Hi,
i’m trying for first time RPC + QREXEC, but not works. when i do command “qrexec-client-vm vault restic.Password” from targetvm (vault-backup-restic) nothing happen, no error, nothing.
I followed the steps below. is there something wrong?
Is it right to put rcp script into “/rw/config/qubes-rpc”? qubes copy it automatically to etc at startup?
thank you
-
Into the AppVM vault (offline):
a. Create file that contains Restic password:
sudo nano /rw/config/restic-pass
herewritesecretpassword
sudo chmod 600 /rw/config/restic-pass
b. Create script RPC that reads the password file:
sudo mkdir -p /rw/config/qubes-rpc
sudo nano /rw/config/qubes-rpc/restic.Password
Inside:
#!/bin/sh
exec sudo /bin/cat /rw/config/restic-pass
c. Make script executable:
sudo chmod 755 /rw/config/qubes-rpc/restic.Password
d. Test:
sudo cat /rw/config/restic-pass
deve stampare esattamente la tua password segreta
sudo /rw/config/qubes-rpc/restic.Password
deve stampare la stessa password tramite lo script RPC.
-
Into Dom0:
e. Define the policy:
sudo nano /etc/qubes/policy.d/30-restic-password.policy Inside: restic.Password + vault-backup-restic vault allow restic.Password + @anyvm @anyvm denyf. Test if policy works. If its works, output will be “Allowed”.
qrexec-policy-exec vault-backup-restic vault restic.Password+ -
Into AppVM vault-backup-restic(offline):
f. Test if policy works. If its works, output will be the restic-pass.
qrexec-client-vm vault restic.Password