Inicio Explorar Ayuda
Iniciar sesión
Qubes
/
core-admin
2
0
Fork 0
Archivos Incidencias 0 Pull Requests 0 Wiki
Árbol: e705a04cc5
Ramas Etiquetas
core-admin
/
doc
/
qubes-policy.rst

qubes-policy.rst 3.4 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687 
  1. :py:mod:`qubes.policy` -- Qubes RPC policy
    2. 

  2. ==========================================
    3. 

  3. 

  4. Every Qubes domain can trigger various RPC services, but if such call would be
    5. 

  5. allowed depends on Qubes RPC policy (qrexec policy in short).
    6. 

  6. 

  7. Qrexec policy format
    8. 

  8. --------------------
    9. 

  9. 

  10. Policy consists of a file, which is parsed line-by-line. First matching line
    11. 

  11. is used as an action.
    12. 

  12. 

  13. Each line consist of three values separated by white characters (space(s), tab(s)):
    14. 

  14. 1. Source specification, which is one of:
    15. 

  15. 

  16.   - domain name
    17. 

  17.   - `$anyvm` - any domain
    18. 

  18.   - `$tag:some-tag` - VM having tag `some-tag`
    19. 

  19.   - `$type:vm-type` - VM of `vm-type` type, available types:
    20. 

  20.       AppVM, TemplateVM, StandaloneVM, DispVM
    21. 

  21. 

  22. 2. Target specification, one of:
    23. 

  23. 

  24.   - domain name
    25. 

  25.   - `$anyvm` - any domain, excluding dom0
    26. 

  26.   - `$tag:some-tag` - domain having tag `some-tag`
    27. 

  27.   - `$type:vm-type` - domain of `vm-type` type, available types:
    28. 

  28.       AppVM, TemplateVM, StandaloneVM, DispVM
    29. 

  29.   - `$default` - used when caller did not specified any VM
    30. 

  30.   - `$dispvm:vm-name` - _new_ Disposable VM created from AppVM `vm-name`
    31. 

  31.   - `$dispvm` - _new_ Disposable VM created from AppVM pointed by caller
    32. 

  32.     property `default_dispvm`, which defaults to global property `default_dispvm`
    33. 

  33. 

  34. 3. Action and optional action parameters, one of:
    35. 

  35. 

  36.   - `allow` - allow the call, without further questions; optional parameters:
    37. 

  37.     - `target=` - override caller provided call target -
    38. 

  38.       possible values are: domain name, `$dispvm` or `$dispvm:vm-name`
    39. 

  39.     - `user=` - call the service using this user, instead of the user
    40. 

  40.       pointed by target VM's `default_user` property
    41. 

  41.   - `deny` - deny the call, without further questions; no optional
    42. 

  42.     parameters are supported
    43. 

  43.   - `ask` - ask the user for confirmation; optional parameters:
    44. 

  44.     - `target=` - override user provided call target
    45. 

  45.     - `user=` - call the service using this user, instead of the user
    46. 

  46.       pointed by target VM's `default_user` property
    47. 

  47.     - `default_target=` - suggest this target when prompting the user for
    48. 

  48.       confirmation
    49. 

  49. 

  50. Alternatively, a line may consist of a single keyword `$include:` followed by a
    51. 

  51. path. This will load a given file as its content would be in place of
    52. 

  52. `$include` line. Relative paths are resolved relative to
    53. 

  53. `/etc/qubes-rpc/policy` directory.
    54. 

  54. 

  55. Evaluating `ask` action
    56. 

  56. -----------------------
    57. 

  57. 

  58. When qrexec policy specify `ask` action, the user is asked whether the call
    59. 

  59. should be allowed or denied. In addition to that, user also need to choose
    60. 

  60. target domain. User have to choose from a set of targets specified by the
    61. 

  61. policy. Such set is calculated using the algorithm below:
    62. 

  62. 

  63. 1. If `ask` action have `target=` option specified, only that target is
    64. 

  64. considered. A prompt window will allow to choose only this value and it will
    65. 

  65. also be pre-filled value.
    66. 

  66. 

  67. 2. If no `target=` option is specified, all rules are evaluated to see what
    68. 

  68. target domains (for a given source domain) would result in `ask` or `allow`
    69. 

  69. action. If any of them have `target=` option set, that value is used instead of
    70. 

  70. the one specified in "target" column (for this particular line). Then the user
    71. 

  71. is presented with a confirmation dialog and an option to choose from those
    72. 

  72. domains. 
    73. 

  73. 

  74. 3. If `default_target=` option is set, it is used as
    75. 

  75. suggested value, otherwise no suggestion is made (regardless of calling domain
    76. 

  76. specified any target or not).
    77. 

  77. 

  78. 

  79. 

  80. Module contents
    81. 

  81. ---------------
    82. 

  82. 

  83. .. automodule:: qubespolicy
    84. 

  84.    :members:
    85. 

  85.    :show-inheritance:
    86. 

  86. 

  87. .. vim: ts=3 sw=3 et
    88.