Commit Graph

28 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
a46a43635f
qubespolicy: fix default target if it's a keyword
Compare "api name", not "display name" when selecting default target in
confirmation dialog.
And add test for this case.

Fixes QubesOS/qubes-issues#4881
2019-03-15 05:35:36 +01:00
Marek Marczykowski-Górecki
eeec2e0ddd
qubespolicy: forbid qrexec loopback connections at policy level
libxenvchan currently can't handle loopback connections. Since error
reporting on vchan connection setup is far from perfect, try to avoid
making such connections at all.

QubesOS/qubes-issues#951
Fixes QubesOS/qubes-issues#4804
2019-02-27 06:03:57 +01:00
Marek Marczykowski-Górecki
41f463f2fc
Adjust test for fixed typo 2018-12-07 14:19:11 +01:00
Marek Marczykowski-Górecki
f30963fde1
tests/qubespolicy: adjust for removing 'assert' usage 2018-10-29 22:37:15 +01:00
Marek Marczykowski-Górecki
232a00a2b0
qubespolicy: translate '' target to '@default' earlier
Translate empty target to '@default' keyword earlier, so that
original_target will report '@default' instead of ''. The latter is
rejected by qubes-rpc-multiplexer when the call is directed to dom0,
because it expects to get non-empty arguments about original
target.
2018-03-03 03:50:59 +01:00
Marek Marczykowski-Górecki
68b6f1ec76
qubespolicy: use '@' instead of '$' for policy keywords
Using '$' is easy to misuse in shell scripts, shell commands etc. After
all this years, lets abandon this dangerous character and move to
something safer: '@'. The choice was made after reviewing specifications
of various shells on different operating systems and this is the
character that have no special meaning in none of them.

To preserve compatibility, automatically translate '$' to '@' when
loading policy files.
2018-02-19 03:33:40 +01:00
Marek Marczykowski-Górecki
c87fcd7e2e
qubespolicy: use separate arguments for original target type and value
Provide original target as two arguments: type, value
This will ease handling special keywords without risking hitting shell
special characters or other problems.
2018-02-19 03:32:44 +01:00
Marek Marczykowski-Górecki
d3cc2d50e3
qubespolicy: fix handling '$adminvm' target with ask action
All policy keywords needs to be expanded before sending it to
confirmation dialog. $dispvm was already handled, but $adminvm was
missing

Fixes QubesOS/qubes-issues#3283
2017-11-07 03:10:41 +01:00
Marek Marczykowski-Górecki
2164a8d7b8
Change license to LGPL v2.1+
See this thread for reasoning and acceptance from contributors:
https://groups.google.com/d/topic/qubes-devel/G7KzrfU0lWY/discussion
"Changing qubes-core-admin license to LGPL v2.1+"
2017-10-12 00:11:50 +02:00
Marek Marczykowski-Górecki
5e870e4b6a
qubespolicy: implement $dispvm:$tag: syntax
This allow to specify allowed/forbidden DispVM base using tags, not only
static name.

Fixes QubesOS/qubes-issues#3048
2017-09-05 02:07:27 +02:00
Marek Marczykowski-Górecki
99bd193688
Rename 'dispvm_allowed' to 'template_for_dispvms'
'dispvm_allowed' name was confusing, because it suggested being able to
spawn new DispVMs, not being a template for DispVM.

Fixes QubesOS/qubes-issues#3047
2017-09-05 02:07:26 +02:00
Wojtek Porczyk
8547d06cc9 qubes/tests: skip env-dependent tests using decorator
Gtk segfaults without X11 display. Some tests need dedicated PCI device.
2017-08-31 20:29:34 +02:00
Marek Marczykowski-Górecki
7a9e5c3650
tests: qrexec-policy cli tool tests 2017-08-14 02:24:32 +02:00
Marek Marczykowski-Górecki
971c7d4ac9
api/admin: add admin.vm.CreateDisposable in place of internal.vm.Create.DispVM
Add public Admin API call to create Disposable VM that would be
automatically destroyed after shutdown. Do not keep this functionality
for qrexec-policy tool only.
Also, use admin.vm.Start there, instead of internal.vm.Start and
admin.vm.Kill instead of internal.vm.CleanupDispVM (this is enough,
because DispVM now have auto_cleanup property).

QubesOS/qubes-issues#2974
2017-08-06 20:54:10 +02:00
Marek Marczykowski-Górecki
d650a90289
qubespolicy: fix handling ask,default_target= 2017-07-30 14:48:06 +02:00
Bahtiar `kalkin-` Gadimov
a936b07d7b
Do not display gi Gtk warning when running tests
- Fix Gtk import
2017-07-14 14:15:46 +02:00
Marek Marczykowski-Górecki
e8e30c8bdf
qubespolicy: fix handling allow rule to '$dispvm'
When rule does not specify forced target (`target=...`), generic
`$dispvm` wasn't resolved to specific Disposable VM (based on
`default_dispvm` property).
2017-07-04 04:27:36 +02:00
Marek Marczykowski-Górecki
8afb425271
qubespolicy: allow non-default policy directory
This will allow to evaluate policy extracted from other system.
And also ease tests.

QubesOS/qubes-issues#2873
2017-07-04 04:27:35 +02:00
Marek Marczykowski-Górecki
26ea836f67
qubespolicy: add $adminvm keyword for specifying dom0 aka AdminVM
Fixes QubesOS/qubes-issues#2872
2017-07-04 04:27:35 +02:00
Marek Marczykowski-Górecki
a937bb173a
qubespolicy: allow spaces in action arguments
This is natural to write space after coma.
2017-07-04 04:27:34 +02:00
Marek Marczykowski-Górecki
258d268a3a
Rename MgmtAPI to AdminAPI - part 2: internal API
QubesOS/qubes-issues#853
2017-05-12 19:28:08 +02:00
Marek Marczykowski-Górecki
e5ad26c090
qubespolicy: make pylint happy
This include refactoring out one-function-class GtkIconGetter.

QubesOS/qubes-issues#910
2017-04-07 17:07:30 +02:00
Marek Marczykowski-Górecki
6c3410377d
rpc-window: adjust for qubespolicy API
- drop qid usage - it isn't really needed, especially for to-be-created
  DispVMs
- use "domains_info" dict as input, instead of loading qubes.xml
  directly
- nicely format "Disposable VM" entries
- simplify whitelist/blacklist handling - since qrexecpolicy always
  provide a list of allowed choices, use just that

Important note: there are two names concepts:
1. Display name - name of VM, or in case of to-be-created DispVMs - a
string "Disposable VM (name-of-base-vm)"
2. API name - as in qrexec policy - $dispvm:name-of-base-vm for new
DispVMs

Externally at API level (allowed targets list, return value), API name
is used, but internally VMListModeler._entries is still indexed with
display names. This is done for more efficient (and readable) GUI
handling - because most of the time it's searched for what user have
entered.

QubesOS/qubes-issues#910
2017-04-07 17:07:29 +02:00
Marek Marczykowski-Górecki
067940f5aa
rpc-window: use 'edit-find' icon if no other is found
'gnome-foot' icon is not present in Adwaita theme.

QubesOS/qubes-issues#910
2017-04-07 17:07:29 +02:00
Marek Marczykowski-Górecki
20a1853f3f
rpc-window: adjust for python3
dict.keys() is not indexable.

QubesOS/qubes-issues#910
2017-04-07 17:07:28 +02:00
Marek Marczykowski-Górecki
ab1bd77b45
rpc-window: code style adjustments
QubesOS/qubes-issues#910
2017-04-07 17:07:28 +02:00
Marek Marczykowski-Górecki
b3ceb2d7fa
Import new rpc confirmation window code
Import unmodified implementation done by @boring-stuff.
Full history for reference is available in rpc-confirmation-window
branch.

QubesOS/qubes-issues#910
2017-04-07 17:07:28 +02:00
Marek Marczykowski-Górecki
564408eb3f
tests: qubespolicy tests
Fixes QubesOS/qubes-issues#2460
2017-04-06 15:43:17 +02:00