Open marmarek opened 9 years ago
e.g. policy for containers tagged as "corporate" should be hashable separate from the policy applicable to other containers, e.g. personal
Is it a goal to enable a single qubes machine to both have policy enforced by a remote administrator and simultaneously be trustworthy for personal (private) use!?
It's indeed tricky. But I think it's possible. The basic idea is "management VM can manage only VMs it created". This also applies to templates etc. Some more design documentation will be soon.
I think maybe this can be closed now?
I think maybe this can be closed now?
My impression is that it may not be completely done yet, but I'm curious what @marmarek thinks.
Reported by joanna on 2 Jun 2014 12:51 UTC Should include:
Some properties we want:
Migrated-From: https://wiki.qubes-os.org/ticket/867