How to start app in new qube with additional restrictions?


I’m would like to launch an app in an new disposable vm from another vm but with additional restrictions.

I am able to launch Thunderbird in a new vm with the following command:

qrexec-client-vm @dispvm qubes.StartApp+thunderbird

With the command, it appears the stdout of the remote program is forwarded to the calling vm. However, I would not like a trusted calling vm to receive anything back from a untrusted vm.

Question: Is there a way to prevent info from coming back?

I also don’t really need the calling vm to wait until the remote program exits. It is fine for me to have a simple signal to start the app.

Some partial work arounds I’ve tried:

  • I see qrexec-client-vm has --filter-escape-chars-stdout, which may be helpful but does not solve the issue.
  • On the target vm, I could redirect output away (&>/dev/null) but this relies on the untrusted vm to behave. I am looking for something on the caller side.

Thank you community!