Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign upVMAuth qubes-rpc policy for sudo prompts for target VM #3270
Comments
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment
Hide comment
marmarek
Nov 2, 2017
Member
Indeed instruction should be updated, to include
"ask,default_target=dom0" in policy.
…--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
|
Indeed instruction should be updated, to include
"ask,default_target=dom0" in policy.
…--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
|
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment
Hide comment
tasket
Nov 2, 2017
On 11/02/17 12:11, Marek Marczykowski-Górecki wrote:
Indeed instruction should be updated, to include
"ask,default_target=dom0" in policy.
Would this cause a problem for R3.2, or would it ignore the extra parameter?
…--
Chris Laprise, tasket@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
tasket
commented
Nov 2, 2017
|
On 11/02/17 12:11, Marek Marczykowski-Górecki wrote:
Indeed instruction should be updated, to include
"ask,default_target=dom0" in policy.
Would this cause a problem for R3.2, or would it ignore the extra parameter?
…--
Chris Laprise, tasket@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
|
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment
Hide comment
marmarek
Nov 2, 2017
Member
On Thu, Nov 02, 2017 at 04:23:17PM +0000, tasket wrote:
On 11/02/17 12:11, Marek Marczykowski-Górecki wrote:
> Indeed instruction should be updated, to include
> "ask,default_target=dom0" in policy.
>
Would this cause a problem for R3.2, or would it ignore the extra parameter?
It should work (ignore extra parameters).
…--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
|
On Thu, Nov 02, 2017 at 04:23:17PM +0000, tasket wrote:
On 11/02/17 12:11, Marek Marczykowski-Górecki wrote:
> Indeed instruction should be updated, to include
> "ask,default_target=dom0" in policy.
>
Would this cause a problem for R3.2, or would it ignore the extra parameter?
It should work (ignore extra parameters).
…--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
|
andrewdavidwong
added
C: doc
task
labels
Nov 2, 2017
andrewdavidwong
added this to the
Documentation/website milestone
Nov 2, 2017
tasket
referenced this issue
in QubesOS/qubes-doc
Jan 10, 2018
Merged
Add policy parameter for R4.0 #510
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment
Hide comment
tasket
commented
Jan 10, 2018
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment
Hide comment
|
Thanks @tasket ! |
marmarek
closed this
Jan 19, 2018
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
tasket commentedNov 2, 2017
Qubes OS version:
R4.0rc2
Affected TemplateVMs:
all
Steps to reproduce the behavior:
Configure system for sudo prompting:
https://www.qubes-os.org/doc/vm-sudo/
Then run a 'sudo' command in a guest CLI
Expected behavior:
User gets a dom0 prompt asking only Yes/No (defaults to Yes so user can hit Enter)
Actual behavior:
User gets a dom0 prompt for inputting the name of a target VM
General notes:
This adds a level of potential confusion over auth prompts. There should be a way to specify in the policy whether or not user is prompted for a destination/target.
Related issues: