Hello.
I’m running into trouble with the buskill “dead‑man switch” configuration.
It worked without issues on R4.2, but after upgrading to 4.3 I’m encountering problems that I believe are tied to the qrexec policy. The buskill documentation instructs us to create trigger scripts in /etc/qubes-rpc/ For example, we create /etc/qubes-rpc/buskill.softShutdown containing the sudo shutdown -h now command. While executing this script manually succeeds, a call from sys-usb via qrexec returns an error code 125 in journalctl. According to the guide, policy files should reside in /etc/qubes-rpc/policy/; for example /etc/qubes-rpc policy/buskill.lock, which simply contains sys-usb dom0 allow. I suspect that the issue may stem from an incorrect policy file location or a syntax error. I’ve also seen other forum posts reporting that older qrexec‑policy configurations stopped working after the update, which is why I think the issue might be related. Buskill on the QubesOS guide: https://www.buskill.in/qubes-os
The scripts in /etc/qubes-rpc need to be proper scripts, with executable bit set (chmod 0755) and proper shebang (#!/bin/sh for example).
2 Likes
Thanks! So easy fix