From e73320533f940bc85f85eddb41811209d8b0786d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Sun, 15 Sep 2019 03:32:53 +0200 Subject: [PATCH] Add policy for paranoid mode backup restore Policy allows a VM with 'backup-restore-mgmt' tag to create VMs, and then manage VMs with 'backup-restore-in-progress' tag (which is added by AdminExtension, based on 'tag-created-vm-with' feature). VM with 'backup-restore-mgmt' tag can also call qubes.RestoreById service to a VM with 'backup-restore-storage' tag. This service allows to retrieve backup archive. QubesOS/qubes-issues#5310 --- Makefile | 2 ++ .../85-admin-backup-restore.policy | 26 +++++++++++++++++++ rpm_spec/core-dom0.spec.in | 1 + 3 files changed, 29 insertions(+) create mode 100644 qubes-rpc-policy/85-admin-backup-restore.policy diff --git a/Makefile b/Makefile index 8e4d77af..92a4aac6 100644 --- a/Makefile +++ b/Makefile @@ -174,6 +174,8 @@ endif mkdir -p $(DESTDIR)/usr/libexec/qubes install -m 0644 qubes-rpc-policy/90-default.policy \ $(DESTDIR)/etc/qubes/policy.d/90-default.policy + install -m 0644 qubes-rpc-policy/85-admin-backup-restore.policy \ + $(DESTDIR)/etc/qubes/policy.d/85-admin-backup-restore.policy cp qubes-rpc/qubes.FeaturesRequest $(DESTDIR)/etc/qubes-rpc/ cp qubes-rpc/qubes.GetDate $(DESTDIR)/etc/qubes-rpc/ cp qubes-rpc/qubes.GetRandomizedTime $(DESTDIR)/etc/qubes-rpc/ diff --git a/qubes-rpc-policy/85-admin-backup-restore.policy b/qubes-rpc-policy/85-admin-backup-restore.policy new file mode 100644 index 00000000..3ef1447f --- /dev/null +++ b/qubes-rpc-policy/85-admin-backup-restore.policy @@ -0,0 +1,26 @@ +## File format: +## service-name|* +argument|* source destination action [options] + +## Allow selected DisposableVM perform "paranoid backup restore" +admin.vm.Create.AppVM * @tag:backup-restore-mgmt dom0 allow target=dom0 +admin.vm.Create.StandaloneVM * @tag:backup-restore-mgmt dom0 allow target=dom0 +admin.vm.Create.TemplateVM * @tag:backup-restore-mgmt dom0 allow target=dom0 +admin.vm.List * @tag:backup-restore-mgmt dom0 allow target=dom0 +## Allow checking some basic info about all the VMs, to propose conflicts resolution +admin.vm.List * @tag:backup-restore-mgmt @anyvm allow target=dom0 +admin.vm.property.Get +provides_network @tag:backup-restore-mgmt @anyvm allow target=dom0 +admin.vm.property.Get +template_for_dispvms @tag:backup-restore-mgmt @anyvm allow target=dom0 + +## Allow it to configure just created qubes +admin.vm.feature.Set * @tag:backup-restore-mgmt @tag:backup-restore-in-progress allow target=dom0 +admin.vm.firewall.Set * @tag:backup-restore-mgmt @tag:backup-restore-in-progress allow target=dom0 +admin.vm.property.Set * @tag:backup-restore-mgmt @tag:backup-restore-in-progress allow target=dom0 +admin.vm.tag.Set * @tag:backup-restore-mgmt @tag:backup-restore-in-progress allow target=dom0 +admin.vm.volume.Import * @tag:backup-restore-mgmt @tag:backup-restore-in-progress allow target=dom0 +admin.vm.volume.Info * @tag:backup-restore-mgmt @tag:backup-restore-in-progress allow target=dom0 +admin.vm.volume.List * @tag:backup-restore-mgmt @tag:backup-restore-in-progress allow target=dom0 +admin.vm.volume.Set.revisions_to_keep * @tag:backup-restore-mgmt @tag:backup-restore-in-progress allow target=dom0 + +## And finally, allow it to retrieve the actual backup +qubes.RestoreById * @tag:backup-restore-mgmt @tag:backup-restore-storage allow + diff --git a/rpm_spec/core-dom0.spec.in b/rpm_spec/core-dom0.spec.in index ac0fcabd..4a8dec2f 100644 --- a/rpm_spec/core-dom0.spec.in +++ b/rpm_spec/core-dom0.spec.in @@ -530,6 +530,7 @@ done /etc/xen/scripts/block-snapshot /etc/xen/scripts/block-origin /etc/xen/scripts/vif-route-qubes +%attr(0664,root,qubes) %config(noreplace) /etc/qubes/policy.d/85-admin-backup-restore.policy %attr(0664,root,qubes) %config(noreplace) /etc/qubes/policy.d/90-admin-default.policy %attr(0664,root,qubes) %config(noreplace) /etc/qubes/policy.d/90-default.policy %attr(0664,root,qubes) %config(noreplace) /etc/qubes/policy.d/include/admin-global-ro