Systemd: Let qube shutdown another qube

User Support
1

I have an RPC service qubes.Shutdown, which lets one qube shutdown a different qube.
Like app shuts down app-data, if itself powered off.

My Systemd user service in app looks this:

# ~/.config/systemd/user/shutdown.service
[Unit]
Description=shutdown svc

[Service]
Type=oneshot
RemainAfterExit=true
ExecStop=qrexec-client-vm app-data qubes.Shutdown

[Install]
WantedBy=default.target

… and is auto-started via

systemctl --user enable --now shutdown.service

Now, if I manually stop the service, everything works fine:

systemctl --user stop shutdown.service

But if I just shutdown the qube, shutdown.service gets executed (confirmed by logging to a file), but qrexec-client-vm has no effect!

What environment is needed for qrexec-client-vm to work properly with Systemd?

2

Found it out.
As described in https://groups.google.com/g/qubes-users/c/RogG5rXG_Pw, you need to ensure, qrexec-client-vm is invoked, when qubes-qrexec-agent.service is still active.

Hence add following to shutdown.service (under [Unit] section):

After=qubes-qrexec-agent.service

Also it needs to be a system - not user - service.

1 Like
3

Further update: it kinda works.

I have a keyboard shortcut, that powers off the active qube using qvm-shutdown.
Apparently, qvm-shutdown is different to pressing the X button on the disposable window.

Use keyboard shortcut with app (disposable) => works, app-data powered off
Press X button => does not work

I thought, pressing X would internally just use systemd / qvm-shutdown as well.
Any idea, why these actions have different outcomes?

4

It goes like this:

  1. button asks the application to close the window
  2. Application exits
  3. qubes.StartApp RPC service (which was running the application) exits
  4. qvm-run --dispvm (which was running qubes.StartApp) cleans up the DisposableVM by killing it - like qvm-kill, not qvm-shutdown
1 Like
5

Interesting, thanks!

If I have understood correctly, qvm-kill forcefully shuts down the VM without waiting for Systemd services to have finished, as opposed to qvm-shutdown. That might explain, why it’s not working.

I guess, I’ll then directly change menu entries in dom0 to shutdown other qubes with disposables.