3d803acfde
This ease Admin API administration, and also adds checking if qrexec policy + scripts matches actual Admin API methods implementation. The idea is to classify every Admin API method as either local read-only, local read-write, global read-only or global read-write. Where local/global means affecting a single VM, or the whole system. See QubesOS/qubes-issues#2871 for details. Fixes QubesOS/qubes-issues#2871
15 lines
515 B
Plaintext
15 lines
515 B
Plaintext
## This file is included from all local read-only admin.* policy files
|
|
## _in default configuration_. To allow only specific action,
|
|
## edit specific policy file.
|
|
|
|
## Note that policy parsing stops at the first match,
|
|
## so adding anything below "$anyvm $anyvm action" line will have no effect
|
|
|
|
## Please use a single # to start your custom comments
|
|
|
|
## Include all already having write access
|
|
$include:include/admin-local-rwx
|
|
|
|
## Add your entries here, make sure to append ",target=dom0" to all allow/ask actions
|
|
|