Unhelpful error message when issuing a request to @dispvm but no default DispVM is set

[anon8675309]

Qubes OS version R4.0

Affected component(s) or functionality qvm-open-in-dvm

Brief summary

To Reproduce Steps to reproduce the behavior:

1. In dom0, tail -f /var/log/qubes/qrexec.QUBENAME.log
2. Go to a terminal in QUBENAME and run echo "test" > test.txt
3. In terminal of QUBENAME run qvm-open-in-dvm test.txt
4. See error "Request refused" in Qube
5. See "eintr" in log file in dom0

Expected behavior File is opened in disposable VM.

Actual behavior Error message "Request refused" displayed

Screenshots n/a

Additional context Tested this with a Debian 10 based Qube, as well as a Fedora 30 based qube to make sure it was not a distro-specific issue. qvm-open-in-vm QUBENAME filename works just fine.

Solutions you've tried

1. Tried using a URL (https://google.com) instead of a file
2. Tried adding the --view-only argument
3. Tried qvm-run-vm --dispvm https://google.com

Same error occurred in all cases.

Relevant documentation you've consulted https://www.qubes-os.org/doc/disposablevm/

Related, non-duplicate issues It's unclear if my issue is related to https://github.com/QubesOS/qubes-issues/issues/2896 or not. That one appears to be related to storage pools, not the eintr that I'm seeing, but it's the same "Request refused" error from within the Qube.

[marmarek]

You should get more details about the reason for request refused in journalctl. My guess would be default_dispvm property not set.

[anon8675309]

Indeed, journalctl in dom0 did have more info, it was the default_dispvm not being set, and setting it per the documentation that I linked to (but apparently didn't read closely enough) fixed the issue. It was user error.

Thank you for helping me debug this.

[BetoHydroxyButyrate]

I do not view this as a user error. I have been wondering on and off for years now why this never worked, but because I rarely wanted it to work, never got around to trying to figure out what was what until today. After much googling, I find this defect, which does not spell out clearly what is required. Still requires some work, and yes, now I have it working.

The problem is that this feature should not silently fail to work. If there is no default_dispvm set in dom0, then the feature should loudly indicate the problem and the solution.

For any others who come by this issue the same as I did, you need to issue # qubes-prefs default_dispvm DESIRED-DISP-VM in dom0.

[BetoHydroxyButyrate]

Actually, still fails to work.

qubes.OpenInVM: beto-email -> @dispvm: denied: policy define 'allow' action to @dispvm at /etc/qubes-rpc/policy/qubes.OpenInVM:6 but no DispVM base is set for this VM

The solution is that there was no 'default disposable VM' setting for the VM. Again, this should result in a meaningful error message,not, as is current, a silent failure.

[DemiMarie]

The rejection of the qrexec call is correct, but as @BetoHydroxyButyrate stated the error message is very poor.

[github-actions[bot]]

This issue is being closed because:

• This issue is on the "Release 4.0 updates" milestone.
• Qubes OS 4.0 reached EOL (end-of-life) over one year ago.
• There has not been any activity on this issue in over one year.

If anyone believes that this issue should be reopened and reassigned to an active milestone, please leave a brief comment. (For example, if a bug still affects Qubes OS 4.1, then the comment "Affects 4.1" will suffice.)