/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

qrexec-policy-graph: --target specification is ignored #3006

Closed
rootkovska opened this Issue Aug 10, 2017 · 6 comments

Comments

Assignees

@marmarek marmarek

Labels
Projects
None yet
Milestone
  Release 4.0
3 participants
@rootkovska @marmarek @qubesos-bot
@rootkovska
Member

rootkovska commented Aug 10, 2017

No description provided.

@rootkovska rootkovska added bug C: core labels Aug 10, 2017

@rootkovska rootkovska added this to the Release 4.0 milestone Aug 10, 2017

@rootkovska rootkovska assigned marmarek Aug 10, 2017

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Aug 10, 2017

Member

Can you give more details? I've just tried qrexec-policy-graph --target dom0 and indeed got only edges directed to dom0.
Member

marmarek commented Aug 10, 2017

Can you give more details? I've just tried qrexec-policy-graph --target dom0 and indeed got only edges directed to dom0.
@rootkovska

This comment has been minimized.

Show comment
Hide comment
@rootkovska

rootkovska Aug 11, 2017

Member

Try with some VM? :)
Member

rootkovska commented Aug 11, 2017

Try with some VM? :)
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Aug 11, 2017

Member

Then I get different result. Which means that clearly it is not ignored.
Looks like the target is considered before handling target= override from policy. I guess you expect in the graph actual target domain, not what source VM can ask for (which may be later overriden by target=), right?
Member

marmarek commented Aug 11, 2017

Then I get different result. Which means that clearly it is not ignored.
Looks like the target is considered before handling target= override from policy. I guess you expect in the graph actual target domain, not what source VM can ask for (which may be later overriden by target=), right?
@rootkovska

This comment has been minimized.

Show comment
Hide comment
@rootkovska

rootkovska Aug 11, 2017

Member

Correct, and that's an important point you stressed! We want the graph to show the actual call paths that might happen.
Member

rootkovska commented Aug 11, 2017

Correct, and that's an important point you stressed! We want the graph to show the actual call paths that might happen.

marmarek added a commit to marmarek/qubes-core-admin that referenced this issue Aug 13, 2017

@marmarek
qubespolicy/graph: let --target option filter on actual call target 
Not on what VM can ask for (which may be later overriden by target=
option).

Fixes QubesOS/qubes-issues#3006
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
Loading status checks…
e88b77c

marmarek added a commit to marmarek/qubes-core-admin that referenced this issue Aug 14, 2017

@marmarek
qubespolicy/graph: let --target option filter on actual call target 
Not on what VM can ask for (which may be later overriden by target=
option).

Fixes QubesOS/qubes-issues#3006
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
10c6697

@marmarek marmarek referenced this issue in QubesOS/qubes-core-admin Aug 14, 2017

Merged

Policy related commits for 4.0 #144

@marmarek marmarek closed this in QubesOS/qubes-core-admin#144 Aug 16, 2017

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Aug 27, 2017

Automated announcement from builder-github

The package qubes-core-dom0-4.0.6-1.fc25 has been pushed to the r4.0 testing repository for dom0.
To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update

qubesos-bot commented Aug 27, 2017

Automated announcement from builder-github

The package qubes-core-dom0-4.0.6-1.fc25 has been pushed to the r4.0 testing repository for dom0.
To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update

@qubesos-bot qubesos-bot added the r4.0-dom0-cur-test label Aug 27, 2017

@qubesos-bot qubesos-bot referenced this issue in QubesOS/updates-status Aug 27, 2017

Closed

core-admin v4.0.6 (r4.0) #194

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Oct 30, 2017

Automated announcement from builder-github

The package qubes-core-dom0-4.0.11-1.fc25 has been pushed to the r4.0 stable repository for dom0.
To install this update, please use the standard update command:

sudo qubes-dom0-update

Or update dom0 via Qubes Manager.

Changes included in this update

qubesos-bot commented Oct 30, 2017

Automated announcement from builder-github

The package qubes-core-dom0-4.0.11-1.fc25 has been pushed to the r4.0 stable repository for dom0.
To install this update, please use the standard update command:

sudo qubes-dom0-update

Or update dom0 via Qubes Manager.

Changes included in this update

@qubesos-bot qubesos-bot added r4.0-dom0-stable and removed r4.0-dom0-cur-test labels Oct 30, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment