|
1 | | -This is directory for qrexec service additional configuration. Configuration |
2 | | -file needs to be named exactly as service. Configuration format is 'key=value' |
3 | | -(without spaces around '='). Lines starting with '#' are ignored. |
| 1 | +This is a directory for additional Qrexec service configuration. |
| 2 | + |
| 3 | +Configuration syntax: |
| 4 | + |
| 5 | +* Configuration file: name must be exactly the same as service. |
| 6 | + |
| 7 | +* Configuration format: key value pair that must be separated by an equal |
| 8 | + sign (=) between the key and the value, while any number of spaces or tabs |
| 9 | + from the key to the equal sign or from the equal sign to the value are |
| 10 | + also supported, e.g. "key=value", "key = value", "key = value". |
| 11 | + |
| 12 | +* Comments: Lines starting with hashtag/octothorpe/pound sign "#" are |
| 13 | + ignored. |
| 14 | + |
| 15 | +* Boolean values: true, false, 0, 1. For backwards compatibility, only the |
| 16 | + option "wait-for-session" accepts the boolean integers 0 and 1, of which |
| 17 | + should not be relied on for future update changes. |
| 18 | + |
| 19 | +* String values: must be enclosed by single quotes ('), escape sequences |
| 20 | + are unsupported, e.g. 'str'. |
4 | 21 |
|
5 | 22 | Supported settings: |
6 | 23 |
|
7 | | -* wait-for-session - wait for full GUI session initialization before starting |
8 | | - the service. This is done using /etc/qubes-rpc/qubes.WaitForSession script. |
9 | | - There is no timeout - if the session is never initialized |
10 | | - (for example because there is no GUI running at all), service will never be |
11 | | - started. |
12 | | - Allowed values are 0 or 1. |
| 24 | +* force-user: |
| 25 | + * Description: Enforce that service should be run by the specified |
| 26 | + username. Useful to set the user at the target qube, which will be |
| 27 | + passed directly to PAM without being interpreted by Qrexec, instead of |
| 28 | + having to modify the policy in dom0. |
| 29 | + * Value type: string |
| 30 | + * Default value: same user as in the policy, else it is 'user'. |
| 31 | + * Example: 'user' |
| 32 | + |
| 33 | +* wait-for-session: |
| 34 | + * Description: Wait for full GUI session initialization before starting |
| 35 | + the service. Implemented by the RPC service qubes.WaitForSession. |
| 36 | + There is no timeout, if the session is never initialized (for example |
| 37 | + because there is no GUI running at all), service will never be |
| 38 | + started. It is possible for the service to be started even if |
| 39 | + qubes.WaitForSession fails, so the service must not depend on setting |
| 40 | + "wait-for-session=true" for security. |
| 41 | + * Value type: boolean |
| 42 | + * Accepted values: true, false, 0, 1. |
| 43 | + * Default value: false |
| 44 | + * Example: wait-for-session=true |
13 | 45 |
|
| 46 | +* skip-service-descriptor: |
| 47 | + * Description: Skip sending service descriptor and go for the actual |
| 48 | + data directly. Useful to skip sending metadata to socket-based |
| 49 | + services, thus the option is valid only for socket services, not |
| 50 | + executables. See https://www.qubes-os.org/doc/qrexec-socket-services/ |
| 51 | + * Value type: boolean |
| 52 | + * Accepted values: true, false. |
| 53 | + * Default value: false |
| 54 | + * Example: skip-service-descriptor=true |
0 commit comments