Core3 policy #97
Merged
Core3 policy #97
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This will not work in qubesd, where there is one and only Qubes() instance.
Speciffy whether DispVM can be created from this AppVM Fixes QubesOS/qubes-issues#2075
This is rewritten version of core-admin-linux/qrexec/qrexec-policy. It's placed outside of `qubes` module on purpose - to avoid imporing it, which require a lot of time. QubesOS/qubes-issues#865 QubesOS/qubes-issues#910
This is the tool called by qrexec-daemon.
This socket (and commands) are not exposed to untrusted input, so no need to extensive sanitization. Also, there is no need to provide a stable API here, as those methods are used internally only. QubesOS/qubes-issues#853
Import unmodified implementation done by @boring-stuff. Full history for reference is available in rpc-confirmation-window branch. QubesOS/qubes-issues#910
dict.keys() is not indexable. QubesOS/qubes-issues#910
'gnome-foot' icon is not present in Adwaita theme. QubesOS/qubes-issues#910
This is more canonical way for accessing data files. QubesOS/qubes-issues#910
- drop qid usage - it isn't really needed, especially for to-be-created DispVMs - use "domains_info" dict as input, instead of loading qubes.xml directly - nicely format "Disposable VM" entries - simplify whitelist/blacklist handling - since qrexecpolicy always provide a list of allowed choices, use just that Important note: there are two names concepts: 1. Display name - name of VM, or in case of to-be-created DispVMs - a string "Disposable VM (name-of-base-vm)" 2. API name - as in qrexec policy - $dispvm:name-of-base-vm for new DispVMs Externally at API level (allowed targets list, return value), API name is used, but internally VMListModeler._entries is still indexed with display names. This is done for more efficient (and readable) GUI handling - because most of the time it's searched for what user have entered. QubesOS/qubes-issues#910
…bject This way it will work independently from where qrexec-policy tool will be called (in most cases - from a system service, as root). This is also very similar architecture to what we'll need when moving to GUI domain - there GUI part will also be separated from policy evaluation logic. QubesOS/qubes-issues#910
This include refactoring out one-function-class GtkIconGetter. QubesOS/qubes-issues#910
The environment there is way too old. QubesOS/qubes-issues#910
|
Is dom0 communicating with the adminvm/guivm over dbus something we want? Seems kind-of hypocritical to complain about OpenXT doing that and then do it ourselves. Yes, an adminvm/guivm must be somewhat trusted regardless, but if I understand correctly the implications of QubesOS/qubes-issues#867 (comment), it seems we still have a reason to want to protect the integrity of dom0 from the adminvm/guivm (otherwise "you can do whatever to your own appvms, but policy is still enforced on these specific ones" can not be implemented in meaningfully secure way). |
No, in 4.0 GUI is still in dom0. And this is similarly simple than setting |
New pylint throw some more warnings.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Implementation of QubesOS/qubes-issues#910
This does not fully work, but because of problems unrelated to this PR - VM startup fails. And I don't want to mix too many unrelated changes in one pull request.
TODO: modify qrexec-daemon to really use new qrexec-policy (now in /usr/bin/qrexec-policy, instead of /usr/lib/qubes/qrexec-policy).
/cc @woju