Centralized Qubes Policy

marmarek commented 9 years ago

Reported by joanna on 2 Jun 2014 12:51 UTC Should include:

qrexec policy (including improvements tracked by #865 -- tag-based rules)
networking inter-VM policy
Admin API policy (if not covered by qrexec policy), see #853
Policy for specific Qubes applications (e.g. for magic MIME handlers)

Some properties we want:

hashable (for remote attestation)
easily backup'able
easily decomposable into parts (?) (e.g. policy for containers tagged as "corporate" should be hashable separate from the policy applicable to other containers, e.g. personal).

Migrated-From: https://wiki.qubes-os.org/ticket/867

jpouellet commented 7 years ago

e.g. policy for containers tagged as "corporate" should be hashable separate from the policy applicable to other containers, e.g. personal

Is it a goal to enable a single qubes machine to both have policy enforced by a remote administrator and simultaneously be trustworthy for personal (private) use!?

marmarek commented 7 years ago

It's indeed tricky. But I think it's possible. The basic idea is "management VM can manage only VMs it created". This also applies to templates etc. Some more design documentation will be soon.

jpouellet commented 5 years ago

I think maybe this can be closed now?

andrewdavidwong commented 5 years ago

I think maybe this can be closed now?

My impression is that it may not be completely done yet, but I'm curious what @marmarek thinks.

QubesOS / qubes-issues

Centralized Qubes Policy #867