Usable error message: qvm-move-to-vm and qvm-copy-to-vm target dom0

[Jeeppler]

Qubes OS version (e.g., R3.1):

R3.1

Affected TemplateVMs (e.g., fedora-23, if applicable):

all

---

Expected behavior:

Expect an error message like:

[user@qubes-dev qubes-cheatsheet]$ qvm-copy-to-vm dom0 qubes-cheatsheet.pdf
Request refused
[user@qubes-dev qubes-cheatsheet]$ qvm-move-to-vm dom0 qubes-cheatsheet.pdf
Request refused

or

[user@qubes-dev qubes-cheatsheet]$ qvm-copy-to-vm dom0 qubes-cheatsheet.pdf
Not allowed
[user@qubes-dev qubes-cheatsheet]$ qvm-move-to-vm dom0 qubes-cheatsheet.pdf
Not allowed

each with useful qrexec error dialog message.

Actual behavior:

No, useful error message:

[user@qubes-dev qubes-cheatsheet]$ qvm-move-to-vm dom0 qubes-cheatsheet.pdf
EOFt 0/177 KB
[user@qubes-dev qubes-cheatsheet]$ qvm-copy-to-vm dom0 qubes-cheatsheet.pdf
EOFt 0/177 KB

[andrewdavidwong]

Related: #1839, #1324

[jpouellet]

This happens because dom0 has a policy for qubes.Filecopy:

[user@dom0 ~]$ cat /etc/qubes-rpc/policy/qubes.Filecopy 
## Note that policy parsing stops at the first match,
## so adding anything below "$anyvm $anyvm action" line will have no effect

## Please use a single # to start your custom comments

$anyvm  $anyvm  ask

but no actual RPC service (no /etc/qubes-rpc/qubes.Filecopy).

When a VM tries to invoke qubes.Filecopy on dom0, qrexec-policy is consulted as normal:

[user@dom0 bin]$ sudo /usr/local/bin/execsnoop
Tracing exec()s. Ctrl-C to end.
Instrumenting sys_execve
   PID   PPID ARGS
...
  9318   8939 qrexec-policy -- 7 qubes-builder dom0 qubes.Filecopy SOCKET8
  9319   9318    qrexec-policy-9319  [003] d... 10555.510076: execsnoop_sys_execve: (SyS_execve+0x0/0x50)
  9320   9319 /sbin/ldconfig -p

You get a dialog asking to confirm. And if you do, then it tries to run the service:

  9318      0 qrexec-client -d dom0 -c SOCKET8,qubes-builder,7 /usr/lib/qubes/qubes-rpc-multiplexer qubes.Filecopy qubes-builder
  9323   9318 bash -c /usr/lib/qubes/qubes-rpc-multiplexer qubes.Filecopy qubes-builder
  9325   9323 mkfifo /tmp/qrexec-rpc-stderr.9323
  9326   9323 logger -t qubes.Filecopy-qubes-builder -f /tmp/qrexec-rpc-stderr.9323
  9327   9323 rm -f /tmp/qrexec-rpc-stderr.9323
  9323      0 /bin/sh -- /etc/qubes-rpc/qubes.Filecopy

but no such service exists.

One possible solution is to just add:

$anyvm  dom0    deny

to the top of the policy.

Thoughts?

[marmarek]

I think the bug is elsewhere: documentation says dom0 reserved keywords (note string dom0 does not match the $anyvm pattern; all other names do). Apparently this is broken...

[marmarek]

Automated announcement from builder-github

The package qubes-core-dom0-linux-3.2.10-1.fc23 has been pushed to the r3.2 testing repository for dom0. To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-core-dom0-linux-3.1.13-1.fc20 has been pushed to the r3.1 testing repository for dom0. To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update

[marmarek]

Automated announcement from builder-github

The package qubes-core-dom0-linux-3.1.13-1.fc20 has been pushed to the r3.1 stable repository for dom0. To install this update, please use the standard update command:

sudo qubes-dom0-update

Or update dom0 via Qubes Manager.

Changes included in this update

[qubesos-bot]

Automated announcement from builder-github

The package qubes-core-dom0-linux-3.2.11-1.fc23 has been pushed to the r3.2 stable repository for dom0. To install this update, please use the standard update command:

sudo qubes-dom0-update

Or update dom0 via Qubes Manager.

Changes included in this update