Re: [qubes-users] Re: question on 'service-name' for the new (R4.2) qrexec policy

2024-02-13 Thread Boryeu Mao
Thanks very much -- the details helped a lot.
Case closed.

On Tuesday, February 13, 2024 at 5:21:05 AM UTC-8 Rusty Bird wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Boryeu Mao:
> > > For R4.1.2 I had some RPC calls with + and - characters in the file 
> > > name. These are considered as invalid characters to be part of service 
> > > names in the new qrexec policy format (e.g. in 
> > > /etc/qubes/policy.d/30-user.policy). Using wild card * works, but I 
> > > wonder if there is any way to keep these characters in explicitly 
> > > specifying the calls.
>
> > Correction - only + is considered as invalid character.
>
> Already in the old format, a file /etc/qubes-rpc/policy/foo+bar+baz
> actually specified the policy for a qrexec service named 'foo' called
> with one argument 'bar+baz'. 
>
> (Invoking qrexec-client-vm for 'foo+bar+baz' will attempt to execute a
> specialized implementation at /etc/qubes-rpc/foo+bar+baz first, or if
> that doesn't exist /etc/qubes-rpc/foo for a general implementation.
> That is still the same in R4.2.)
>
> In the new policy format this would be written as a line starting with
>
> foo +bar+baz
>
> Note the whitespace before the first '+' character, which makes it a
> little bit clearer what's going on.
>
> Rusty
> -BEGIN PGP SIGNATURE-
>
> iQKTBAEBCgB9FiEEhLWbz8YrEp/hsG0ERp149HqvKt8FAmXLaSlfFIAALgAo
> aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDg0
> QjU5QkNGQzYyQjEyOUZFMUIwNkQwNDQ2OUQ3OEY0N0FBRjJBREYACgkQRp149Hqv
> Kt+a5g/+OirPpQTa3qsPULMrXFMNqyuuKkohAvFuCoOpBRlJK5KazFju9C9Nnu5b
> 377A5z/x2SIQldHgTKxDpHhymohr9d63CxCM9iKGMSJECaBWSJA3iSLTjBzp8KUZ
> JZ3bTNdbztG6Pd06xNNCj3qpIUEDSV3cxkE4hPf3wpAqrhG3RRtpaJZ0CJ9QTxxX
> Cg+IHMo/jalItP5dDCOizF8XZwNxO6sYfXGdVS7PsRIVsoaAJyN+b1/EG0HWfwh4
> kqqG5ZMX3vYRkTFOfveWkEKKc4OPOAQ1RvD+CclceneUvPVDn39tUONeL5ptD6cK
> Np+T/fMbrrW/0k280RJbaNj8H73SCRzMBG0zl1WrFKzYVAUL8kJi/0tJqJkqRArv
> Dg2pT6GqUG0agzLf6tLeVyGYHpJ6OwJAIBJTo54k7+IXpUZltYxPKJbTEXKPfcri
> jKCjNIWcMC44xKIFAxrqcdYcPWOBjPAxHFYiMJEq6Go4ufXU8atBdzD/4nzZOZPD
> rUUM6NDDyiigcUUw13v9ccERXjwdPE575eUMhXO923Ce7TsUsFrSbA6pASa+BRyJ
> 4yeb36HMR0opkqhftxjN9QPPMLBGSNmQ+DTq7TZYT75jz8WoAvykBFsQ+FkoFCxN
> 7fKAbCAdVdRA6329PM/sO2YRKH+r6t7uVpjtJJcR5NFkN/J4mQ0=
> =hsTB
> -END PGP SIGNATURE-
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a1134c89-61d2-470f-b5cb-bebe2971bc72n%40googlegroups.com.


Re: [qubes-users] Re: question on 'service-name' for the new (R4.2) qrexec policy

2024-02-13 Thread 'Rusty Bird' via qubes-users
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Boryeu Mao:
> > For R4.1.2 I had some RPC calls with + and - characters in the file 
> > name.  These are considered as invalid characters to be part of service 
> > names in the new qrexec policy format (e.g. in 
> > /etc/qubes/policy.d/30-user.policy).  Using wild card * works, but I 
> > wonder if there is any way to keep these characters in explicitly 
> > specifying the calls.

> Correction - only + is considered as invalid character.

Already in the old format, a file /etc/qubes-rpc/policy/foo+bar+baz
actually specified the policy for a qrexec service named 'foo' called
with one argument 'bar+baz'. 

(Invoking qrexec-client-vm for 'foo+bar+baz' will attempt to execute a
specialized implementation at /etc/qubes-rpc/foo+bar+baz first, or if
that doesn't exist /etc/qubes-rpc/foo for a general implementation.
That is still the same in R4.2.)

In the new policy format this would be written as a line starting with

foo +bar+baz

Note the whitespace before the first '+' character, which makes it a
little bit clearer what's going on.

Rusty
-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEEhLWbz8YrEp/hsG0ERp149HqvKt8FAmXLaSlfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDg0
QjU5QkNGQzYyQjEyOUZFMUIwNkQwNDQ2OUQ3OEY0N0FBRjJBREYACgkQRp149Hqv
Kt+a5g/+OirPpQTa3qsPULMrXFMNqyuuKkohAvFuCoOpBRlJK5KazFju9C9Nnu5b
377A5z/x2SIQldHgTKxDpHhymohr9d63CxCM9iKGMSJECaBWSJA3iSLTjBzp8KUZ
JZ3bTNdbztG6Pd06xNNCj3qpIUEDSV3cxkE4hPf3wpAqrhG3RRtpaJZ0CJ9QTxxX
Cg+IHMo/jalItP5dDCOizF8XZwNxO6sYfXGdVS7PsRIVsoaAJyN+b1/EG0HWfwh4
kqqG5ZMX3vYRkTFOfveWkEKKc4OPOAQ1RvD+CclceneUvPVDn39tUONeL5ptD6cK
Np+T/fMbrrW/0k280RJbaNj8H73SCRzMBG0zl1WrFKzYVAUL8kJi/0tJqJkqRArv
Dg2pT6GqUG0agzLf6tLeVyGYHpJ6OwJAIBJTo54k7+IXpUZltYxPKJbTEXKPfcri
jKCjNIWcMC44xKIFAxrqcdYcPWOBjPAxHFYiMJEq6Go4ufXU8atBdzD/4nzZOZPD
rUUM6NDDyiigcUUw13v9ccERXjwdPE575eUMhXO923Ce7TsUsFrSbA6pASa+BRyJ
4yeb36HMR0opkqhftxjN9QPPMLBGSNmQ+DTq7TZYT75jz8WoAvykBFsQ+FkoFCxN
7fKAbCAdVdRA6329PM/sO2YRKH+r6t7uVpjtJJcR5NFkN/J4mQ0=
=hsTB
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ZctpKVnrYXENkrU3%40mutt.


[qubes-users] Re: question on 'service-name' for the new (R4.2) qrexec policy

2024-02-12 Thread Boryeu Mao
Correction - only + is considered as invalid character.

On Monday, February 12, 2024 at 4:56:27 PM UTC-8 Boryeu Mao wrote:

> For R4.1.2 I had some RPC calls with + and - characters in the file 
> name.  These are considered as invalid characters to be part of service 
> names in the new qrexec policy format (e.g. in 
> /etc/qubes/policy.d/30-user.policy).  Using wild card * works, but I 
> wonder if there is any way to keep these characters in explicitly 
> specifying the calls.  Thank you. 
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5c67e050-3456-4278-a31c-e51f84245934n%40googlegroups.com.