Re: [qubes-devel] qubes-policy-lint and qubes-policy-editor-terminal

2023-05-19 Thread Marek Marczykowski-Górecki 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

On Thu, May 18, 2023 at 06:20:06PM +, Ben Grande wrote:
> I created a standalone lint tool for the Qrexec policies, the name is
> qubes-policy-lint. It is a wrapper around qrexec.policy.parser
> TestPolicy|StringPolicy.
> 
> You can lint normal policies:
> qubes-policy-lint /etc/qubes/policy.d/*.policy
> Or policies included by !include-service:
> qubes-policy-lint /etc/qubes/policy.d/include/*
> 
> There is also qubes-policy-edit-terminal, an alternative to
> qubes-policy-editor by marmarta for terminal users. By default, it
> opens the user policy, but you can specify any policy that is already
> registered in /etc/qubes/policy.d/*.policy or
> /etc/qubes/policy.d/include/. You can use it with any editor, as you are
> editing a temorary copy of the policy, it doesn't matter.

Those look very useful!

I have one comment to qubes-policy-edit-terminal: when using
policy_get() (or policy_include_get()), you get a policy content and a
token. Use that token in policy_replace() call to detect race conditions
(when something else changes the same policy file in the meantime).

> I am doing vim-qrexec, will notice when ready for review, it requires
> the qubes-policy-lint for linting the policies from within Vim. So I
> will wait for a resolution of this topic.
> 
> Repository: https://codeberg.org/ben.grande.b/qubes-tools

Would you like to submit those to the core-qrexec repository?

> Attached is my public keys for signing for code (0x00C64E14F51F9E56) and
> mail (0x1B7314BF0CCC9687).

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAmRncSgACgkQ24/THMrX
1yxfPQgAieh5yzXC/xsod05WzOaxx4f5XOaNy1MCytK3djJcPmE5AVgHIIPQzqtt
HqSPZFrZYKB7MlknUKhztu/auxQw1GR2u3BTQIhDmSpmFVYwjYWaZQPpHiMeQ05P
pM1u67+eEFsFHjPEt0mYaDvxA0HIPuIY3+D2ZLIAfUpqUwf3r88GsPJaXXL51OoH
04NJS4fAzL1UW80gk3TCt8aqkc0f5iDrG4ccVDjIn6mEhq01NGXLTPn6JMrvcQCb
THhhvWcB0TX+qF/FmKyuAEVUJNSDHCYOwvvuqHTIVuD/9pb1ctHWdCJxBy4Y1xgb
99fckFvJlILcm1UslEdatwPcd/UjPw==
=H9K+
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-devel+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-devel/ZGdxKa5xF1YlOrnZ%40mail-itl.

Re: [qubes-devel] [PATCH] Fix missing include in RPC names in admin_client

2023-05-19 Thread Marek Marczykowski-Górecki 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, May 18, 2023 at 05:49:31PM +, Ben Grande wrote:
> Seems like a copy and paste issue.
> As of know, if I try to replace include/admin-local-ro, as it is using
> the path /etc/qubes/policy.d, the file is placed there under the name
> admin-local-ro.policy.
> For reviewers, check /var/log/qubes/policy-admin.log.

Thanks, applied.

> 
> -- 
> Benjamin Grande 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-devel" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-devel+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-devel/ZGZlKwviLqvWCfJW%40personal-mutt.

> From e684e4c5de379c7412fd256adaf243b73cbff040 Mon Sep 17 00:00:00 2001
> From: Ben Grande 
> Date: Thu, 18 May 2023 17:32:06 +
> Subject: [PATCH] Fix missing include in RPC names in admin_client
> 
> Signed-off-by: Ben Grande 
> ---
>  qrexec/policy/admin_client.py | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/qrexec/policy/admin_client.py b/qrexec/policy/admin_client.py
> index c28c2f2..f969260 100644
> --- a/qrexec/policy/admin_client.py
> +++ b/qrexec/policy/admin_client.py
> @@ -57,13 +57,13 @@ class PolicyClient:
>  self.call("policy.Replace", name, token + "\n" + content)
>  
>  def policy_include_replace(self, name: str, content: str, token="any"):
> -self.call("policy.Replace", name, token + "\n" + content)
> +self.call("policy.include.Replace", name, token + "\n" + content)
>  
>  def policy_remove(self, name: str, token="any"):
>  self.call("policy.Remove", name, token)
>  
>  def policy_include_remove(self, name: str, token="any"):
> -self.call("policy.Remove", name, token)
> +self.call("policy.include.Remove", name, token)
>  
>  def policy_get_files(self, name: str):
>  result = self.call("policy.GetFiles", name)
> -- 
> Benjamin Grande 
> 




- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
-BEGIN PGP SIGNATURE-

iQEyBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAmRnbYsACgkQ24/THMrX
1ywVsQf3a2z4HfxPy5/mjI46wPnHYF9cWUTfm2WhxRVbRzi/4ZZ+Y5pgekB391bp
Z35mPlx3R80Op/O+8MY/bjqDsZq5tg4SBRfLAMo16NdegUxqJ8fHvYsSPOBYP07v
F1+p84C7MgsNAOMfC1To6O6gmlI49oXIXEFtLWfxhcYz8oiOnUSvE8ZqBixewBnn
3NOX0g4D6U4OckXo0x9FDBrUcRg2P+JspGDJ9EOoQ8UjixVrzFGdRKMAmVTJ8PIb
qOg3o0uQsdh3zciF2XwSi/q2a5U2zoI3SRV0cUf1gD/okcHp3aPREvA9TUzyVubm
ftACp7FMgvBTBJ9cTnHRXBDQqa0O
=K8Jl
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-devel+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-devel/ZGdti976yOjdwhoC%40mail-itl.