Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign upRuntime exclusion criteria for VM tags/groups #2866
Comments
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
|
Related to: #865. |
andrewdavidwong
added
C: core
enhancement
labels
Jun 25, 2017
andrewdavidwong
added this to the Far in the future milestone
Jun 25, 2017
added a commit
to marmarek/qubes-core-admin-client
that referenced
this issue
Jul 7, 2017
added a commit
to marmarek/qubes-core-admin-client
that referenced
this issue
Jul 7, 2017
marmarek
closed this
in
QubesOS/qubes-core-admin-client@e6149b0
Jul 14, 2017
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
|
Wrong ticket number referenced. |
marmarek
reopened this
Jul 14, 2017
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
qubesos-bot
Jul 18, 2017
Automated announcement from builder-github
The package python2-qubesadmin-4.0.2-0.1.fc25 has been pushed to the r4.0 testing repository for dom0.
To test this update, please install it with the following command:
sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing
qubesos-bot
commented
Jul 18, 2017
|
Automated announcement from builder-github The package |
qubesos-bot
added
the
r4.0-dom0-cur-test
label
Jul 18, 2017
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
qubesos-bot
Jul 18, 2017
Automated announcement from builder-github
The package qubes-core-admin-client_4.0.2-1+deb8u1 has been pushed to the r4.0 testing repository for the Debian jessie template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing jessie-testing, then use the standard update command:
sudo apt-get update && sudo apt-get dist-upgrade
qubesos-bot
commented
Jul 18, 2017
|
Automated announcement from builder-github The package |
qubesos-bot
added
the
r4.0-jessie-cur-test
label
Jul 18, 2017
qubesos-bot
referenced this issue
in QubesOS/updates-status
Jul 18, 2017
Closed
core-admin-client v4.0.2 (r4.0) #145
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
qubesos-bot
Jul 18, 2017
Automated announcement from builder-github
The package qubes-core-admin-client_4.0.2-1+deb9u1 has been pushed to the r4.0 testing repository for the Debian stretch template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing stretch-testing, then use the standard update command:
sudo apt-get update && sudo apt-get dist-upgrade
qubesos-bot
commented
Jul 18, 2017
|
Automated announcement from builder-github The package |
qubesos-bot
added
the
r4.0-stretch-cur-test
label
Jul 18, 2017
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
qubesos-bot
Jul 18, 2017
Automated announcement from builder-github
The package python2-qubesadmin-4.0.2-0.1.fc24 has been pushed to the r4.0 testing repository for the Fedora fc24 template.
To test this update, please install it with the following command:
sudo yum update --enablerepo=qubes-vm-r4.0-current-testing
qubesos-bot
commented
Jul 18, 2017
|
Automated announcement from builder-github The package |
qubesos-bot
added
the
r4.0-fc24-cur-test
label
Jul 18, 2017
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
qubesos-bot
Jul 18, 2017
Automated announcement from builder-github
The package python2-qubesadmin-4.0.2-0.1.fc25 has been pushed to the r4.0 testing repository for the Fedora fc25 template.
To test this update, please install it with the following command:
sudo yum update --enablerepo=qubes-vm-r4.0-current-testing
qubesos-bot
commented
Jul 18, 2017
|
Automated announcement from builder-github The package |
tasket commentedJun 24, 2017
Security could be enhanced in Qubes systems if groups of VMs could have exclusion criteria enforced.
For example, an attempt to start a VM in
group Awould pause with a notification prompt that VMs fromungrouped|group B|any non-A VMor VM name pattern are running. It might also give the user the option to shutdown these excluded VMs before starting thegroup Amember.These exclusion criteria could be attached to the VM groups or tags.
Digression: It may also be helpful to attach other criteria to groups: proximity sensing, storage encryption keys allowing the user to manage per-VM encryption at a group level, etc.
The intent is to mitigate security issues such as side-channel or physical attacks. A possible side-benefit would be (if user organizes most appVMs in distinct groups) to effectively have a mechanism to switch between types of activity or workflow.
Related issues: