Allowing a qube to use itself in a RPC policy


would it be possible to allow a qube to use an RPC in itself? For an easier setup, I’d like my vault qube to use itself in a policy, but I get a message that it’s denied :thinking:

vault vault ask,default_target=vault

Loopback qrexec connections are forbidden because of a Xen limitation:

But maybe you could run the executable in /etc/qubes-rpc/ directly? E.g. instead of

qrexec-client-vm qubename rpcname


QREXEC_REMOTE_DOMAIN=qubename /etc/qubes-rpc/rpcname
1 Like

This was for SSH forwarding, I’ll just adapt to not use itself for the ssh agent, the workaround seems more complicated :+1: