What is xen_privcmd.unrestricted?

ledOnion · May 30, 2026, 9:09am

Lately, in the GRUB menu, when I was checking the parameters of Qubes boot option, I found this strange new parameter that I’m sure wasn’t there before.

What is xen_privcmd.unrestricted?
Why did it get there when it wasn’t there before?
Should I remove it?
If so, how do I remove it safely without bricking the OS?

Thanks.

parulin · May 30, 2026, 9:59am

parulin · May 30, 2026, 10:02am

You can edit the grub options temporary, just before booting to test it.

ledOnion · May 30, 2026, 10:10am

I did and it seems to be working fine. Now how do I remove it permanently?

unman · May 30, 2026, 10:31am

Edit /etc/default/grub
Rebuild grub options -
BIOS - grub2-mkconfig -o /boot/grub2/grub.cfg
UEFI - grub2-mkconfig -o /boot/efi/EFI/qubes/grub.cfg

I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.

ledOnion · May 30, 2026, 10:36am

Here’s the thing. I did check /etc/default/grub but, for some reason, xen_privcmd.unrestricted isn’t there.

But I did find it in /etc/default/grub.qubes-kernel-vm-support and there I see it.

# (currently) required for vchan
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX xen_privcmd.unrestricted"
GRUB_ENABLE_BLSCFG=false

ledOnion · May 30, 2026, 10:54am

So should I remove that here? Is says it’s required for vchan, whatever that is.
I wanted to check first in case doing so might brick my system.

ellie_zh · May 30, 2026, 11:17am

I noticed this as well while checking how to lower dom0 RAM.

“Vchan in Qubes OS is a low-level inter-domain communication protocol used to stream data between virtual machines on a Xen host without locks. It is implemented via shared memory rings and event channels for signaling, enabling efficient, isolated data transfer between qubes.”

but I’d also like to hear experts if it is necessary or not

unman · May 30, 2026, 11:19am

I should have paid more attention. It’s a qube kernel parameter.
Why do you want to remove this? I mean, do you have a good reason?
If you do, you wont be able to use inter-qube communication and your qubes may not boot.

I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.

ledOnion · May 30, 2026, 3:50pm

Because it wasn’t in the OS’s boot parameters before and just showed up out of nowhere and that article said it increases the attack surface.

todox · May 31, 2026, 12:18am

Here is the recently added commit Enable xen_privcmd.unrestricted for inter-vm communication to work by marmarek · Pull Request #138 · QubesOS/qubes-linux-utils · GitHub

Issue Arch Linux VMs with 6.19.10 in-VM kernel fail to boot due to xen_privcmd lockdown · Issue #10819 · QubesOS/qubes-issues · GitHub

ledOnion · May 31, 2026, 8:22am

I think I realized why that parameter was suddenly added. I ran a system update and that must’ve been what added it.