Skip to content

Commit

Permalink
port to new policy format
Browse files Browse the repository at this point in the history 
fixes #12
  • Loading branch information
@adrelanos
adrelanos committed Feb 9, 2022
1 parent e96408c commit 71ffd29
Show file tree
Hide file tree
Showing 6 changed files with 24 additions and 9 deletions.
2 changes: 2 additions & 0 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,5 @@ install:
cp qubes-rpc-policy/whonix.GatewayCommand.policy $(DESTDIR)/etc/qubes-rpc/policy/whonix.GatewayCommand
cp qubes-rpc-policy/whonix.NewStatus.policy $(DESTDIR)/etc/qubes-rpc/policy/whonix.NewStatus
cp qubes-rpc-policy/whonix.SdwdateStatus.policy $(DESTDIR)/etc/qubes-rpc/policy/whonix.SdwdateStatus
mkdir -p $(DESTDIR)/etc/qubes/policy.d/
cp qubes-rpc-policy/80-whonix.policy $(DESTDIR)/etc/qubes/policy.d/80-whonix.policy
13 changes: 13 additions & 0 deletions qubes-rpc-policy/80-whonix.policy
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
# service arg source target action params

whonix.SdwdateStatus * @tag:anon-gateway @tag:anon-vm allow autostart=no
whonix.SdwdateStatus * sys-whonix @tag:anon-vm allow autostart=no
whonix.SdwdateStatus * @anyvm @anyvm deny

whonix.NewStatus * @tag:anon-vm @tag:anon-gateway allow autostart=no
whonix.NewStatus * @tag:anon-vm sys-whonix allow autostart=no
whonix.NewStatus * @anyvm @anyvm deny

whonix.GatewayCommand * @tag:anon-gateway @tag:anon-vm allow autostart=no
whonix.GatewayCommand * sys-whonix @tag:anon-vm allow autostart=no
whonix.GatewayCommand * @anyvm @anyvm deny
5 changes: 2 additions & 3 deletions qubes-rpc-policy/whonix.GatewayCommand.policy
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,2 @@
$tag:anon-gateway $tag:anon-vm allow,autostart=no
sys-whonix $tag:anon-vm allow,autostart=no
$anyvm $anyvm deny
# Legacy. This file does nothing and will be removed in a future release. See:
# /etc/qubes/policy.d/80-whonix.policy
5 changes: 2 additions & 3 deletions qubes-rpc-policy/whonix.NewStatus.policy
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,2 @@
$tag:anon-vm $tag:anon-gateway allow,autostart=no
$tag:anon-vm sys-whonix allow,autostart=no
$anyvm $anyvm deny
# Legacy. This file does nothing and will be removed in a future release. See:
# /etc/qubes/policy.d/80-whonix.policy
5 changes: 2 additions & 3 deletions qubes-rpc-policy/whonix.SdwdateStatus.policy
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,2 @@
$tag:anon-gateway $tag:anon-vm allow,autostart=no
sys-whonix $tag:anon-vm allow,autostart=no
$anyvm $anyvm deny
# Legacy. This file does nothing and will be removed in a future release. See:
# /etc/qubes/policy.d/80-whonix.policy
3 changes: 3 additions & 0 deletions rpm_spec/qubes-core-admin-addon-whonix.spec.in
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,9 +30,12 @@ make %{?_smp_mflags}
%doc README.md
%{python3_sitelib}/qubeswhonix-*.egg-info
%{python3_sitelib}/qubeswhonix
# legacy 4.0 policy format
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/whonix.GatewayCommand
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/whonix.NewStatus
%attr(0664,root,qubes) %config(noreplace) /etc/qubes-rpc/policy/whonix.SdwdateStatus
# new 5.0 policy format
%attr(0664,root,qubes) %config(noreplace) /etc/qubes/policy.d/80-whonix.policy

%changelog

0 comments on commit 71ffd29

Please sign in to comment.