# SPDX-FileCopyrightText: 2023 The Qubes OS Project # SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. # # SPDX-License-Identifier: GPL-2.0-only ## Do not modify this file, create a new policy with with a lower number in the ## file name instead. For example `30-user.policy`. ## TODO: split-gpg2 configuration for isolated_gnupghomedirs. qubes.Gpg2 * {{ sls_path }} @default allow target=sys-pgp qusal.GitInit +qubes-builder {{ sls_path }} @default allow target=sys-git qusal.GitFetch +qubes-builder {{ sls_path }} @default allow target=sys-git qusal.GitPush +qubes-builder {{ sls_path }} @default ask target=sys-git default_target=sys-git qusal.SshAgent +qubes-builder {{ sls_path }} @default allow target=sys-ssh-agent qusal.SshAgent +qubes-builder {{ sls_path }} @anyvm deny admin.vm.CreateDisposable * {{ sls_path }} dom0 allow admin.vm.CreateDisposable * {{ sls_path }} dvm-qubes-builder allow target=dom0 admin.vm.Start * {{ sls_path }} @tag:disp-created-by-{{ sls_path }} allow target=dom0 admin.vm.Kill * {{ sls_path }} @tag:disp-created-by-{{ sls_path }} allow target=dom0 qubesbuilder.FileCopyIn * {{ sls_path }} @tag:disp-created-by-{{ sls_path }} allow qubesbuilder.FileCopyOut * {{ sls_path }} @tag:disp-created-by-{{ sls_path }} allow qubes.Filecopy * {{ sls_path }} @tag:disp-created-by-{{ sls_path }} allow qubes.WaitForSession * {{ sls_path }} @tag:disp-created-by-{{ sls_path }} allow qubes.VMShell * {{ sls_path }} @tag:disp-created-by-{{ sls_path }} allow ## vim:ft=qrexecpolicy