Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add option to hide 'internal' qubes in qube manager #8042

Closed
marmarta opened this issue Feb 14, 2023 · 17 comments · Fixed by QubesOS/qubes-manager#341
Closed

Add option to hide 'internal' qubes in qube manager #8042

marmarta opened this issue Feb 14, 2023 · 17 comments · Fixed by QubesOS/qubes-manager#341
Assignees
@marmarta
Labels
C: manager/widget P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. r4.2-host-stable r4.2-vm-bookworm-stable r4.2-vm-bullseye-stable r4.2-vm-centos-stream8-stable r4.2-vm-fc36-stable r4.2-vm-fc37-stable r4.2-vm-fc38-stable ux User experience
Milestone
Release 4.2

Comments

@marmarta
Copy link
Member

The problem you're addressing (if any)

It would be nice to add a Internal filter to qube manager

Potentially even set it to not show internal qubes by default?

The solution you'd like

Have a View -> Show/hide internal qubes or Filter -> [] Internal

The value to a user, and who that user might be

Less technical users; people with complex setups.
@marmarta marmarta added T: enhancement C: manager/widget P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. labels Feb 14, 2023
@marmarta marmarta self-assigned this Feb 14, 2023
@andrewdavidwong
Copy link
Member

Related: #6604

@andrewdavidwong andrewdavidwong added the ux User experience label Feb 15, 2023
@andrewdavidwong andrewdavidwong added this to the Release TBD milestone Feb 15, 2023
@andrewdavidwong andrewdavidwong mentioned this issue Feb 27, 2023
Closed
@cfm
Copy link

cfm commented Mar 1, 2023

Thanks for filing this, @marmarta! Our use-case is described in freedomofpress/securedrop-workstation#857, where we want to prevent users from accessing SecureDrop Workstation‒provisioned VMs and their applications except through specific entry-points we provide. For the purpose of this ticket, we also want to prevent users from being able to reconfigure SecureDrop Workstation‒provisioned VMs in the Qube Manager, for example by selecting a kernel other than the grsec-hardened one we provide.

@DemiMarie
Copy link

@cfm Obviously, this will not prevent someone from doing this intentionally (you need sys-gui for that).

@andrewdavidwong
Copy link
Member

andrewdavidwong commented Mar 2, 2023
edited
Loading

Thanks for filing this, @marmarta! Our use-case is described in freedomofpress/securedrop-workstation#857, where we want to prevent users from accessing SecureDrop Workstation‒provisioned VMs and their applications except through specific entry-points we provide. For the purpose of this ticket, we also want to prevent users from being able to reconfigure SecureDrop Workstation‒provisioned VMs in the Qube Manager, for example by selecting a kernel other than the grsec-hardened one we provide.

This, to me, sounds like a much more general feature request than the one described in this issue. I might be wrong, but I would think that trying to use any future "hide internal qubes in Qube Manager" feature in order to hide other types of qubes would likely constitute an unintended and out-of-scope (ab)use of that feature. If so, I'd suggest opening a separate feature request issue.

(This is based on the assumption that "internal" qubes are specified by the system itself and aren't intended to be user-specifiable. If my assumption is wrong, and the Qubes developers do intend for administrators or users to be able to create their own "internal" qubes, then perhaps this is the right issue after all.)

@cfm
Copy link

cfm commented Mar 2, 2023

Thanks, @andrewdavidwong. I'll flag that distinction in freedomofpress/securedrop-workstation#857, and we'll stay tuned for clarification. :-)

We've drafted a follow-up ticket to request this more-general feature, which we'll file next week once we've confirmed the intended scope on our side.

This was referenced Mar 2, 2023
Merged
Open
@marmarta marmarta mentioned this issue Mar 14, 2023
Merged
@andrewdavidwong andrewdavidwong modified the milestones: Release TBD, Release 4.2 Mar 14, 2023
@qubesos-bot qubesos-bot mentioned this issue May 24, 2023
Closed
@qubesos-bot
Copy link

Automated announcement from builder-github

The package manager has been pushed to the r4.2 testing repository for the Debian template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing bullseye-testing (or appropriate equivalent for your template version), then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

@qubesos-bot
Copy link

Automated announcement from builder-github

The package manager has been pushed to the r4.2 testing repository for the Debian template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list by uncommenting the line containing bookworm-testing (or appropriate equivalent for your template version), then use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

@qubesos-bot
Copy link

Automated announcement from builder-github

The package manager has been pushed to the r4.2 testing repository for the CentOS centos-stream8 template.
To test this update, please install it with the following command:

sudo yum update --enablerepo=qubes-vm-r4.2-current-testing

Changes included in this update

@qubesos-bot
Copy link

Automated announcement from builder-github

The component manager (including package manager) has been pushed to the r4.2 testing repository for the Fedora template.
To test this update, please install it with the following command:

sudo dnf update --enablerepo=qubes-vm-r4.2-current-testing

Changes included in this update

@qubesos-bot
Copy link

Automated announcement from builder-github

The component manager (including package manager) has been pushed to the r4.2 testing repository for the Fedora template.
To test this update, please install it with the following command:

sudo dnf update --enablerepo=qubes-vm-r4.2-current-testing

Changes included in this update

@qubesos-bot
Copy link

Automated announcement from builder-github

The component manager (including package manager) has been pushed to the r4.2 testing repository for the Fedora template.
To test this update, please install it with the following command:

sudo dnf update --enablerepo=qubes-vm-r4.2-current-testing

Changes included in this update

@qubesos-bot
Copy link

Automated announcement from builder-github

The package manager has been pushed to the r4.2 stable repository for the CentOS centos-stream8 template.
To install this update, please use the standard update command:

sudo yum update

Changes included in this update

@qubesos-bot
Copy link

Automated announcement from builder-github

The package manager has been pushed to the r4.2 stable repository for the Debian template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

@qubesos-bot
Copy link

Automated announcement from builder-github

The package manager has been pushed to the r4.2 stable repository for the Debian template.
To install this update, please use the standard update command:

sudo apt-get update && sudo apt-get dist-upgrade

Changes included in this update

@qubesos-bot
Copy link

Automated announcement from builder-github

The component manager (including package manager) has been pushed to the r4.2 stable repository for the Fedora template.
To install this update, please use the standard update command:

sudo dnf update

Changes included in this update

@qubesos-bot
Copy link

Automated announcement from builder-github

The component manager (including package manager) has been pushed to the r4.2 stable repository for the Fedora template.
To install this update, please use the standard update command:

sudo dnf update

Changes included in this update

@qubesos-bot
Copy link

Automated announcement from builder-github

The component manager (including package manager) has been pushed to the r4.2 stable repository for the Fedora template.
To install this update, please use the standard update command:

sudo dnf update

Changes included in this update

@andrewdavidwong andrewdavidwong mentioned this issue Oct 28, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marmarta marmarta

Labels
C: manager/widget P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. r4.2-host-stable r4.2-vm-bookworm-stable r4.2-vm-bullseye-stable r4.2-vm-centos-stream8-stable r4.2-vm-fc36-stable r4.2-vm-fc37-stable r4.2-vm-fc38-stable ux User experience
Projects
None yet
Milestone
Release 4.2
Development

Successfully merging a pull request may close this issue.

Add a "show internal" option to Qube Manager marmarta/qubes-manager
5 participants
@cfm @DemiMarie @marmarta @andrewdavidwong @qubesos-bot