-
-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add tags and features to pillar #17
Conversation
Tags are probably fine, but all features I'd be more careful about. Including them in pillar means the VM will indirectly learn them. Some are explicitly published into qubesdb (see qvm-features man page), but not all, and this is the API for any 3rd-party extension to store extra data about the qube, which may include some secrets. |
Then an enumeration/allow-list of features can be made. From the manpage, only How to choose what is okay to be published? Are the ones listed in the manpage for qvm-features allowed to be published? If you think this will complicate too much the PR, I can separate the tags from the features on different PRs. |
This is a very good question. Definitely So, I'd go with the safe list above, and if anybody needs something else, it can be made configurable or such, to avoid having some long/complex list hardcoded. |
Oh, and just noticed the |
68c7473
to
a5f5bdd
Compare
FWIW, when thinking about what features may be safe to expose to the VMs or not, I considered creating a custom namespace (as in That seemed to me more practical than allowlisting individual features, which felt like it would be pushing the problem one config file further. Unless I'm wrong, the namespace implementation wouldn't require new code, only documenting the convention so that no-one accidentally creates features which name will make them be exposed to VMs. Of course, the name chosen for that namespace could also go a long way in preventing surprises. |
I agree it would be better to do that directly to
I believe it would need new code on the qubesadmin side, at least to report via a new My latest commit only covers those two classes of features, but in the future, it makes sense to do that directly to |
That's interesting idea, but I think it's okay to defer adding it until there will be a need for a second user of such function. |
Original version: https://github.com/gonzalo-bulnes/qubes-mgmt-salt-user
Opened discussion at https://www.mail-archive.com/qubes-devel@googlegroups.com/msg05459.html, no response, maybe a PR helps.