For R4.1.2 I had some RPC calls with + and - characters in the file name. These are considered as invalid characters to be part of service names in the new qrexec policy format (e.g. in /etc/qubes/policy.d/30-user.policy). Using wild card * works, but I wonder if there is any way to keep these characters in explicitly specifying the calls. Thank you.
Correction - only + is considered as invalid character.
Boryeu Mao:
> For R4.1.2 I had some RPC calls with + and - characters in the file
> name. These are considered as invalid characters to be part of service
> names in the new qrexec policy format (e.g. in
> /etc/qubes/policy.d/30-user.policy). Using wild card * works, but I
> wonder if there is any way to keep these characters in explicitly
> specifying the calls.
Correction - only + is considered as invalid character.
Already in the old format, a file /etc/qubes-rpc/policy/foo+bar+baz
actually specified the policy for a qrexec service named 'foo' called
with one argument 'bar+baz'.
(Invoking qrexec-client-vm for 'foo+bar+baz' will attempt to execute a
specialized implementation at /etc/qubes-rpc/foo+bar+baz first, or if
that doesn't exist /etc/qubes-rpc/foo for a general implementation.
That is still the same in R4.2.)
In the new policy format this would be written as a line starting with
foo +bar+baz
Note the whitespace before the first '+' character, which makes it a
little bit clearer what's going on.
Rusty
1 Like
Thanks very much – the details helped a lot.
Case closed.