Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document /run/qubes/policy.d/ #1427

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Document /run/qubes/policy.d/ #1427

wants to merge 1 commit into from

Conversation

DemiMarie
Copy link
Contributor

Useful for users of the feature.

@DemiMarie DemiMarie mentioned this pull request Sep 15, 2024
Merged
ben-grande
ben-grande approved these changes Sep 25, 2024
View reviewed changes
Copy link
Contributor

@ben-grande ben-grande left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some nitpicks, not blockers.

Code PR was merged recently.

developer/services/qrexec.md Outdated
@@ -112,6 +113,10 @@ In the target VM, a file in either of the following locations must exist, contai
- `/etc/qubes-rpc/RPC_ACTION_NAME` when you make it in the template qube;
- `/usr/local/etc/qubes-rpc/RPC_ACTION_NAME` for making it only in an app qube.

Files in `/run/qubes/policy.d/` are deleted when the system is rebooted.
This is useful for temporary policy that contains the name or UUID of a disposable VM, which will not be meaningful after the system has rebooted.
Such policy files can be created manually, but they are usually created automatically by a qrexec call to dom0.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Qrexec should be capitalized as it refers to the protocol and not to program (e.g. qrexec-client-vm).

developer/services/qrexec.md
@@ -86,11 +86,12 @@ Disposable VMs are tightly integrated -- RPC to a DisposableVM is identical to R

### Policy files

The dom0 directory `/etc/qubes/policy.d/` contains files that set policy for each available RPC action that a VM might call.
The dom0 directories `/etc/qubes/policy.d/` and `/run/qubes/policy.d/` contain files that set policy for each available RPC action that a VM might call.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/VM/qube/, but then there are other places on this file to change it.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is out of scope. Qrexec still uses the VM terminology in various user-facing places.

@rapenne-s
Copy link
Contributor

@DemiMarie would you have some time to address the few points reported in the review?

@DemiMarie
Copy link
Contributor Author

@rapenne-s yes

@DemiMarie DemiMarie force-pushed the multiple-policy-dirs branch from d089db6 to 311ca64 Compare January 23, 2025 05:48
@DemiMarie
Document /run/qubes/policy.d/
0078549 
Useful for users of the feature.
@DemiMarie DemiMarie requested a review from ben-grande January 23, 2025 06:41
@DemiMarie DemiMarie force-pushed the multiple-policy-dirs branch from 311ca64 to 0078549 Compare January 23, 2025 06:41
ben-grande
ben-grande approved these changes Jan 23, 2025
View reviewed changes
Copy link
Contributor

@ben-grande ben-grande left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good: 0078549

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ben-grande ben-grande ben-grande approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@DemiMarie @rapenne-s @ben-grande