Phase out legacy qrexec policy files #8000

marmarek · 2023-01-24T23:53:47Z

The problem you're addressing (if any)

Legacy qrexec policy files (those in /etc/qubes-rpc/policy) are incompatible with GUI tool for setting policy, and hard to maintain via other automation while still allowing user to modify them manually.

New policy format (in /etc/qubes/policy.d) solves those issues, but legacy files (generally, when present) take precedence, limiting its usefulness.

The solution you'd like

Phase out legacy policy files in new installs
Provide conversion tool for existing user-customized setups.

The value to a user, and who that user might be

More possible value from GUI tools and other automation for policy management.

New policy should be placed in /etc/qubes/policy.d. But don't place any explicit defaults and rely on implicit deny by default. This way it's easier to integrate with custom policies and GUI tools. QubesOS/qubes-issues#8000

QubesOS/qubes-issues#8000

It doesn't make sense in qubes-core-dom0-linux package, which has nothing to do with appmenus (anymore). QubesOS/qubes-issues#8000

1. Convert qubes.ReceiveUpdates to 90-default-linux.policy 2. Move qubes.SyncAppMenus to 90-default.policy in core-admin 3. Drop qubes.repos.*, since those are "deny" by default anyway QubesOS/qubes-issues#8000

New policy editor / global config handles Split-GPG policy now, don't get in its way. QubesOS/qubes-issues#8000

1. Convert qubes.ReceiveUpdates to 90-default-linux.policy 2. Move qubes.SyncAppMenus to 90-default.policy in core-admin 3. Drop qubes.repos.*, since those are "deny" by default anyway QubesOS/qubes-issues#8000

marmarek · 2023-05-25T10:25:16Z

The conversion tool should take care to not duplicate default rules, and should put user-defined rules into 30-user.policy file. The high level idea should be: if user did not modified the (old) policy, the conversion should result in no extra rules (so it will rely on 90-default.policy etc). If user have modified it, the conversion should only add those custom rules and not duplicate the default ones (as long as possible while preserving their semantics). Especially, explicit deny at the end should not be added (should rely on implicit one, or one in default rules), as long as it doesn't change the policy semantic.
The reasoning is that in R4.2 we have many GUI tools to manipulate the policy and they operate on 50- policy files. User custom rules (intentionally) take precedence, so to make the GUI tools as useful as possible, better not generate spurious custom rules.

A stretch goal is to detect policy patterns supported by GUI tools and put those into appropriate 50- policy files (for example for input proxy or split-gpg). But this need to be done carefully, as GUI global config supports only some specific rule patterns, not arbitrary rules for every service.

Make it add rules into /etc/qubes/policy.d/60-registered-arguments.policy, instead of legacy /etc/qubes-rpc/policy. Since the new format can have multiple rules in a single file, locking is necessary. Do it the same way as other policy.* services, so it's coordinated too. QubesOS/qubes-issues#8000

qubesos-bot · 2023-10-10T23:57:46Z

Automated announcement from builder-github

The component core-qrexec (including package core-qrexec) has been pushed to the r4.2 testing repository for the Fedora template.
To test this update, please install it with the following command:

sudo dnf update --enablerepo=qubes-vm-r4.2-current-testing

Changes included in this update

Do it when building R4.2 package only. QubesOS/qubes-issues#8000

qubesos-bot · 2023-10-26T11:14:58Z

Automated announcement from builder-github

The package core-qrexec has been pushed to the r4.2 stable repository for the CentOS centos-stream8 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

qubesos-bot · 2023-10-26T11:17:23Z

Automated announcement from builder-github

The package core-qrexec has been pushed to the r4.2 stable repository for the Debian template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

qubesos-bot · 2023-10-26T11:17:52Z

Automated announcement from builder-github

The package core-qrexec has been pushed to the r4.2 stable repository for the Debian template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

qubesos-bot · 2023-10-26T11:38:10Z

Automated announcement from builder-github

The component core-qrexec (including package core-qrexec) has been pushed to the r4.2 stable repository for the Fedora template.
To install this update, please use the standard update command:

sudo dnf update

Changes included in this update

qubesos-bot · 2023-10-26T11:38:49Z

Automated announcement from builder-github

The component core-qrexec (including package core-qrexec) has been pushed to the r4.2 stable repository for the Fedora template.
To install this update, please use the standard update command:

sudo dnf update

Changes included in this update

qubesos-bot · 2023-10-26T11:39:26Z

Automated announcement from builder-github

The component core-qrexec (including package core-qrexec) has been pushed to the r4.2 stable repository for the Fedora template.
To install this update, please use the standard update command:

sudo dnf update

Changes included in this update

marmarek added T: enhancement C: core C: mgmt P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. labels Jan 24, 2023

marmarek added this to the Release 4.2 milestone Jan 24, 2023

marmarek mentioned this issue Jan 24, 2023

Drop legacy policy files in R4.2 QubesOS/qubes-app-linux-input-proxy#27

Merged

marmarek added a commit to marmarek/qubes-mgmt-salt-dom0-virtual-machines that referenced this issue Feb 2, 2023

Use new policy format

81eab07

QubesOS/qubes-issues#8000

This was referenced Feb 2, 2023

Changes for R4.2 QubesOS/qubes-mgmt-salt-dom0-virtual-machines#51

Merged

Prepare R4.1 -> R4.2 upgrade tool #7832

Closed

marmarek added a commit to QubesOS/qubes-core-admin that referenced this issue Feb 2, 2023

Move policy for qubes.SyncAppMenus

8caec0a

It doesn't make sense in qubes-core-dom0-linux package, which has nothing to do with appmenus (anymore). QubesOS/qubes-issues#8000

marmarek mentioned this issue Feb 2, 2023

Convert policy to the new format QubesOS/qubes-core-admin-linux#115

Merged

marmarek added a commit to marmarek/qubes-app-linux-split-gpg that referenced this issue Feb 3, 2023

Don't install policy on R4.2

612fcb0

New policy editor / global config handles Split-GPG policy now, don't get in its way. QubesOS/qubes-issues#8000

marmarek mentioned this issue Feb 3, 2023

Don't install policy on R4.2 QubesOS/qubes-app-linux-split-gpg#93

Merged

This was referenced Mar 4, 2023

app-linux-split-gpg v2.0.66 (r4.2) QubesOS/updates-status#3590

Closed

app-linux-input-proxy v1.0.31 (r4.2) QubesOS/updates-status#3593

Closed

marmarek mentioned this issue Jul 8, 2023

Make policy.RegisterArgument use new policy format QubesOS/qubes-core-qrexec#120

Merged

qubesos-bot added the r4.2-vm-fc39-cur-test label Oct 10, 2023

marmarek added a commit to marmarek/qubes-app-linux-pdf-converter that referenced this issue Oct 12, 2023

Migrate to new policy format

bfe9610

Do it when building R4.2 package only. QubesOS/qubes-issues#8000

marmarek mentioned this issue Oct 12, 2023

Migrate to new policy format QubesOS/qubes-app-linux-pdf-converter#29

Merged

marmarek added a commit to marmarek/qubes-app-linux-pdf-converter that referenced this issue Oct 12, 2023

Migrate to new policy format

c1d3d73

Do it when building R4.2 package only. QubesOS/qubes-issues#8000

This was referenced Oct 13, 2023

app-linux-pdf-converter v2.1.19 (r4.2) QubesOS/updates-status#4125

Closed

app-linux-pdf-converter v2.1.19 (r4.1) QubesOS/updates-status#4126

Closed

qubesos-bot added r4.2-vm-centos-stream8-stable and removed r4.2-vm-centos-stream8-cur-test labels Oct 26, 2023

qubesos-bot added r4.2-vm-bullseye-stable and removed r4.2-vm-bullseye-cur-test labels Oct 26, 2023

qubesos-bot added r4.2-vm-bookworm-stable and removed r4.2-vm-bookworm-cur-test labels Oct 26, 2023

qubesos-bot added r4.2-vm-fc37-stable and removed r4.2-vm-fc37-cur-test labels Oct 26, 2023

qubesos-bot added r4.2-vm-fc38-stable and removed r4.2-vm-fc38-cur-test labels Oct 26, 2023

qubesos-bot added r4.2-vm-fc39-stable r4.2-host-stable and removed r4.2-vm-fc39-cur-test r4.2-host-cur-test labels Oct 26, 2023

qubesos-bot mentioned this issue Jan 7, 2024

app-linux-pdf-converter v2.1.19 (r4.2) QubesOS/updates-status#4271

Closed

qubesos-bot mentioned this issue Feb 5, 2024

app-linux-pdf-converter v2.1.19 (r4.2) QubesOS/updates-status#4386

Closed

qubesos-bot mentioned this issue Apr 18, 2024

app-linux-pdf-converter v2.1.19 (r4.3) QubesOS/updates-status#4532

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Phase out legacy qrexec policy files #8000

Phase out legacy qrexec policy files #8000

marmarek commented Jan 24, 2023

marmarek commented May 25, 2023

qubesos-bot commented Oct 10, 2023

qubesos-bot commented Oct 26, 2023

qubesos-bot commented Oct 26, 2023

qubesos-bot commented Oct 26, 2023

qubesos-bot commented Oct 26, 2023

qubesos-bot commented Oct 26, 2023

qubesos-bot commented Oct 26, 2023

Phase out legacy qrexec policy files #8000

Phase out legacy qrexec policy files #8000

Comments

marmarek commented Jan 24, 2023

The problem you're addressing (if any)

The solution you'd like

The value to a user, and who that user might be

marmarek commented May 25, 2023

qubesos-bot commented Oct 10, 2023

qubesos-bot commented Oct 26, 2023

qubesos-bot commented Oct 26, 2023

qubesos-bot commented Oct 26, 2023

qubesos-bot commented Oct 26, 2023

qubesos-bot commented Oct 26, 2023

qubesos-bot commented Oct 26, 2023