There’s actually two questions here, one to do with the client, the other to do with dom0 when dom0 is the target of the call.
First Question:
On the client (making the qrexec-client-vm
call), of course you name the service and target vm, and then pass it a “client” script whose job it is to echo command line parameters so the system on the other end of the call can read them one by one. (And of course dom0 will check to make sure the call is permitted.)
If I write some utility to run on a domU, this means I have two files, the utility itself as seen by the user (or calling script)–this one makes the qrexec call, and the client file (which I was taught should be in /usr/lib/qubes
). I’d like to know if there is a way to consolidate them. I could, for instance, put both bits of code in the same file, and check (inside the file) whether I am being called by qrexec-client-vm as a client file. So a utility named my_util would look like:
#!/bin/bash
if < not being called by qrexec >; then # This is what I don't know how to do.
#process command line parameters
...
qrexec-client-vm my.service target-vm my_util param1 param2 param3
else
# echo parameters then do that exec that
# redirects output over there back to here.
echo $1
echo $2
echo $3
exec cat >&$SAVED_FD_1
fi
So what’s the test for being called by qrexec? I expect if there’s a way to tell it’s some sort of environment variable that gets set.
Second Question:
For some reason, if I call notify-send
on dom0
in some script being called as the result of a qrexec-client-vm
with dom0
as the target, I have to set my display variable (understandably)…and that is not enough; then the notify-send
call has to be done with sudo -u SteveC
, making sure my username is the account name! (This is in spite of the fact that a whoami
here will show I am already SteveC
–I already tried checking that to see if I could distinguish why the script is being called.) If I don’t do that sudo
call, the notify-send
call hangs for a couple of minutes before notify-send
throws an error.
If i run that same script from the command line on dom0
none of this is necessary. I can understand the bit about the display variable; if being called from some other system it would need to be set. But for the bit about having to sudo
, 1) why is this and 2) is there a good way to put code in the script to check to see whether it’s being called because of a qrexec
call, or not?