[qubes-users] How to use the raw vchan library - no Qrexec

[nicholas roveda]

I want to experiment a bit with the vchan library and develop a program that 
make unprivileged VMs communicate without using the network and without Qrexec 
or any Qubes specific framework. 

Qubes OS run on top of Xen, so it should be possible to use the vchan library 
inside the unprivileged domains.

1) In the sites its described a communication between Dom0 and a VM, but I need 
to establish variuos bidirectional channels between VMs. Is it possible?

2) Does Qubes OS use a different version of the vchan library or set up 
specific limitations that could make the job harder?

3) In the libs folders I found all the libraries I think I need, but I couldn't 
find any header (libxenvchan.h, ...) in the VMs systems, so do I need to 
compile and install Xen from source, to be able to write my own programs, even 
on Qubes?
And if I wanted to distribute a package, the default Debian/Fedora templates 
would need extra deps?


I've tried to write a new header with the `extern` declarations and compile 
'node.c'  from /xen/tools/libvchan: 
[https://github.com/xen-project/xen/blob/master/tools/libvchan/node.c] as a 
test, linking the binary to 'libvchan-xen.so', which I think its Qubes specific 
and 'libxenvchan.so' in a second attempt.

The compilation succeded, but the program couldn't establish any connections 
between VMs:
user@develop:~/myvchan$ ./node server write 3 /data/vchan
libxenvchan_*_init: Permission denied
user@develop:~/myvchan$ ./node server write 3 
libxenvchan_*_init: Permission denied
user@develop:~/myvchan$ ./node client read 3 /data/vchan
libxenvchan_*_init: Permission denied
user@develop:~/myvchan$ ./node client read  3 /local/domain//myc
libxenvchan_*_init: No such file or directory
user@develop:~/myvchan$ xenstore-exists /local/domain//matrix
user@develop:~/myvchan$ echo $?
0


Anyone can explain me what I'm missing and guide me through the right procedure 
?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5a2a4aec-7ff7-4749-a22f-beff4adba51e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to use the raw vchan library - no Qrexec

[Rusty Bird]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

nicholas roveda:
> I want to experiment a bit with the vchan library and develop a
> program that make unprivileged VMs communicate without using the
> network and without Qrexec or any Qubes specific framework.

I'd imagine this is supposed to be forbidden (because it would be a
_high-bandwidth_ communication channel between VMs that may not be
intended by the admin to communicate with each other), but I don't
know if it actually is and how.

If only there were qrexec/vchan/grantref Wireshark dissectors. Come to
think of it, that sounds like a splendid GSoC project...

Rusty
-BEGIN PGP SIGNATURE-

iQJ8BAEBCgBmBQJbeckCXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfx80P/A97qaUsMLQLgdufudeHabm9
+a9YXKdHk8ho9u1ocOSpnsyJkl5GimPBFOsWcEIke9pTm7hDq/7gQhjV12Woczyl
7xrZYZBiPgc0yV+4+BhEuCPyLp2JBhf37KyS0mfjdClfc4AArjZwv3kSKwZdKx5T
o6CU0DrLl1WyKn+385yLU8ldE+xyrGzAmznCZvSK8bE3YEXKfW5PnfrftYTMOqWD
FOk9QE6Bd9CadkzH+FT4RK0AMA/0xFbJRS2eQXC3MXQuT+lua54OTxCqpX4WKl9z
+BEG3XtWQCC7H+j83xjNnZtnCypC69EV8B+QSm4wf8HNzuw+MfUf9eYj6LZxeCtW
ZcB1bSqkgg4YhfTHmc0SL/7MtiBrzGvg1x4k2uI5kqsLtpixgwEhkLSfDa948LZN
qelBynIOopokVCNwhTKFWHGilY0x2erAdxMtJH93uN56wwB3+oJw/0r0oCWegU2E
XmMXNDbU87ywKqjD5cMS/oChIo788QTzNy35v8kfkzjEriZe81eXw95WDYLK6I0u
9QD/PpYsQcaOfyCulfFBoPw/XNvARlautLUXAxcMod2nppG4OvrXaIaic8lxWd30
dCNlYnDaB9+vhCIBveQqOyWx/XWUyk6RzJFpqvySEHj348ZaC2Ke4WLIjH690mi7
ek2sk851gNFKZyrzNn/1
=X/fq
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180819194610.GA1540%40mutt.
For more options, visit https://groups.google.com/d/optout.