Centralized Qubes Policy #867

Open
marmarek opened this Issue Mar 8, 2015 · 2 comments

Comments

Projects
None yet
3 participants
@marmarek
Member

marmarek commented Mar 8, 2015

Reported by joanna on 2 Jun 2014 12:51 UTC
Should include:

  • qrexec policy (including improvements tracked by #865 -- tag-based rules)
  • networking inter-VM policy
  • Admin API policy (if not covered by qrexec policy), see #853
  • Policy for specific Qubes applications (e.g. for magic MIME handlers)

Some properties we want:

  • hashable (for remote attestation)
  • easily backup'able
  • easily decomposable into parts (?) (e.g. policy for containers tagged as "corporate" should be hashable separate from the policy applicable to other containers, e.g. personal).

Migrated-From: https://wiki.qubes-os.org/ticket/867

@marmarek marmarek added this to the Release 3 milestone Mar 8, 2015

@marmarek marmarek modified the milestones: Release 4.0, Release 3.0 May 13, 2015

andrewdavidwong added a commit that referenced this issue Jun 9, 2016

@jpouellet

This comment has been minimized.

Show comment
Hide comment
@jpouellet

jpouellet Dec 20, 2016

Contributor

e.g. policy for containers tagged as "corporate" should be hashable separate from the policy applicable to other containers, e.g. personal

Is it a goal to enable a single qubes machine to both have policy enforced by a remote administrator and simultaneously be trustworthy for personal (private) use!?

Contributor

jpouellet commented Dec 20, 2016

e.g. policy for containers tagged as "corporate" should be hashable separate from the policy applicable to other containers, e.g. personal

Is it a goal to enable a single qubes machine to both have policy enforced by a remote administrator and simultaneously be trustworthy for personal (private) use!?

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Dec 20, 2016

Member

It's indeed tricky. But I think it's possible. The basic idea is "management VM can manage only VMs it created". This also applies to templates etc. Some more design documentation will be soon.

Member

marmarek commented Dec 20, 2016

It's indeed tricky. But I think it's possible. The basic idea is "management VM can manage only VMs it created". This also applies to templates etc. Some more design documentation will be soon.

@jpouellet jpouellet referenced this issue in QubesOS/qubes-core-admin Apr 7, 2017

Merged

Core3 policy #97

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment