Commit Graph

10 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
5e870e4b6a
qubespolicy: implement $dispvm:$tag: syntax
This allow to specify allowed/forbidden DispVM base using tags, not only
static name.

Fixes QubesOS/qubes-issues#3048
2017-09-05 02:07:27 +02:00
Marek Marczykowski-Górecki
99bd193688
Rename 'dispvm_allowed' to 'template_for_dispvms'
'dispvm_allowed' name was confusing, because it suggested being able to
spawn new DispVMs, not being a template for DispVM.

Fixes QubesOS/qubes-issues#3047
2017-09-05 02:07:26 +02:00
Marek Marczykowski-Górecki
971c7d4ac9
api/admin: add admin.vm.CreateDisposable in place of internal.vm.Create.DispVM
Add public Admin API call to create Disposable VM that would be
automatically destroyed after shutdown. Do not keep this functionality
for qrexec-policy tool only.
Also, use admin.vm.Start there, instead of internal.vm.Start and
admin.vm.Kill instead of internal.vm.CleanupDispVM (this is enough,
because DispVM now have auto_cleanup property).

QubesOS/qubes-issues#2974
2017-08-06 20:54:10 +02:00
Marek Marczykowski-Górecki
d650a90289
qubespolicy: fix handling ask,default_target= 2017-07-30 14:48:06 +02:00
Marek Marczykowski-Górecki
e8e30c8bdf
qubespolicy: fix handling allow rule to '$dispvm'
When rule does not specify forced target (`target=...`), generic
`$dispvm` wasn't resolved to specific Disposable VM (based on
`default_dispvm` property).
2017-07-04 04:27:36 +02:00
Marek Marczykowski-Górecki
8afb425271
qubespolicy: allow non-default policy directory
This will allow to evaluate policy extracted from other system.
And also ease tests.

QubesOS/qubes-issues#2873
2017-07-04 04:27:35 +02:00
Marek Marczykowski-Górecki
26ea836f67
qubespolicy: add $adminvm keyword for specifying dom0 aka AdminVM
Fixes QubesOS/qubes-issues#2872
2017-07-04 04:27:35 +02:00
Marek Marczykowski-Górecki
a937bb173a
qubespolicy: allow spaces in action arguments
This is natural to write space after coma.
2017-07-04 04:27:34 +02:00
Marek Marczykowski-Górecki
258d268a3a
Rename MgmtAPI to AdminAPI - part 2: internal API
QubesOS/qubes-issues#853
2017-05-12 19:28:08 +02:00
Marek Marczykowski-Górecki
564408eb3f
tests: qubespolicy tests
Fixes QubesOS/qubes-issues#2460
2017-04-06 15:43:17 +02:00