From 5840dd76f909e0e2af85d8c89a0ea51f209a4719 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Tue, 27 Feb 2018 14:26:20 +0100 Subject: [PATCH] Add default policy for qubes.StartApp service Fixes QubesOS/qubes-issues#3044 --- Makefile | 1 + qubes-rpc-policy/qubes.StartApp.policy | 7 +++++++ rpm_spec/core-dom0.spec | 1 + 3 files changed, 9 insertions(+) create mode 100644 qubes-rpc-policy/qubes.StartApp.policy diff --git a/Makefile b/Makefile index 72316fcd..b536c64a 100644 --- a/Makefile +++ b/Makefile @@ -178,6 +178,7 @@ endif cp qubes-rpc-policy/qubes.NotifyTools.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.NotifyTools cp qubes-rpc-policy/qubes.NotifyUpdates.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.NotifyUpdates cp qubes-rpc-policy/qubes.OpenInVM.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.OpenInVM + cp qubes-rpc-policy/qubes.StartApp.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.StartApp cp qubes-rpc-policy/qubes.VMShell.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.VMShell cp qubes-rpc-policy/qubes.UpdatesProxy.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.UpdatesProxy cp qubes-rpc-policy/qubes.GetDate.policy $(DESTDIR)/etc/qubes-rpc/policy/qubes.GetDate diff --git a/qubes-rpc-policy/qubes.StartApp.policy b/qubes-rpc-policy/qubes.StartApp.policy new file mode 100644 index 00000000..41217337 --- /dev/null +++ b/qubes-rpc-policy/qubes.StartApp.policy @@ -0,0 +1,7 @@ +## Note that policy parsing stops at the first match, +## so adding anything below "$anyvm $anyvm action" line will have no effect + +## Please use a single # to start your custom comments + +$anyvm $dispvm allow +$anyvm $anyvm ask diff --git a/rpm_spec/core-dom0.spec b/rpm_spec/core-dom0.spec index de2816d4..c91e35f1 100644 --- a/rpm_spec/core-dom0.spec +++ b/rpm_spec/core-dom0.spec @@ -430,6 +430,7 @@ fi %attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.NotifyUpdates %attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.OpenInVM %attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.OpenURL +%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.StartApp %attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.VMShell %attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.VMRootShell %attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/qubes.UpdatesProxy