Running a command in Dom0 from DomU

Is it possible to use qrexec-client-vm to target dom0? I have set up a policy like this:
my.Service * myqube dom0 ask

But it doesn’t run the script in dom0, instead it sends the output to the myqube. I am reading the documentation but fail to see how to target dom0.

I understand the security concern, it is not possible to do what I am trying to do without running the script in dom0. You do not need to explain why it could be dangerous.

Yes, that’s possible. Can you be more specific about what you’re trying to do in dom0 from this script (or share it if you’d like)? The output will be redirected to the qube that initiated the request, but the command itself should still be executed inside dom0.

You are correct. I changed it out to touch /home/user/file and it runs as expected. During my previous testing I was running /usr/bin/notify-send "test" and this does not create a notification. Even now, after I’ve confirmed that my previous configuration worked by changing the command.

I believe problem solved, except the notification mystery.

You have to specify the display for it to work. Add the following before the notify-send command and you should be able to see it:

export DISPLAY=:0
/usr/bin/notify-send "test"
1 Like

Thanks, that works too now, although I was initially just using it for testing to see that it would run in dom0.

1 Like