Domovská stránka Prehľadávať Pomoc
Prihlásiť sa
Qubes
/
core-admin
2
0
Fork 0
Súbory Issues 0 Pull requesty 0 Wiki
Strom: bf4306b815
Branche Tagy
core-admin
/
doc
/
qubes-policy.rst

qubes-policy.rst 3.7 KB
História Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495 
  1. :py:mod:`qubes.policy` -- Qubes RPC policy
    2. 

  2. ==========================================
    3. 

  3. 

  4. Every Qubes domain can trigger various RPC services, but if such call would be
    5. 

  5. allowed depends on Qubes RPC policy (qrexec policy in short).
    6. 

  6. 

  7. Qrexec policy format
    8. 

  8. --------------------
    9. 

  9. 

  10. Policy consists of a file, which is parsed line-by-line. First matching line
    11. 

  11. is used as an action.
    12. 

  12. 

  13. Each line consist of three values separated by white characters (space(s), tab(s)):
    14. 

  14. 

  15. 1. Source specification, which is one of:
    16. 

  16. 

  17.   - domain name
    18. 

  18.   - `$anyvm` - any domain
    19. 

  19.   - `$tag:some-tag` - VM having tag `some-tag`
    20. 

  20.   - `$type:vm-type` - VM of `vm-type` type, available types:
    21. 

  21.     AppVM, TemplateVM, StandaloneVM, DispVM
    22. 

  22. 

  23. 2. Target specification, one of:
    24. 

  24. 

  25.   - domain name
    26. 

  26.   - `$anyvm` - any domain, excluding dom0
    27. 

  27.   - `$tag:some-tag` - domain having tag `some-tag`
    28. 

  28.   - `$type:vm-type` - domain of `vm-type` type, available types:
    29. 

  29.     AppVM, TemplateVM, StandaloneVM, DispVM
    30. 

  30.   - `$default` - used when caller did not specified any VM
    31. 

  31.   - `$dispvm:vm-name` - _new_ Disposable VM created from AppVM `vm-name`
    32. 

  32.   - `$dispvm:$tag:some-tag` - _new_ Disposable VM created from AppVM tagged with `some-tag`
    33. 

  33.   - `$dispvm` - _new_ Disposable VM created from AppVM pointed by caller
    34. 

  34.     property `default_dispvm`, which defaults to global property `default_dispvm`
    35. 

  35.   - `$adminvm` - Admin VM aka dom0
    36. 

  36. 

  37.   Dom0 can only be matched explicitly - either as `dom0` or `$adminvm` keyword.
    38. 

  38.   None of `$anyvm`, `$tag:some-tag`, `$type:AdminVM` will match.
    39. 

  39. 

  40. 3. Action and optional action parameters, one of:
    41. 

  41. 

  42.   - `allow` - allow the call, without further questions; optional parameters:
    43. 

  43. 

  44.     - `target=` - override caller provided call target -
    45. 

  45.       possible values are: domain name, `$dispvm` or `$dispvm:vm-name`
    46. 

  46.     - `user=` - call the service using this user, instead of the user
    47. 

  47.       pointed by target VM's `default_user` property
    48. 

  48.   - `deny` - deny the call, without further questions; no optional
    49. 

  49.     parameters are supported
    50. 

  50.   - `ask` - ask the user for confirmation; optional parameters:
    51. 

  51. 

  52.     - `target=` - override user provided call target
    53. 

  53.     - `user=` - call the service using this user, instead of the user
    54. 

  54.       pointed by target VM's `default_user` property
    55. 

  55.     - `default_target=` - suggest this target when prompting the user for
    56. 

  56.       confirmation
    57. 

  57. 

  58. Alternatively, a line may consist of a single keyword `$include:` followed by a
    59. 

  59. path. This will load a given file as its content would be in place of
    60. 

  60. `$include` line. Relative paths are resolved relative to
    61. 

  61. `/etc/qubes-rpc/policy` directory.
    62. 

  62. 

  63. Evaluating `ask` action
    64. 

  64. -----------------------
    65. 

  65. 

  66. When qrexec policy specify `ask` action, the user is asked whether the call
    67. 

  67. should be allowed or denied. In addition to that, user also need to choose
    68. 

  68. target domain. User have to choose from a set of targets specified by the
    69. 

  69. policy. Such set is calculated using the algorithm below:
    70. 

  70. 

  71. 1. If `ask` action have `target=` option specified, only that target is
    72. 

  72. considered. A prompt window will allow to choose only this value and it will
    73. 

  73. also be pre-filled value.
    74. 

  74. 

  75. 2. If no `target=` option is specified, all rules are evaluated to see what
    76. 

  76. target domains (for a given source domain) would result in `ask` or `allow`
    77. 

  77. action. If any of them have `target=` option set, that value is used instead of
    78. 

  78. the one specified in "target" column (for this particular line). Then the user
    79. 

  79. is presented with a confirmation dialog and an option to choose from those
    80. 

  80. domains. 
    81. 

  81. 

  82. 3. If `default_target=` option is set, it is used as
    83. 

  83. suggested value, otherwise no suggestion is made (regardless of calling domain
    84. 

  84. specified any target or not).
    85. 

  85. 

  86. 

  87. 

  88. Module contents
    89. 

  89. ---------------
    90. 

  90. 

  91. .. automodule:: qubespolicy
    92. 

  92.    :members:
    93. 

  93.    :show-inheritance:
    94. 

  94. 

  95. .. vim: ts=3 sw=3 et
    96.