When I try to run qvm-run from within an AppVM, I get "Request refused."
Is this by design, for security reasons? If so, I guess that's perfectly reasonable. I just don't see that fact documented anywhere. (The demonstration of one of the Xen exploits executes a qvm-run of xcalc in dom0 from an compromised AppVM, which kind of implies the fact that such behaviour is normally restricted between AppVM's. If this is indeed the case, it might be useful if certain commands could be configurably whitelisted, from a config file in dom0, to be qvm-run between specific VM's.) Thanks. JJ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/adaab082c9baec5d6fc0897ef0a544fc.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.