Hello,
I have a bash script in one vm, and I want sys-gui to be able to run it.
How and where to configure the policy, so that it is able to only run the
script and nothing else.
Also, the wallpaper image in sys-gui does not want to be changed. Is
there a way to fix this?
qvm-run-vm can’t be set up narrowly, it’s all-or-nothing code execution.
But you can put your script in /usr/local/etc/qubes-rpc/ (as a symlink if you like), set a policy (e.g. add the line yourscript + sys-gui yourvm allow to /etc/qubes/policy.d/30-user.policy in dom0), and then use qrexec-client-vm yourvm yourscript directly instead of qvm-run-vm. (If you need to pass one arbitrary argument to yourscript: Use * instead of + in the policy line, and yourscript+yourargument instead of yourscript in the qrexec-client-vm command.)
Thank you, it works.