Containers tags/attributes

[marmarek]

Reported by joanna on 2 Jun 2014 12:45 UTC
See:

https://groups.google.com/forum/#!topic/qubes-devel/qzM5QRE8Ua8

I don't like the idea with using the VM type as a policy parameter,
because it is not meant to reflect the "security/trust level" of the
VM in question. We have a special property in Qubes that is specifically
allocated for this purpose and this is the VM color label.

So, I like the idea of using the vm names and labels (as Marek wrote
above) in the policy definitions, but not vm types.

The regexp-based rules (but only expanding to vm names, not labels!)
might be a good idea, although I'm worrying a bit that they might easily
lead to situations when the user shoots themselves in the foot, simply
because the regexp is to be expanded differently than the user expect, a
popular problem with advanced regexp usage (Happens to me all the time
when I use grep or sed ;) So this really would need to be "simple" regexp...

I'm thinking whether vm name and label will be "enough for everybody" or
should we consider introduction of also additional properties to VMs?
Perhaps user definable properties? E.g.:

qvm-prefs work -s corporate
qvm-prefs accounting -s corporate

And then in the policy (e.g. qubes.ClipboardPaste):

$property:corporate $property:corporate allow
$property:corporate $anyvm deny

joanna.

Migrated-From: https://wiki.qubes-os.org/ticket/865

[Rudd-O]

It's certainly time to evolve past colors and into labels. Of course, each label can have a color / stipple pattern associated with it (by default we just pick one that hasn't been used before), but the color itself is a bad mnemonic for what the security properties of the VM ought to be.

[marmarek]

Actually, in the current shape of Qubes 4.0 it is already possible to assign tags to VMs. The missing part is have them used somewhere (for example qrexec policy as described above).

[marmarek]

Done