search

tasket / Qubes-VM-hardening

Fend off malware at Qubes VM startup
GNU General Public License v3.0
74 stars 11 forks source link

Labeled configurations #35

Closed tasket closed 5 years ago

tasket commented 5 years ago

Allow user to define a configuration (whitelist, etc.) in '/etc/default/vms/@tags/' using label names instead of actual VM names.

This allows setup of a generic "vpn" config, for example, which the user can link to any VM they think requires the "vpn" config.

Linking could be done by specifying Qubes service names like vm-boot-tag-vpn.

adrelanos commented 5 years ago

How can one set a label in Qubes and how can the inside of the VM know the label?

tasket commented 5 years ago

@adrelanos Labels (actually 'tags') are known via Qubes services with a specific prefix (see here). This is now covered in the Readme.