qusal/salt/qubes-builder/files/admin/policy/default.policy

29 lines
1.5 KiB
Plaintext
Raw Normal View History

# SPDX-FileCopyrightText: 2023 The Qubes OS Project <https://www.qubes-os.org>
2024-01-29 10:49:54 -05:00
# SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.com>
2023-11-13 09:33:28 -05:00
#
# SPDX-License-Identifier: GPL-2.0-only
2023-11-13 09:33:28 -05:00
## Do not modify this file, create a new policy with with a lower number in the
## file name instead. For example `30-user.policy`.
qubes.Gpg2 * {{ sls_path }} @default allow target=sys-pgp
2023-11-13 09:33:28 -05:00
qusal.GitInit +qubes-builder {{ sls_path }} @default allow target=sys-git
qusal.GitFetch +qubes-builder {{ sls_path }} @default allow target=sys-git
qusal.GitPush +qubes-builder {{ sls_path }} @default ask target=sys-git default_target=sys-git
2023-11-13 09:33:28 -05:00
qusal.SshAgent +qubes-builder {{ sls_path }} @default allow target=sys-ssh-agent
qusal.SshAgent +qubes-builder {{ sls_path }} @anyvm deny
admin.vm.CreateDisposable * {{ sls_path }} dom0 allow
admin.vm.CreateDisposable * {{ sls_path }} dvm-qubes-builder allow target=dom0
admin.vm.Start * {{ sls_path }} @tag:disp-created-by-{{ sls_path }} allow target=dom0
admin.vm.Kill * {{ sls_path }} @tag:disp-created-by-{{ sls_path }} allow target=dom0
qubesbuilder.FileCopyIn * {{ sls_path }} @tag:disp-created-by-{{ sls_path }} allow
qubesbuilder.FileCopyOut * {{ sls_path }} @tag:disp-created-by-{{ sls_path }} allow
qubes.Filecopy * {{ sls_path }} @tag:disp-created-by-{{ sls_path }} allow
2023-11-13 09:33:28 -05:00
qubes.WaitForSession * {{ sls_path }} @tag:disp-created-by-{{ sls_path }} allow
qubes.VMShell * {{ sls_path }} @tag:disp-created-by-{{ sls_path }} allow
## vim:ft=qrexecpolicy