Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2024-12-28 08:49:42 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add Qubes 4.0 policy keywords

Browse Source
This commit is contained in:
Marek Marczykowski-Górecki 2017-06-25 13:02:48 +02:00
parent caf8dfb91a
commit 7756a5353a
No known key found for this signature in database
GPG Key ID: F32894BE9684938A
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
services/qrexec3.md
View File

@ -192,6 +192,15 @@ second rule allowing calls to `$dispvm:anon-whonix-dvm`, or even if
there is a rule explicitly denying it. This is because the redirection happen
_after_ considering the action.
In Qubes 4.0 there are also additional methods to specify source/target VM:
* `$tag:some-tag` - meaning a VM with tag `some-tag`
* `$type:type` - meaning a VM of `type` (like `AppVM`, `TemplateVM` etc)
Target VM can be also specified as `$default`, which matches the case when
calling VM didn't specified any particular target (either by using `$default`
target, or empty target).
### Service argument in policy
Sometimes just service name isn't enough to make reasonable qrexec policy. One