core-admin

Qubes/core-admin

Fork 0

Commit Graph

Author	SHA1	Message	Date
Marek Marczykowski-Górecki	36d56010af	qubespolicy: add a commend about 'deny' being default action	2017-07-04 04:27:37 +02:00
Marek Marczykowski-Górecki	a96a85bdc9	qubespolicy: add a tool to analyze policy in form of graph Output possible connections between VMs in form of dot file. Fixes QubesOS/qubes-issues#2873	2017-07-04 04:27:36 +02:00
Marek Marczykowski-Górecki	3d803acfde	Generate policy for Admin API calls based on annotations on actual methods This ease Admin API administration, and also adds checking if qrexec policy + scripts matches actual Admin API methods implementation. The idea is to classify every Admin API method as either local read-only, local read-write, global read-only or global read-write. Where local/global means affecting a single VM, or the whole system. See QubesOS/qubes-issues#2871 for details. Fixes QubesOS/qubes-issues#2871	2017-07-04 04:27:34 +02:00

Author

SHA1

Message

Date

Marek Marczykowski-Górecki

36d56010af

qubespolicy: add a commend about 'deny' being default action

2017-07-04 04:27:37 +02:00

Marek Marczykowski-Górecki

a96a85bdc9

qubespolicy: add a tool to analyze policy in form of graph

Output possible connections between VMs in form of dot file.

Fixes QubesOS/qubes-issues#2873

2017-07-04 04:27:36 +02:00

Marek Marczykowski-Górecki

3d803acfde

Generate policy for Admin API calls based on annotations on actual methods

This ease Admin API administration, and also adds checking if qrexec
policy + scripts matches actual Admin API methods implementation.
The idea is to classify every Admin API method as either local
read-only, local read-write, global read-only or global read-write.
Where local/global means affecting a single VM, or the whole system.

See QubesOS/qubes-issues#2871 for details.

Fixes QubesOS/qubes-issues#2871

2017-07-04 04:27:34 +02:00

3 Commits