Just realized I sent this as "reply" instead of "reply all". Sorry for the spam, Ulrich, but I want to make sure this is visible to others who might have a similar problem.
I think the problem is that the URL doesn't end up getting quoted on the other end. When this is sent: [quote="Ulrich_Windl1, post:3, topic:24602"] #!/bin/bash qvm-run-vm '$dispvm' /bin/firefox "$1" [/quote] The VM will end up getting the URL value with no quotes, because the quotes in that script are only for the local bash interpreter, not sent to `qvm-run-vm`. The whole expression is quoted in the exec line, but bash will interpret the line so the ampersand causes a background process to start instead of being incorporated in the URL. I'm not sure if this is a problem in `qvm-run-vm`. Some people might want to take advantage of the shell interpretation. And since the caller is able to run any arbitrary shell command anyway, problems like leaking environment variables aren't particularly relevant (they have permission to see that if they have permission to run arbitrary commands, and output is returned to the caller by design). I would guess that updating the `run-vm-firefox` command to quote the URL within the double-quotes will fix it. [Also note that the `$` is deprecated, as described in this article](https://www.qubes-os.org/news/2020/06/22/new-qrexec-policy-system/#security-in-symbols). The new symbol is `@`; I have only used in in policy files, but I assume that it will work here too so long as you are running 4.1 or newer. So the new file would look like this: ```bash #!/bin/bash qvm-run-vm '@dispvm' /bin/firefox "'$1'" ``` -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9bbcc208-8883-46c9-befe-788ed663553c%40protonmail.com.
