Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2025-08-06 21:54:16 -04:00
Code Issues Projects Releases Packages Wiki Activity

Document /run/qubes/policy.d/

Browse source 
Useful for users of the feature.
This commit is contained in:
Demi Marie Obenour 2024-07-21 13:47:56 -04:00
parent 366e61e824
commit 00785492ad
No known key found for this signature in database
GPG key ID: B6A6EA5FFDA87AAC
1 changed files with 7 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

9
developer/services/qrexec.md
View file

@ -86,11 +86,12 @@ Disposable VMs are tightly integrated -- RPC to a DisposableVM is identical to R
### Policy files ### Policy files
The dom0 directory `/etc/qubes/policy.d/` contains files that set policy for each available RPC action that a VM might call. The dom0 directories `/etc/qubes/policy.d/` and `/run/qubes/policy.d/` contain files that set policy for each available RPC action that a VM might call.
For example, `/etc/qubes/policy.d/90-default.policy` contains the default policy settings. For example, `/etc/qubes/policy.d/90-default.policy` contains the default policy settings.
When making changes to existing policies it is recommended that you create a *new* policy file starting with a lower number, like `/etc/qubes/policy.d/30-user.policy`. When making changes to existing policies it is recommended that you create a *new* policy file starting with a lower number, like `/etc/qubes/policy.d/30-user.policy`.
You may keep your custom policies in one file like `/etc/qubes/policy.d/30-user.policy`, or you may choose to have multiple files, like `/etc/qubes/policy.d/10-copy.policy`, `/etc/qubes/policy.d/10-open.policy`. You may keep your custom policies in one file like `/etc/qubes/policy.d/30-user.policy`, or you may choose to have multiple files, like `/etc/qubes/policy.d/10-copy.policy`, `/etc/qubes/policy.d/10-open.policy`.
Together the contents of these files make up the RPC access policy database: the files are merged, with policies in lower number files overriding policies in higher numbered files. Together the contents of these files make up the RPC access policy database: the files are merged, with policies in lower number files overriding policies in higher numbered files.
If there are entries in both `/run/qubes/policy.d/` and `/etc/qubes/policy.d/` with the same name, it isn't specified which takes precedence, so you should avoid this situation.
Policies are defined in lines with the following format: Policies are defined in lines with the following format:
@ -103,7 +104,7 @@ You can specify the source and destination by name or by one of the reserved key
Service calls from dom0 are currently always allowed, and `@dispvm` means "new VM created for this particular request," so it is never a source of request.) Service calls from dom0 are currently always allowed, and `@dispvm` means "new VM created for this particular request," so it is never a source of request.)
Other methods using *tags* and *types* are also available (and discussed below). Other methods using *tags* and *types* are also available (and discussed below).
Whenever a RPC request for an action is received, the domain checks the first matching line of the files in `/etc/qubes/policy.d/` to determine access: Whenever a RPC request for an action is received, the domain checks the first matching line of the files in `/etc/qubes/policy.d/` and `/run/qubes/policy.d/` to determine access:
whether to allow the request, what VM to redirect the execution to, and what user account the program should run under. whether to allow the request, what VM to redirect the execution to, and what user account the program should run under.
Note that if the request is redirected (`target=` parameter), policy action remains the same -- even if there is another rule which would otherwise deny such request. Note that if the request is redirected (`target=` parameter), policy action remains the same -- even if there is another rule which would otherwise deny such request.
If no policy rule is matched, the action is denied. If no policy rule is matched, the action is denied.
@ -112,6 +113,10 @@ In the target VM, a file in either of the following locations must exist, contai
- `/etc/qubes-rpc/RPC_ACTION_NAME` when you make it in the template qube; - `/etc/qubes-rpc/RPC_ACTION_NAME` when you make it in the template qube;
- `/usr/local/etc/qubes-rpc/RPC_ACTION_NAME` for making it only in an app qube. - `/usr/local/etc/qubes-rpc/RPC_ACTION_NAME` for making it only in an app qube.
Files in `/run/qubes/policy.d/` are deleted when the system is rebooted.
This is useful for temporary policy that contains the name or UUID of a disposable VM, which will not be meaningful after the system has rebooted.
Such policy files can be created manually, but they are usually created automatically by a Qrexec call to dom0.
### Making an RPC call ### Making an RPC call
From outside of dom0, RPC calls take the following form: From outside of dom0, RPC calls take the following form: