From 2c01504a50020f82925e7c18a9c53d8967d7acea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Fri, 26 May 2017 05:27:34 +0200 Subject: [PATCH] Add default policy for qubes.UpdatesProxy service QubesOS/qubes-issues#1854 --- Makefile | 1 + qubes-rpc-policy/qubes.UpdatesProxy.policy | 9 +++++++++ rpm_spec/core-dom0.spec | 1 + 3 files changed, 11 insertions(+) create mode 100644 qubes-rpc-policy/qubes.UpdatesProxy.policy diff --git a/Makefile b/Makefile index 29ca0f24..2beb2a21 100644 --- a/Makefile +++ b/Makefile @@ -165,6 +165,7 @@ endif cp qubes-rpc-policy/qubes.NotifyUpdates.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.NotifyUpdates cp qubes-rpc-policy/qubes.OpenInVM.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.OpenInVM cp qubes-rpc-policy/qubes.VMShell.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.VMShell + cp qubes-rpc-policy/qubes.UpdatesProxy.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.UpdatesProxy cp qubes-rpc/qubes.FeaturesRequest $(DESTDIR)/etc/qubes-rpc/ cp qubes-rpc/qubes.GetRandomizedTime $(DESTDIR)/etc/qubes-rpc/ cp qubes-rpc/qubes.NotifyTools $(DESTDIR)/etc/qubes-rpc/ diff --git a/qubes-rpc-policy/qubes.UpdatesProxy.policy b/qubes-rpc-policy/qubes.UpdatesProxy.policy new file mode 100644 index 00000000..21c68c56 --- /dev/null +++ b/qubes-rpc-policy/qubes.UpdatesProxy.policy @@ -0,0 +1,9 @@ +## Note that policy parsing stops at the first match, +## so adding anything below "$anyvm $anyvm action" line will have no effect + +## Please use a single # to start your custom comments + +# Default rule for all TemplateVMs - direct the connection to sys-net +$type:TemplateVM $default allow,target=sys-net + +$anyvm $anyvm deny diff --git a/rpm_spec/core-dom0.spec b/rpm_spec/core-dom0.spec index 3e676ced..27cdcc27 100644 --- a/rpm_spec/core-dom0.spec +++ b/rpm_spec/core-dom0.spec @@ -414,6 +414,7 @@ fi %attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.OpenInVM %attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.OpenURL %attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.VMShell +%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.UpdatesProxy /etc/qubes-rpc/admin.* /etc/qubes-rpc/qubes.FeaturesRequest /etc/qubes-rpc/qubes.GetRandomizedTime