Re: [qubes-users] Re: question on 'service-name' for the new (R4.2) qrexec policy
Thanks very much -- the details helped a lot. Case closed. On Tuesday, February 13, 2024 at 5:21:05 AM UTC-8 Rusty Bird wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Boryeu Mao: > > > For R4.1.2 I had some RPC calls with + and - characters in the file > > > name. These are considered as invalid characters to be part of service > > > names in the new qrexec policy format (e.g. in > > > /etc/qubes/policy.d/30-user.policy). Using wild card * works, but I > > > wonder if there is any way to keep these characters in explicitly > > > specifying the calls. > > > Correction - only + is considered as invalid character. > > Already in the old format, a file /etc/qubes-rpc/policy/foo+bar+baz > actually specified the policy for a qrexec service named 'foo' called > with one argument 'bar+baz'. > > (Invoking qrexec-client-vm for 'foo+bar+baz' will attempt to execute a > specialized implementation at /etc/qubes-rpc/foo+bar+baz first, or if > that doesn't exist /etc/qubes-rpc/foo for a general implementation. > That is still the same in R4.2.) > > In the new policy format this would be written as a line starting with > > foo +bar+baz > > Note the whitespace before the first '+' character, which makes it a > little bit clearer what's going on. > > Rusty > -BEGIN PGP SIGNATURE- > > iQKTBAEBCgB9FiEEhLWbz8YrEp/hsG0ERp149HqvKt8FAmXLaSlfFIAALgAo > aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDg0 > QjU5QkNGQzYyQjEyOUZFMUIwNkQwNDQ2OUQ3OEY0N0FBRjJBREYACgkQRp149Hqv > Kt+a5g/+OirPpQTa3qsPULMrXFMNqyuuKkohAvFuCoOpBRlJK5KazFju9C9Nnu5b > 377A5z/x2SIQldHgTKxDpHhymohr9d63CxCM9iKGMSJECaBWSJA3iSLTjBzp8KUZ > JZ3bTNdbztG6Pd06xNNCj3qpIUEDSV3cxkE4hPf3wpAqrhG3RRtpaJZ0CJ9QTxxX > Cg+IHMo/jalItP5dDCOizF8XZwNxO6sYfXGdVS7PsRIVsoaAJyN+b1/EG0HWfwh4 > kqqG5ZMX3vYRkTFOfveWkEKKc4OPOAQ1RvD+CclceneUvPVDn39tUONeL5ptD6cK > Np+T/fMbrrW/0k280RJbaNj8H73SCRzMBG0zl1WrFKzYVAUL8kJi/0tJqJkqRArv > Dg2pT6GqUG0agzLf6tLeVyGYHpJ6OwJAIBJTo54k7+IXpUZltYxPKJbTEXKPfcri > jKCjNIWcMC44xKIFAxrqcdYcPWOBjPAxHFYiMJEq6Go4ufXU8atBdzD/4nzZOZPD > rUUM6NDDyiigcUUw13v9ccERXjwdPE575eUMhXO923Ce7TsUsFrSbA6pASa+BRyJ > 4yeb36HMR0opkqhftxjN9QPPMLBGSNmQ+DTq7TZYT75jz8WoAvykBFsQ+FkoFCxN > 7fKAbCAdVdRA6329PM/sO2YRKH+r6t7uVpjtJJcR5NFkN/J4mQ0= > =hsTB > -END PGP SIGNATURE- > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a1134c89-61d2-470f-b5cb-bebe2971bc72n%40googlegroups.com.
Re: [qubes-users] Re: question on 'service-name' for the new (R4.2) qrexec policy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Boryeu Mao: > > For R4.1.2 I had some RPC calls with + and - characters in the file > > name. These are considered as invalid characters to be part of service > > names in the new qrexec policy format (e.g. in > > /etc/qubes/policy.d/30-user.policy). Using wild card * works, but I > > wonder if there is any way to keep these characters in explicitly > > specifying the calls. > Correction - only + is considered as invalid character. Already in the old format, a file /etc/qubes-rpc/policy/foo+bar+baz actually specified the policy for a qrexec service named 'foo' called with one argument 'bar+baz'. (Invoking qrexec-client-vm for 'foo+bar+baz' will attempt to execute a specialized implementation at /etc/qubes-rpc/foo+bar+baz first, or if that doesn't exist /etc/qubes-rpc/foo for a general implementation. That is still the same in R4.2.) In the new policy format this would be written as a line starting with foo +bar+baz Note the whitespace before the first '+' character, which makes it a little bit clearer what's going on. Rusty -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEEhLWbz8YrEp/hsG0ERp149HqvKt8FAmXLaSlfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDg0 QjU5QkNGQzYyQjEyOUZFMUIwNkQwNDQ2OUQ3OEY0N0FBRjJBREYACgkQRp149Hqv Kt+a5g/+OirPpQTa3qsPULMrXFMNqyuuKkohAvFuCoOpBRlJK5KazFju9C9Nnu5b 377A5z/x2SIQldHgTKxDpHhymohr9d63CxCM9iKGMSJECaBWSJA3iSLTjBzp8KUZ JZ3bTNdbztG6Pd06xNNCj3qpIUEDSV3cxkE4hPf3wpAqrhG3RRtpaJZ0CJ9QTxxX Cg+IHMo/jalItP5dDCOizF8XZwNxO6sYfXGdVS7PsRIVsoaAJyN+b1/EG0HWfwh4 kqqG5ZMX3vYRkTFOfveWkEKKc4OPOAQ1RvD+CclceneUvPVDn39tUONeL5ptD6cK Np+T/fMbrrW/0k280RJbaNj8H73SCRzMBG0zl1WrFKzYVAUL8kJi/0tJqJkqRArv Dg2pT6GqUG0agzLf6tLeVyGYHpJ6OwJAIBJTo54k7+IXpUZltYxPKJbTEXKPfcri jKCjNIWcMC44xKIFAxrqcdYcPWOBjPAxHFYiMJEq6Go4ufXU8atBdzD/4nzZOZPD rUUM6NDDyiigcUUw13v9ccERXjwdPE575eUMhXO923Ce7TsUsFrSbA6pASa+BRyJ 4yeb36HMR0opkqhftxjN9QPPMLBGSNmQ+DTq7TZYT75jz8WoAvykBFsQ+FkoFCxN 7fKAbCAdVdRA6329PM/sO2YRKH+r6t7uVpjtJJcR5NFkN/J4mQ0= =hsTB -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ZctpKVnrYXENkrU3%40mutt.
[qubes-users] Re: question on 'service-name' for the new (R4.2) qrexec policy
Correction - only + is considered as invalid character. On Monday, February 12, 2024 at 4:56:27 PM UTC-8 Boryeu Mao wrote: > For R4.1.2 I had some RPC calls with + and - characters in the file > name. These are considered as invalid characters to be part of service > names in the new qrexec policy format (e.g. in > /etc/qubes/policy.d/30-user.policy). Using wild card * works, but I > wonder if there is any way to keep these characters in explicitly > specifying the calls. Thank you. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5c67e050-3456-4278-a31c-e51f84245934n%40googlegroups.com.