Qusal troubleshooting guidelines.
- Detect if your issue was already opened
- Qrexec client shows Request refused
- Salt wrapper qubesctl command fails
- Get Salt management information
If you encounter any problems, search the project's
issue tracking system
for Open
and Closed
issues, sorted by Recently updated
. For finer
grained search, consult the
tracking system filter syntax.
The Qrexec call was denied, either by a missing rule, an explicit deny or a typo in the configuration.
Therefore, it is recommended to:
- Check if there is a rule for the service you want to call that would
either result in
ask
orallow
; and - Check again and again if you made a typo in the policy.
The examples below will use the qube dev
and the RPC service qubes.GetDate
and other common Qrexec RPC services as an example, substitute them with the
qube and service you intend to use, such as qube code
and service
qusal.GitInit
.
On dom0
, watch the Qrexec policy logs:
sudo journalctl -fu qubes-qrexec-policy-daemon | cut -d " " -f 7-
If you ave many simultaneous calls being shown, get on the important ones:
sudo journalctl -fu qubes-qrexec-policy-daemon | cut -d " " -f 7- \
| grep -e qubes.GetDate -e qubes.Filecopy
You can emulate the call from dom0
:
qrexec-policy dev @default qubes.GetDate
On the qube making the call, run the qrexec-client-vm
command directly
rather than using a wrapper around it:
qrexec-client-vm @default qubes.GetDate
The Salt Project has troubleshooting page for a variety of problems you may encounter.
A nice summary of the states can be seen with the --show-output
argument:
// cSpell:disable
sudo qubesctl --show-output state.apply pkg.uptodate
Ending the Salt call with -l debug
argument gives the most detailed output
(may contain private information):
sudo qubesctl state.apply pkg.uptodate -l debug
Depending on the operating system of the management_dispvm
, Salt can fail.
Let's gather some information about it.
Get information about the global management_dispvm
and the same property of
a specific qube. In this example we use tpl-qubes-builder
, substitute for
the qube being managed:
sudo qubesctl state.apply dom0.helpers
qvm-mgmt tpl-qubes-builder