fix: GUI Global Config precedes packaged policies

2024-10-01 02:35:49 -04:00 · 2024-06-17 11:36:39 +02:00 · 2024-06-17 11:36:39 +02:00 · 59e8fc32a0
commit 59e8fc32a0
parent faa00fbffa
3 changed files with 5 additions and 5 deletions
--- a/salt/sys-bitcoin/create.sls
+++ b/salt/sys-bitcoin/create.sls
@ -279,4 +279,6 @@ tags:
    - name: qvm-volume extend dvm-bitcoin-builder:private 20Gi

 {% from 'utils/macros/policy.sls' import policy_set with context -%}
-{{ policy_set(sls_path, '70') }}
+{{ policy_set(sls_path, '45') }}
+{% from 'utils/macros/policy.sls' import policy_unset with context -%}
+{{ policy_unset(sls_path, '70') }}
--- a/salt/sys-cacher/create.sls
+++ b/salt/sys-cacher/create.sls
@ -97,10 +97,10 @@ features:
 {%- endload %}
 {{ load(defaults) }}

-{% from 'utils/macros/policy.sls' import policy_unset with context -%}
-{{ policy_unset(sls_path, '75') }}
 {% from 'utils/macros/policy.sls' import policy_set with context -%}
 {{ policy_set(sls_path, '45') }}
+{% from 'utils/macros/policy.sls' import policy_unset with context -%}
+{{ policy_unset(sls_path, '75') }}

 "{{ slsdotpath }}-extend-volume":
  cmd.run:
--- a/salt/sys-cacher/files/admin/policy/default.policy
+++ b/salt/sys-cacher/files/admin/policy/default.policy
@ -8,8 +8,6 @@ qubes.OpenURL * {{ sls_path }} @default allow target={{ sls_path }}-browser
 qubes.OpenURL * {{ sls_path }} @anyvm   deny
 qubes.ConnectTCP +8082 {{ sls_path }}-browser  @default  allow target={{ sls_path }}
 qubes.ConnectTCP *     {{ sls_path }}-browser  @anyvm    deny
-qubes.UpdatesProxy * @tag:whonix-updatevm     @default allow  target=sys-whonix
-qubes.UpdatesProxy * @tag:whonix-updatevm     @anyvm   deny
 qubes.UpdatesProxy * @tag:updatevm-{{ sls_path }} @default  allow  target={{ sls_path }}
 qubes.UpdatesProxy * @tag:updatevm-{{ sls_path }} @anyvm    deny
 ## vim:ft=qrexecpolicy