suzanne.soy/qubes-doc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Make separation of internals section more pronounced

Browse Source 
QubesOS/qubes-issues#1392
This commit is contained in:
Axon 2015-11-09 00:57:16 +00:00
parent bffa21f613
commit b92bedd312
No known key found for this signature in database
GPG Key ID: 8CE137352A019A17
2 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
developers/services/qrexec2.md
View File

@ -229,7 +229,7 @@ top of qrexec. Care should be taken, however, to consider potential attack
surfaces that are exposed to untrusted or less trusted VMs in that case. surfaces that are exposed to untrusted or less trusted VMs in that case.
## Qubes RPC internals ## # Qubes RPC internals #
(*This is about the implementation of qrexec v2. For the implementation of (*This is about the implementation of qrexec v2. For the implementation of
qrexec v3, see [here](/doc/qrexec3/#qubes-rpc-internals). Note that the user qrexec v3, see [here](/doc/qrexec3/#qubes-rpc-internals). Note that the user
@ -237,7 +237,7 @@ API in v3 is backward compatible: qrexec apps written for Qubes R2 should
run without modification on Qubes R3.*) run without modification on Qubes R3.*)
### Dom0 tools implementation ### ## Dom0 tools implementation ##
Players: Players:
@ -251,7 +251,7 @@ Players:
**Note:** None of the above tools are designed to be used by users. **Note:** None of the above tools are designed to be used by users.
### Linux VMs implementation ### ## Linux VMs implementation ##
Players: Players:
@ -265,7 +265,7 @@ Players:
users. `qrexec-client-vm` is designed to be wrapped up by Qubes apps. users. `qrexec-client-vm` is designed to be wrapped up by Qubes apps.
### Windows VMs implemention ### ## Windows VMs implemention ##
`%QUBES_DIR%` is the installation path (`c:\Program Files\Invisible Things `%QUBES_DIR%` is the installation path (`c:\Program Files\Invisible Things
Lab\Qubes OS Windows Tools` by default). Lab\Qubes OS Windows Tools` by default).
@ -282,7 +282,7 @@ Lab\Qubes OS Windows Tools` by default).
users. `qrexec-client-vm` is designed to be wrapped up by Qubes apps. users. `qrexec-client-vm` is designed to be wrapped up by Qubes apps.
### All the pieces together at work ### ## All the pieces together at work ##
**Note:** This section is not needed to use qrexec for writing Qubes **Note:** This section is not needed to use qrexec for writing Qubes
apps. Also note the [qrexec framework implemention in Qubes R3](/doc/qrexec3/) apps. Also note the [qrexec framework implemention in Qubes R3](/doc/qrexec3/)

12
developers/services/qrexec3.md
View File

@ -203,7 +203,7 @@ and we should get "3" as answer, after dom0 allows it.
[blog post](http://theinvisiblethings.blogspot.com/2013/02/converting-untrusted-pdfs-into-trusted.html). [blog post](http://theinvisiblethings.blogspot.com/2013/02/converting-untrusted-pdfs-into-trusted.html).
## Qubes RPC internals ## # Qubes RPC internals #
(*This is about the implementation of qrexec v3. For the implementation of (*This is about the implementation of qrexec v3. For the implementation of
qrexec v2, see [here](/doc/qrexec2/#qubes-rpc-internals).*) qrexec v2, see [here](/doc/qrexec2/#qubes-rpc-internals).*)
@ -214,7 +214,7 @@ residing in the same domain use pipes as the underlying transport medium,
while components in separate domains use vchan link. while components in separate domains use vchan link.
### Dom0 tools implementation ### ## Dom0 tools implementation ##
* `/usr/lib/qubes/qrexec-daemon`: One instance is required for every active * `/usr/lib/qubes/qrexec-daemon`: One instance is required for every active
domain. Responsible for: domain. Responsible for:
@ -248,7 +248,7 @@ while components in separate domains use vchan link.
**Note:** None of the above tools are designed to be used by users directly. **Note:** None of the above tools are designed to be used by users directly.
### VM tools implementation ### ## VM tools implementation ##
* `qrexec-agent`: One instance runs in each active domain. Responsible for: * `qrexec-agent`: One instance runs in each active domain. Responsible for:
* Handling service requests from `qrexec-client-vm` and passing them to * Handling service requests from `qrexec-client-vm` and passing them to
@ -265,7 +265,7 @@ while components in separate domains use vchan link.
are connected to the remote service endpoint. are connected to the remote service endpoint.
### Qrexec protocol details ### ## Qrexec protocol details ##
Qrexec protocol is message-based. All messages share a common header followed Qrexec protocol is message-based. All messages share a common header followed
by an optional data packet. by an optional data packet.
@ -292,7 +292,7 @@ same domain?*)
Details of all possible use cases and the messages involved are described below. Details of all possible use cases and the messages involved are described below.
#### dom0: request execution of `some_command` in domX and pass stdin/stdout #### ### dom0: request execution of `some_command` in domX and pass stdin/stdout ###
- **dom0**: `qrexec-client` is invoked in **dom0** as follows: - **dom0**: `qrexec-client` is invoked in **dom0** as follows:
@ -358,7 +358,7 @@ associated input/output pipe.
(**int**). `qrexec-agent` then disconnects from the data vchan. (**int**). `qrexec-agent` then disconnects from the data vchan.
#### domY: invoke execution of qubes service `qubes.SomeRpc` in domX and pass stdin/stdout #### ### domY: invoke execution of qubes service `qubes.SomeRpc` in domX and pass stdin/stdout ###
- **domY**: `qrexec-client-vm` is invoked as follows: - **domY**: `qrexec-client-vm` is invoked as follows: