will receive service argument as... its argument. Additionally there may be environment variable with it available, but it hasn't been decided whether it will be part of stable API.