-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Thu, Dec 16, 2021 at 12:17:44AM +0100, Manuel Amador (Rudd-O) wrote: > Prefacing this response with: > > I went with the implementation as designed by the document. In the future I > will revise argument passing to use the new 4.1 style, instead of base64 > over pipes. Currently the implementation uses a custom-made dialog — a very > nice one, if I do say so myself — in the spirit of the feature request > #5853.
:) > On 14/12/2021 15.28, Marek Marczykowski-Górecki wrote: > > I think it looks ok. Regarding one-time access, I'd rather specify it > > with a timeout, to avoid cases when the client VM requests authorization but > > uses it much later. > > This will land in the project's to-do list and will be implemented at some > point in the future. Patches always welcome! > > > > > One thing you may want to consider is interaction with GUI domain - in > > this case dom0 couldn't directly ask the user, but rather ask the GUI > > domain to display the prompt. We do this for normal policy prompts. > > Anyway, it's of course up to you whether you support GUI domain or > > not... > > Yes, I intend to support the GUI domain. *How do I do this?* Right now my > code merely spawns up, from dom0, a GUI dialog using DISPLAY:=0. This was > lifted from other parts of the Qubes repositories. If going with standard qrexec prompt (+#5853), you'd get that for free ;) Otherwise, you need a qrexec service that calls into GUI domain to do the prompt (and then validate its output to really allow only the thing that was asked about, not something else). Basically, factor out the prompt code into separate file, then call it via `qvm-run --service ...` instead of directly. Here is how qrexec policy prompt is doing it: https://github.com/QubesOS/qubes-core-qrexec/blob/master/qrexec/tools/qrexec_policy_exec.py#L64-L112 - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAmG6g08ACgkQ24/THMrX 1yyy/wf+MP+ZLD3cgBPZivLwOaIyZGWn6I/nmaCEQnmjv6xnUw/gp37fEJIaDn1p olyP4egGDSb0pDgf9F2JUfPNX9iO59AUdmxkq7tuQWNzP/Hp8vtcFR3vzS4Sug9H TCW40s4KR3YMRR/I2icTe8KvuCqYrt7gE2WEFxuQ256OJtUM5VTfHZaEX4iy6MU9 P568+i34F7IEmj4p9ZvYAQBDgZXiuFCDi5Xo37Ma5U9kG8SQEwiPS9q5PTNkF065 N3sQqW+J1XDAIZRa2fAGnKcRwAFFm9Xdnap3JhaoiWlk5CaSJLWinLD/qH9WEbo7 /swlVqBnPt0uc/tWjuOi1UAt4dw7Ew== =yfj2 -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/YbqDTxMnZI5DINZi%40mail-itl.
