Re: [qubes-users] 'locking' a vm possible? (to prevent accidental shutdown)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Rusty Bird: > Boryeu Mao: > > An attempt to shutdown `sys-firewall` in `Qube Manager` receive a warning > > about running processes in the qube; similarly on command line > > `qvm-shutdown sys-firewall` fails with an error. Is it possible to > > designate an appVM to behave similarly so it won't get shutdown > > accidentally? > > Not as a user-facing feature AFAIK. But you could use the qubes.ext > Python entry point > > https://github.com/QubesOS/qubes-core-admin/blob/v4.2.21/qubes/ext/__init__.py#L57-L59 > > to add another "domain-pre-shutdown" event handler like this one > (yours could e.g. check if the VM has a certain tag): > > https://github.com/QubesOS/qubes-core-admin/blob/v4.2.21/qubes/ext/audio.py#L65-L75 Sorry, that second link should have been: https://github.com/QubesOS/qubes-core-admin/blob/v4.2.21/qubes/ext/audio.py#L31-L38 Rusty -BEGIN PGP SIGNATURE- iQKTBAEBCAB9FiEEhLWbz8YrEp/hsG0ERp149HqvKt8FAmYdQPRfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDg0 QjU5QkNGQzYyQjEyOUZFMUIwNkQwNDQ2OUQ3OEY0N0FBRjJBREYACgkQRp149Hqv Kt9fGw/+JHmmCw+Ly/YXJ5uYJknlH/Z8hpViEwPnIGuuz7dkiHYa53BeKg+ub035 EOt0Z2ir8NuhHGXdN77A4j1PA6gXypEBme3sxDoP0uHv1Tc3GSAgbR4NzF0qucxy EQisGL7LAw05raT5vFv8eWsHwfR1OHAupXZKJzHfjX3CBUce51K2N/eyPiuoX4es m/1lpLmLWJgXAk2MgvwNop4coRiexLuXGWYpeG+64SrDmB0oJhFZ+8rhUig5UZ41 ImpkZl+cbFIxVL+j0tcWLlaDt8yTIJzR2lw0afOvHZcqNHlNo2OPSm4HiMfrThVP 9oAAU5fvTLQtnVJ0Qw49/wm6nr2IFuR3J3Zkz4PA0jVzxuXL6OGzjLuJuFlj01Sj qxK3oU9dsN2cXCkp0k8gq39UAyHZwaeViFnAxKNm/U/ykRlFhLiloTF3ZvJYl7Vv 1N54BKKY5RjjtVsBgbDfKVcfSR4UwNt6v2PECfp+l7SpJb4XFiCNb9AoU2UoPQjj icOPXw8r7AAMZdm+ANuMhTivGIi+7HR4MQ4xKRmD1bJ1qhQPGyuq+6loYJQQX+r4 1evr5+hCbQjapWN5IA7mRSgzaUEPC0Yrc5Ttirw81dbuCIPyv+B2c8LwQDvcorIR A5EhArjwq1nY1N1ArMUKVf5+ONcIu7K56fjnMxyZXer3zExcYyA= =mP8j -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/Zh1A9DYFnKTnQt_z%40mutt.
Re: [qubes-users] 'locking' a vm possible? (to prevent accidental shutdown)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Boryeu Mao: > An attempt to shutdown `sys-firewall` in `Qube Manager` receive a warning > about running processes in the qube; similarly on command line > `qvm-shutdown sys-firewall` fails with an error. Is it possible to > designate an appVM to behave similarly so it won't get shutdown > accidentally? Not as a user-facing feature AFAIK. But you could use the qubes.ext Python entry point https://github.com/QubesOS/qubes-core-admin/blob/v4.2.21/qubes/ext/__init__.py#L57-L59 to add another "domain-pre-shutdown" event handler like this one (yours could e.g. check if the VM has a certain tag): https://github.com/QubesOS/qubes-core-admin/blob/v4.2.21/qubes/ext/audio.py#L65-L75 Rusty -BEGIN PGP SIGNATURE- iQKTBAEBCAB9FiEEhLWbz8YrEp/hsG0ERp149HqvKt8FAmYdP79fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDg0 QjU5QkNGQzYyQjEyOUZFMUIwNkQwNDQ2OUQ3OEY0N0FBRjJBREYACgkQRp149Hqv Kt/s0A//d0ks6I+il3Y/rnG5IINmEUMC8yKdTQM9E/xQQZlqSZOUHh4OSkdZB6ON N/Iv1skUvVRuUxF8kFJ9M88FYH8X+fZsWr9ZQ18xPk+oQuQBarWTgT+TeprGj8CX WSG1dfzyFs/m5DuE4M0xvzV9efIyfA80hRl/5VwLYLscMas2Dkvfcc8yWcdDkoY7 zKcI9jZzkUPfA5gAp92NWH10kYBdWlMYiqRLW22OT+Xe/dkohs/a80B1smKRZf7D K9sF4CXauJxqxV8m+wMO8yma1jBEBoijkPZxf3m/z4SNl+cfcvLRvy+zV41dsTca nkfvP2LflDWCpJFsdK77GQPGvx7ojX09ExAXu56kZJiQAn+rWFcX8edI+E+RQ0Z/ UMZ9a8Juj3s/myNEGr+MrhrdQ5qvUEafCOVBpLJG65xAw0B7eAAqG/vbboucaaVy pQMFcYCyPxMzlMZQz82JHpzGiVscislC8naMYFneM9jsSL2K9D+P99tlHIziKt9w dwUwvbuUOJtaZm94YMIbJkUaSK9BDInx49LAlzA5pAtRX4CMHY2YzYkLEUis2oAe Ynj620eSnEwmPPa4sS97T+dnuO94S32UZrDLzYu7FZn4Rm5Gp6vq5pgbxXqkp8id BdRn5dzQI6l4fijl+6FgfMTSZzVBNr7svjuGY8D0v3OfbywnT9Y= =3CXB -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/Zh0_v3dVrNYbjzcT%40mutt.
Re: [qubes-users] Re: question on 'service-name' for the new (R4.2) qrexec policy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Boryeu Mao: > > For R4.1.2 I had some RPC calls with + and - characters in the file > > name. These are considered as invalid characters to be part of service > > names in the new qrexec policy format (e.g. in > > /etc/qubes/policy.d/30-user.policy). Using wild card * works, but I > > wonder if there is any way to keep these characters in explicitly > > specifying the calls. > Correction - only + is considered as invalid character. Already in the old format, a file /etc/qubes-rpc/policy/foo+bar+baz actually specified the policy for a qrexec service named 'foo' called with one argument 'bar+baz'. (Invoking qrexec-client-vm for 'foo+bar+baz' will attempt to execute a specialized implementation at /etc/qubes-rpc/foo+bar+baz first, or if that doesn't exist /etc/qubes-rpc/foo for a general implementation. That is still the same in R4.2.) In the new policy format this would be written as a line starting with foo +bar+baz Note the whitespace before the first '+' character, which makes it a little bit clearer what's going on. Rusty -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEEhLWbz8YrEp/hsG0ERp149HqvKt8FAmXLaSlfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDg0 QjU5QkNGQzYyQjEyOUZFMUIwNkQwNDQ2OUQ3OEY0N0FBRjJBREYACgkQRp149Hqv Kt+a5g/+OirPpQTa3qsPULMrXFMNqyuuKkohAvFuCoOpBRlJK5KazFju9C9Nnu5b 377A5z/x2SIQldHgTKxDpHhymohr9d63CxCM9iKGMSJECaBWSJA3iSLTjBzp8KUZ JZ3bTNdbztG6Pd06xNNCj3qpIUEDSV3cxkE4hPf3wpAqrhG3RRtpaJZ0CJ9QTxxX Cg+IHMo/jalItP5dDCOizF8XZwNxO6sYfXGdVS7PsRIVsoaAJyN+b1/EG0HWfwh4 kqqG5ZMX3vYRkTFOfveWkEKKc4OPOAQ1RvD+CclceneUvPVDn39tUONeL5ptD6cK Np+T/fMbrrW/0k280RJbaNj8H73SCRzMBG0zl1WrFKzYVAUL8kJi/0tJqJkqRArv Dg2pT6GqUG0agzLf6tLeVyGYHpJ6OwJAIBJTo54k7+IXpUZltYxPKJbTEXKPfcri jKCjNIWcMC44xKIFAxrqcdYcPWOBjPAxHFYiMJEq6Go4ufXU8atBdzD/4nzZOZPD rUUM6NDDyiigcUUw13v9ccERXjwdPE575eUMhXO923Ce7TsUsFrSbA6pASa+BRyJ 4yeb36HMR0opkqhftxjN9QPPMLBGSNmQ+DTq7TZYT75jz8WoAvykBFsQ+FkoFCxN 7fKAbCAdVdRA6329PM/sO2YRKH+r6t7uVpjtJJcR5NFkN/J4mQ0= =hsTB -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ZctpKVnrYXENkrU3%40mutt.
