From ca170fd8ee495996ea4a8addb43cb87cbd09ec6e Mon Sep 17 00:00:00 2001 From: Christopher Laprise Date: Wed, 10 Jan 2018 14:39:38 -0500 Subject: [PATCH 1/2] Add policy parameter for R4.0 --- security/vm-sudo.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/security/vm-sudo.md b/security/vm-sudo.md index 390efdfd..2ca6e8b1 100644 --- a/security/vm-sudo.md +++ b/security/vm-sudo.md @@ -105,7 +105,8 @@ this for extra security.** 1. Adding Dom0 "VMAuth" service: [root@dom0 /]# echo -n "/usr/bin/echo 1" >/etc/qubes-rpc/qubes.VMAuth - [root@dom0 /]# echo -n "\$anyvm dom0 ask" >/etc/qubes-rpc/policy/qubes.VMAuth + [root@dom0 /]# echo -n "\$anyvm dom0 ask,default_target=dom0" \ + >/etc/qubes-rpc/policy/qubes.VMAuth (Note: any VMs you would like still to have password-less root access (e.g. TemplateVMs) can be specified in the second file with "\ dom0 allow") From d63cc5959565103d9f99677e9ff7fc4f245eacfa Mon Sep 17 00:00:00 2001 From: Christopher Laprise Date: Thu, 11 Jan 2018 16:57:38 -0500 Subject: [PATCH 2/2] Remove -n from echo --- security/vm-sudo.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/security/vm-sudo.md b/security/vm-sudo.md index 2ca6e8b1..b7bebbad 100644 --- a/security/vm-sudo.md +++ b/security/vm-sudo.md @@ -104,8 +104,8 @@ this for extra security.** 1. Adding Dom0 "VMAuth" service: - [root@dom0 /]# echo -n "/usr/bin/echo 1" >/etc/qubes-rpc/qubes.VMAuth - [root@dom0 /]# echo -n "\$anyvm dom0 ask,default_target=dom0" \ + [root@dom0 /]# echo "/usr/bin/echo 1" >/etc/qubes-rpc/qubes.VMAuth + [root@dom0 /]# echo "\$anyvm dom0 ask,default_target=dom0" \ >/etc/qubes-rpc/policy/qubes.VMAuth (Note: any VMs you would like still to have password-less root access (e.g. TemplateVMs) can be specified in the second file with "\ dom0 allow")