Closed marmarek closed 1 year ago
Is there anywhere a complete specification (as in, not "read the code and deduce what happens") of the qubes-u2f policy and how it works?
@marmarta nope, sorry! There probably should be, though. @piotrbartman?
See https://github.com/QubesOS/qubes-app-u2f/blob/main/Documentation/qrexec-transport.rst and the main README in the repo
Automated announcement from builder-github
The package desktop-linux-manager
has been pushed to the r4.2
testing repository for the Debian template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list
by uncommenting the line containing bullseye-testing
(or appropriate equivalent for your template version), then use the standard update command:
sudo apt-get update && sudo apt-get dist-upgrade
Automated announcement from builder-github
The package desktop-linux-manager
has been pushed to the r4.2
testing repository for the Debian template.
To test this update, first enable the testing repository in /etc/apt/sources.list.d/qubes-*.list
by uncommenting the line containing bookworm-testing
(or appropriate equivalent for your template version), then use the standard update command:
sudo apt-get update && sudo apt-get dist-upgrade
Automated announcement from builder-github
The component desktop-linux-manager
(including package desktop-linux-manager
) has been pushed to the r4.2
testing repository for the Fedora template.
To test this update, please install it with the following command:
sudo dnf update --enablerepo=qubes-vm-r4.2-current-testing
Automated announcement from builder-github
The package desktop-linux-manager
has been pushed to the r4.2
testing repository for the CentOS centos-stream8
template.
To test this update, please install it with the following command:
sudo yum update --enablerepo=qubes-vm-r4.2-current-testing
Automated announcement from builder-github
The component desktop-linux-manager
(including package desktop-linux-manager
) has been pushed to the r4.2
testing repository for the Fedora template.
To test this update, please install it with the following command:
sudo dnf update --enablerepo=qubes-vm-r4.2-current-testing
Automated announcement from builder-github
The component desktop-linux-manager
(including package desktop-linux-manager
) has been pushed to the r4.2
testing repository for the Fedora template.
To test this update, please install it with the following command:
sudo dnf update --enablerepo=qubes-vm-r4.2-current-testing
Automated announcement from builder-github
The package desktop-linux-manager
has been pushed to the r4.2
stable repository for the CentOS centos-stream8
template.
To install this update, please use the standard update command:
sudo yum update
Automated announcement from builder-github
The package desktop-linux-manager
has been pushed to the r4.2
stable repository for the Debian template.
To install this update, please use the standard update command:
sudo apt-get update && sudo apt-get dist-upgrade
Automated announcement from builder-github
The package desktop-linux-manager
has been pushed to the r4.2
stable repository for the Debian template.
To install this update, please use the standard update command:
sudo apt-get update && sudo apt-get dist-upgrade
Automated announcement from builder-github
The component desktop-linux-manager
(including package desktop-linux-manager
) has been pushed to the r4.2
stable repository for the Fedora template.
To install this update, please use the standard update command:
sudo dnf update
Automated announcement from builder-github
The component desktop-linux-manager
(including package desktop-linux-manager
) has been pushed to the r4.2
stable repository for the Fedora template.
To install this update, please use the standard update command:
sudo dnf update
Automated announcement from builder-github
The component desktop-linux-manager
(including package desktop-linux-manager
) has been pushed to the r4.2
stable repository for the Fedora template.
To install this update, please use the standard update command:
sudo dnf update
How to file a helpful issue
Qubes OS release
R4.2
Brief summary
A policy rule with explicit argument is parsed by settings as with wildcard argument and lands in section "Allow some qubes to access ALL keys stored on your U2F device".
Steps to reproduce
1.Add rule like
u2f.Authenticate +8972493827349823 some-vm sys-usb allow
to/etc/qubes/policy.d/50-config-u2f.policy
Expected behavior
Either rule listed as unknown, or properly displayed as permission for a specific key (no section for that right now).
Actual behavior
Qube is listed as having access to all the keys.