f42cd28901
Install files in /etc/qubes-rpc for all methods defined in API documentation, even if not yet implemented (qubesd will handle it raising appropriate exception). Use minimal program written in C (qubesd-query-fast), instead of qubesd-query in python for performance reasons: - a single qubesd-query run: ~300ms - equivalent in shell (echo | nc -U): ~40ms - qubesd-query-fast: ~20ms Many tools makes multiple API calls, so performance here do matter. For example qvm-ls (from VM) currently takes about 60s on a system with 24 VMs. Also make use of `$include:` directive in policy file, to make it easier defining a VM with full Admin API access. QubesOS/qubes-issues#853
14 lines
567 B
Plaintext
14 lines
567 B
Plaintext
## Note that policy parsing stops at the first match,
|
|
## so adding anything below "$anyvm $anyvm action" line will have no effect
|
|
|
|
## Please use a single # to start your custom comments
|
|
|
|
## Add your entries here, make sure to append ",target=dom0" to all allow/ask actions
|
|
|
|
## Include a single file for all admin.* methods to ease setting up Management VM.
|
|
## To allow only specific actions, edit specific policy file, like this one. To
|
|
## allow all of them, edit /etc/qubes-rpc/include/admin-all.
|
|
$include:/etc/qubes-rpc/policy/include/admin-all
|
|
|
|
$anyvm $anyvm deny
|