qusal/salt/qubes-builder/files/admin/policy/default.policy
Ben Grande b52e4b1b63 fix: strict split-gpg2 service
Split-gpg V1 allowed for querying public keys, but as split-gpg2 is
running as an agent, public keys are not queried. Allowing connection to
the server to query only public parts of the key exposes the server more
than needed to the client.

All clients now have to hold the public key they need locally in order
to do GPG operations.
2023-12-28 11:47:41 +01:00

27 lines
1.3 KiB
Plaintext

# SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
## Do not modify this file, create a new policy with with a lower number in the
## file name instead. For example `30-user.policy`.
qubes.Gpg2 * {{ sls_path }} @default ask target=sys-pgp
qusal.GitInit +qubes-builder {{ sls_path }} @default allow target=sys-git
qusal.GitFetch +qubes-builder {{ sls_path }} @default allow target=sys-git
qusal.GitPush +qubes-builder {{ sls_path }} @default ask target=sys-git
qusal.SshAgent +qubes-builder {{ sls_path }} @default allow target=sys-ssh-agent
qusal.SshAgent +qubes-builder {{ sls_path }} @anyvm deny
admin.vm.CreateDisposable * {{ sls_path }} dom0 allow
admin.vm.CreateDisposable * {{ sls_path }} dvm-qubes-builder allow target=dom0
admin.vm.Start * {{ sls_path }} @tag:disp-created-by-{{ sls_path }} allow target=dom0
admin.vm.Kill * {{ sls_path }} @tag:disp-created-by-{{ sls_path }} allow target=dom0
qubesbuilder.FileCopyIn * {{ sls_path }} @tag:disp-created-by-{{ sls_path }} allow
qubesbuilder.FileCopyOut * {{ sls_path }} @tag:disp-created-by-{{ sls_path }} allow
qubes.WaitForSession * {{ sls_path }} @tag:disp-created-by-{{ sls_path }} allow
qubes.VMShell * {{ sls_path }} @tag:disp-created-by-{{ sls_path }} allow
## vim:ft=qrexecpolicy