mirror of
https://github.com/ben-grande/qusal.git
synced 2024-12-23 14:39:23 -05:00
fix: strict split-gpg2 service
Split-gpg V1 allowed for querying public keys, but as split-gpg2 is running as an agent, public keys are not queried. Allowing connection to the server to query only public parts of the key exposes the server more than needed to the client. All clients now have to hold the public key they need locally in order to do GPG operations.
This commit is contained in:
parent
76079d2c7e
commit
b52e4b1b63
@ -26,8 +26,6 @@ prefs:
|
||||
- autostart: False
|
||||
- include_in_backups: True
|
||||
features:
|
||||
- enable:
|
||||
- service.split-gpg2-client
|
||||
- disable:
|
||||
- service.cups
|
||||
- service.cups-browsed
|
||||
|
@ -38,6 +38,7 @@ prefs:
|
||||
- autostart: False
|
||||
features:
|
||||
- enable:
|
||||
- service.split-gpg2-client
|
||||
- service.shutdown-idle
|
||||
- disable:
|
||||
- service.cups
|
||||
|
@ -54,8 +54,8 @@ qubesctl --skip-dom0 --targets=qubes-builder state.apply qubes-builder.configure
|
||||
## Access Control
|
||||
|
||||
The policy is based on `qubes-builderv2/rpc/50-qubesbuilder.policy`.
|
||||
Extra services added are `qubes.Gpg`, `qubes.Gpg2`, `qusal.GitInit`,
|
||||
`qusal.GitFetch`, `qusal.GitPush`, `qusal.SshAgent`.
|
||||
Extra services added are `qubes.Gpg2`, `qusal.GitInit`, `qusal.GitFetch`,
|
||||
`qusal.GitPush`, `qusal.SshAgent`.
|
||||
|
||||
Out of these services, if an argument `+qubes-builder` can be specified to
|
||||
limit the scope, the action is `allowed`, else the action is to `ask`.
|
||||
|
@ -51,8 +51,8 @@ prefs:
|
||||
- vcpus: 4
|
||||
- default_dispvm: dvm-{{ slsdotpath }}
|
||||
features:
|
||||
# - enable:
|
||||
# - service.split-gpg2-client
|
||||
- enable:
|
||||
- service.split-gpg2-client
|
||||
- disable:
|
||||
- service.cups
|
||||
- service.cups-browsed
|
||||
|
@ -5,7 +5,6 @@
|
||||
## Do not modify this file, create a new policy with with a lower number in the
|
||||
## file name instead. For example `30-user.policy`.
|
||||
qubes.Gpg2 * {{ sls_path }} @default ask target=sys-pgp
|
||||
qubes.Gpg * {{ sls_path }} @default ask target=sys-pgp
|
||||
|
||||
qusal.GitInit +qubes-builder {{ sls_path }} @default allow target=sys-git
|
||||
qusal.GitFetch +qubes-builder {{ sls_path }} @default allow target=sys-git
|
||||
|
@ -30,9 +30,6 @@ features:
|
||||
- disable:
|
||||
- service.cups
|
||||
- service.cups-browsed
|
||||
# tags:
|
||||
# - add:
|
||||
# - split-gpg2-client
|
||||
{%- endload %}
|
||||
{{ load(defaults) }}
|
||||
|
||||
|
@ -53,10 +53,6 @@ Allow the `work` qubes to access `sys-pgp`, but not other qubes:
|
||||
qubes.Gpg2 * work sys-pgp ask default_target=sys-pgp
|
||||
qubes.Gpg2 * work @default ask target=sys-pgp default_target=sys-pgp
|
||||
qubes.Gpg2 * @anyvm @anyvm deny
|
||||
|
||||
qubes.Gpg * work sys-pgp ask default_target=sys-pgp
|
||||
qubes.Gpg * work @default ask target=sys-pgp default_target=sys-pgp
|
||||
qubes.Gpg * @anyvm @anyvm deny
|
||||
```
|
||||
|
||||
## Usage
|
||||
|
@ -6,6 +6,4 @@
|
||||
## file name instead. For example `30-user.policy`.
|
||||
qubes.Gpg2 * @anyvm @default ask target={{ sls_path }} default_target={{ sls_path }}
|
||||
qubes.Gpg2 * @anyvm @anyvm deny
|
||||
qubes.Gpg * @anyvm @default ask target={{ sls_path }} default_target={{ sls_path }}
|
||||
qubes.Gpg * @anyvm @anyvm deny
|
||||
## vim:ft=qrexecpolicy
|
||||
|
Loading…
Reference in New Issue
Block a user