question on 'service-name' for the new (R4.2) qrexec policy

Boryeu Mao

unread,

Feb 12, 2024, 7:56:27 PM2/12/24

to qubes-users

For R4.1.2 I had some RPC calls with + and - characters in the file name. These are considered as invalid characters to be part of service names in the new qrexec policy format (e.g. in /etc/qubes/policy.d/30-user.policy). Using wild card * works, but I wonder if there is any way to keep these characters in explicitly specifying the calls. Thank you.

Boryeu Mao

unread,

Feb 12, 2024, 7:58:03 PM2/12/24

to qubes-users

Correction - only + is considered as invalid character.

Rusty Bird

unread,

Feb 13, 2024, 8:21:05 AM2/13/24

to Boryeu Mao, qubes-users

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Boryeu Mao:

> > For R4.1.2 I had some RPC calls with + and - characters in the file
> > name. These are considered as invalid characters to be part of service
> > names in the new qrexec policy format (e.g. in
> > /etc/qubes/policy.d/30-user.policy). Using wild card * works, but I
> > wonder if there is any way to keep these characters in explicitly
> > specifying the calls.

> Correction - only + is considered as invalid character.

Already in the old format, a file /etc/qubes-rpc/policy/foo+bar+baz
actually specified the policy for a qrexec service named 'foo' called
with one argument 'bar+baz'.

(Invoking qrexec-client-vm for 'foo+bar+baz' will attempt to execute a
specialized implementation at /etc/qubes-rpc/foo+bar+baz first, or if
that doesn't exist /etc/qubes-rpc/foo for a general implementation.
That is still the same in R4.2.)

In the new policy format this would be written as a line starting with

foo +bar+baz

Note the whitespace before the first '+' character, which makes it a
little bit clearer what's going on.

Rusty
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEhLWbz8YrEp/hsG0ERp149HqvKt8FAmXLaSlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDg0
QjU5QkNGQzYyQjEyOUZFMUIwNkQwNDQ2OUQ3OEY0N0FBRjJBREYACgkQRp149Hqv
Kt+a5g/+OirPpQTa3qsPULMrXFMNqyuuKkohAvFuCoOpBRlJK5KazFju9C9Nnu5b
377A5z/x2SIQldHgTKxDpHhymohr9d63CxCM9iKGMSJECaBWSJA3iSLTjBzp8KUZ
JZ3bTNdbztG6Pd06xNNCj3qpIUEDSV3cxkE4hPf3wpAqrhG3RRtpaJZ0CJ9QTxxX
Cg+IHMo/jalItP5dDCOizF8XZwNxO6sYfXGdVS7PsRIVsoaAJyN+b1/EG0HWfwh4
kqqG5ZMX3vYRkTFOfveWkEKKc4OPOAQ1RvD+CclceneUvPVDn39tUONeL5ptD6cK
Np+T/fMbrrW/0k280RJbaNj8H73SCRzMBG0zl1WrFKzYVAUL8kJi/0tJqJkqRArv
Dg2pT6GqUG0agzLf6tLeVyGYHpJ6OwJAIBJTo54k7+IXpUZltYxPKJbTEXKPfcri
jKCjNIWcMC44xKIFAxrqcdYcPWOBjPAxHFYiMJEq6Go4ufXU8atBdzD/4nzZOZPD
rUUM6NDDyiigcUUw13v9ccERXjwdPE575eUMhXO923Ce7TsUsFrSbA6pASa+BRyJ
4yeb36HMR0opkqhftxjN9QPPMLBGSNmQ+DTq7TZYT75jz8WoAvykBFsQ+FkoFCxN
7fKAbCAdVdRA6329PM/sO2YRKH+r6t7uVpjtJJcR5NFkN/J4mQ0=
=hsTB
-----END PGP SIGNATURE-----

Boryeu Mao

unread,

Feb 13, 2024, 11:04:28 AM2/13/24

to qubes-users

Thanks very much -- the details helped a lot.

Case closed.

Reply all

Reply to author

Forward