85-admin-backup-restore.policy 2.1 KB

1234567891011121314151617181920212223242526
  1. ## File format:
  2. ## service-name|* +argument|* source destination action [options]
  3. ## Allow selected DisposableVM perform "paranoid backup restore"
  4. admin.vm.Create.AppVM * @tag:backup-restore-mgmt dom0 allow target=dom0
  5. admin.vm.Create.StandaloneVM * @tag:backup-restore-mgmt dom0 allow target=dom0
  6. admin.vm.Create.TemplateVM * @tag:backup-restore-mgmt dom0 allow target=dom0
  7. admin.vm.List * @tag:backup-restore-mgmt dom0 allow target=dom0
  8. ## Allow checking some basic info about all the VMs, to propose conflicts resolution
  9. admin.vm.List * @tag:backup-restore-mgmt @anyvm allow target=dom0
  10. admin.vm.property.Get +provides_network @tag:backup-restore-mgmt @anyvm allow target=dom0
  11. admin.vm.property.Get +template_for_dispvms @tag:backup-restore-mgmt @anyvm allow target=dom0
  12. ## Allow it to configure just created qubes
  13. admin.vm.feature.Set * @tag:backup-restore-mgmt @tag:backup-restore-in-progress allow target=dom0
  14. admin.vm.firewall.Set * @tag:backup-restore-mgmt @tag:backup-restore-in-progress allow target=dom0
  15. admin.vm.property.Set * @tag:backup-restore-mgmt @tag:backup-restore-in-progress allow target=dom0
  16. admin.vm.tag.Set * @tag:backup-restore-mgmt @tag:backup-restore-in-progress allow target=dom0
  17. admin.vm.volume.Import * @tag:backup-restore-mgmt @tag:backup-restore-in-progress allow target=dom0
  18. admin.vm.volume.Info * @tag:backup-restore-mgmt @tag:backup-restore-in-progress allow target=dom0
  19. admin.vm.volume.List * @tag:backup-restore-mgmt @tag:backup-restore-in-progress allow target=dom0
  20. admin.vm.volume.Set.revisions_to_keep * @tag:backup-restore-mgmt @tag:backup-restore-in-progress allow target=dom0
  21. ## And finally, allow it to retrieve the actual backup
  22. qubes.RestoreById * @tag:backup-restore-mgmt @tag:backup-restore-storage allow