From 30c2d9934ad8053151fb12156bb44cf542746472 Mon Sep 17 00:00:00 2001 From: Yukikoo Date: Sun, 11 Aug 2019 16:20:56 +0000 Subject: [PATCH 1/6] Add info about RPC policies for disposableVM Related to https://github.com/QubesOS/qubes-issues/issues/5235 --- user/common-tasks/disposablevm.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/user/common-tasks/disposablevm.md b/user/common-tasks/disposablevm.md index ec8b855b..5a9f86d9 100644 --- a/user/common-tasks/disposablevm.md +++ b/user/common-tasks/disposablevm.md @@ -153,6 +153,15 @@ $ qvm-open-in-vm @dispvm:online-dvm-template https://www.qubes-os.org This will create a new DisposableVM based on `online-dvm-template`, open the default web browser in that DisposableVM, and navigate to `https://www.qubes-os.org`. +#### Example of RPC policies to allow this behavior + +In dom0, add the following line to `/etc/qubes-rpc/policy/qubes.OpenURL` +~~~ +$anyvm @dispvm:online-dvm-template allow +~~~ + +More information about RPC policies for disposableVM can be found here: `https://www.qubes-os.org/doc/qrexec3/#extra-keywords-available-in-qubes-40-and-later` + ## Customizing DisposableVMs ## From 77d629f6d92be6f8303ce6c68139e662496dc30f Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Sun, 11 Aug 2019 18:27:14 -0500 Subject: [PATCH 2/6] Fix link --- user/common-tasks/disposablevm.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/user/common-tasks/disposablevm.md b/user/common-tasks/disposablevm.md index 5a9f86d9..4c34b1b2 100644 --- a/user/common-tasks/disposablevm.md +++ b/user/common-tasks/disposablevm.md @@ -160,7 +160,7 @@ In dom0, add the following line to `/etc/qubes-rpc/policy/qubes.OpenURL` $anyvm @dispvm:online-dvm-template allow ~~~ -More information about RPC policies for disposableVM can be found here: `https://www.qubes-os.org/doc/qrexec3/#extra-keywords-available-in-qubes-40-and-later` +More information about RPC policies for disposableVM can be found [here][qrexec3-4.0]. ## Customizing DisposableVMs ## @@ -171,4 +171,4 @@ Full instructions can be found [here](/doc/disposablevm-customization/). [DisposableVM Template]: /doc/glossary/#disposablevm-template - +[qrexec3-4.0]: /doc/qrexec3/#extra-keywords-available-in-qubes-40-and-later From e4513cb5058b23d752a40435fdcc8881569ecb92 Mon Sep 17 00:00:00 2001 From: Yukikoo Date: Mon, 12 Aug 2019 17:19:53 +0000 Subject: [PATCH 3/6] Added a rule description for OpenURL RPC Policy --- user/common-tasks/disposablevm.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/user/common-tasks/disposablevm.md b/user/common-tasks/disposablevm.md index 4c34b1b2..25b5f028 100644 --- a/user/common-tasks/disposablevm.md +++ b/user/common-tasks/disposablevm.md @@ -155,10 +155,14 @@ This will create a new DisposableVM based on `online-dvm-template`, open the def #### Example of RPC policies to allow this behavior -In dom0, add the following line to `/etc/qubes-rpc/policy/qubes.OpenURL` +In dom0, add the following line at the beginning of the file `/etc/qubes-rpc/policy/qubes.OpenURL` ~~~ $anyvm @dispvm:online-dvm-template allow ~~~ +This line mean: +- FROM: Any VM +- TO: A DisposableVM based on the ``online-dvm-template`` Template +- WHAT: Allow to send a "Open URL" request More information about RPC policies for disposableVM can be found [here][qrexec3-4.0]. From 05124bb226342a0e5de9f3b026aef7b54bcd6fbe Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Mon, 12 Aug 2019 23:30:27 -0500 Subject: [PATCH 4/6] Clarify description --- user/common-tasks/disposablevm.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/user/common-tasks/disposablevm.md b/user/common-tasks/disposablevm.md index 25b5f028..1c079c24 100644 --- a/user/common-tasks/disposablevm.md +++ b/user/common-tasks/disposablevm.md @@ -159,10 +159,12 @@ In dom0, add the following line at the beginning of the file `/etc/qubes-rpc/pol ~~~ $anyvm @dispvm:online-dvm-template allow ~~~ -This line mean: +This line means: - FROM: Any VM -- TO: A DisposableVM based on the ``online-dvm-template`` Template -- WHAT: Allow to send a "Open URL" request +- TO: A DisposableVM based on the `online-dvm-template` TemplateVM +- WHAT: Allow sending an "Open URL" request + +In other words, any VM will be allowed to create a new DisposableVM based on `online-dvm-template` and open a URL inside of that DisposableVM. More information about RPC policies for disposableVM can be found [here][qrexec3-4.0]. From c9270a19419bfbbee4388d07f0fd54b991a9ca01 Mon Sep 17 00:00:00 2001 From: Yukikoo Date: Tue, 13 Aug 2019 18:27:36 +0000 Subject: [PATCH 5/6] update policy syntax ``$anyvm`` -> ``@anyvm`` --- user/common-tasks/disposablevm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user/common-tasks/disposablevm.md b/user/common-tasks/disposablevm.md index 1c079c24..973b3847 100644 --- a/user/common-tasks/disposablevm.md +++ b/user/common-tasks/disposablevm.md @@ -157,7 +157,7 @@ This will create a new DisposableVM based on `online-dvm-template`, open the def In dom0, add the following line at the beginning of the file `/etc/qubes-rpc/policy/qubes.OpenURL` ~~~ -$anyvm @dispvm:online-dvm-template allow +@anyvm @dispvm:online-dvm-template allow ~~~ This line means: - FROM: Any VM From f72d8bf69c1cb52035f18baab3e43412430b9ad6 Mon Sep 17 00:00:00 2001 From: Andrew David Wong Date: Wed, 14 Aug 2019 00:02:17 -0500 Subject: [PATCH 6/6] Fix orthography --- user/common-tasks/disposablevm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/user/common-tasks/disposablevm.md b/user/common-tasks/disposablevm.md index 973b3847..8ea69512 100644 --- a/user/common-tasks/disposablevm.md +++ b/user/common-tasks/disposablevm.md @@ -166,7 +166,7 @@ This line means: In other words, any VM will be allowed to create a new DisposableVM based on `online-dvm-template` and open a URL inside of that DisposableVM. -More information about RPC policies for disposableVM can be found [here][qrexec3-4.0]. +More information about RPC policies for DisposableVMs can be found [here][qrexec3-4.0]. ## Customizing DisposableVMs ##