## Note that policy parsing stops at the first match.
## Add ",user=root" to any ask or allow rules.

## Please use a single # to start your custom comments

$anyvm	$anyvm	deny

# WARNING: The qubes.VMRootShell service is dangerous and there are really few
# cases when it could be safely used. Especially when policy set to "ask" you
# have no way to know for sure what command(s) will be called. Compromissed
# source VM can substitute the command. Allowing one VM to execute
# qubes.VMRootShell over the other VM allows the former to TAKE FULL CONTROL over
# the later. In most cases this is not what we want!
#
# Instead we should be using task-specific qrexec services which provide
# assurance as to what program will be responding to the (untrusted) VM
# requests.
#
# See e.g. this thread for some discussion:
# https://groups.google.com/d/msg/qubes-users/xnAByaL_bjI/3PjYdiTDW-0J
#