-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hello.
Dom0 is not normally a client for extraneous qrexec calls, but in this
case, I need dom0 to resolve the domain name from the token @default via
policy.
Policy:
service * dom0 @default allow target=mydomain
Call:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 23-10-24 00:36:26, Marek Marczykowski-Górecki wrote:
> On Mon, Oct 23, 2023 at 09:24:13PM +0000, Ben Grande wrote:
> > Hello.
> >
> > Dom0 is not normally a client for extraneous qrexec calls, but in this
> > c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
There is no documentation on how to use it and it doesn't seem to accept
any label/service that is not provided by default:
Target can't be "@default":
```
$ qrexec-policy-graph --include-ask --source dev --target @default
WARNING:root:warning:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 23-10-24 12:32:50, Marek Marczykowski-Górecki wrote:
> On Tue, Oct 24, 2023 at 09:54:21AM +0000, Ben Grande wrote:
> > On 23-10-24 00:36:26, Marek Marczykowski-Górecki wrote:
> > > On Mon, Oct 23, 2023 at 09:24:13PM +
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 23-08-20 14:01:53, Marek Marczykowski-Górecki wrote:
> On Fri, Aug 11, 2023 at 02:17:00PM +0000, Ben Grande wrote:
> > Status:
> > - Missing change 'qubes-policy-editor' to 'qubes-policy-editor-gui';
>
> https://github.com/
21, 2023 at 08:49:21PM +, Ben Grande wrote:
> > > > On 23-08-20 14:01:53, Marek Marczykowski-Górecki wrote:
> > > > > On Fri, Aug 11, 2023 at 02:17:00PM +, Ben Grande wrote:
> > > > > > Status:
> > > > > > - Missing chan
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Enforce file mode and ownership for replaced files.
Signed-off-by: Ben Grande
- ---
qrexec/policy/admin.py | 9 +
1 file changed, 9 insertions(+)
diff --git a/qrexec/policy/admin.py b/qrexec/policy/admin.py
index da5bd9f..d575a6e 100644
sit
https://groups.google.com/d/msgid/qubes-devel/ZHB00gq0Ir/XWDqB%40personal-mutt.
From 84232c53e665eb012c87d44b481157c863aaf4e9 Mon Sep 17 00:00:00 2001
From: Ben Grande
Date: Fri, 26 May 2023 08:54:46 +
Subject: [PATCH] Fix python3-qrexec missing on qubes-core-qrexec
Signed-off-by:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Issue report.
Fails:
!include a b
Works:
!include-dir a b
I believe that !include-dir should also throw an exception on invalid
number of params, but it currently doesn't. I did not understand why
!include can raise the exception and
l+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-devel/ZHDNCoNSBgMlYYJp%40personal-mutt.
From 2867bc612cd28c22ea40d4e14ad3e8df6fd90bb9 Mon Sep 17 00:00:00 2001
From: Ben Grande
Date: Fri, 26 May 2023 15:12:29 +
Subject: [PATCH] pars
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 23-05-26 17:57:56, Marek Marczykowski-Górecki wrote:
> On Fri, May 26, 2023 at 03:48:18PM +0000, Ben Grande wrote:
> > Issue report.
> >
> > Fails:
> > !include a b
> > Works:
> > !include-dir a b
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 23-05-26 16:09:45, Ben Grande wrote:
> On 23-05-26 17:57:56, Marek Marczykowski-Górecki wrote:
> > On Fri, May 26, 2023 at 03:48:18PM +0000, Ben Grande wrote:
> > > Issue report.
> > >
> > > Fai
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Some updates made to the lint branch.
https://codeberg.org/ben.grande.b/qubes-core-qrexec/src/branch/lint
One thing that the lint tool doesn't do yet is catch warnings and
display them in the same format as errors, would be better for
applications
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 23-05-26 16:55:19, Ben Grande wrote:
> The more general question is, can we avoid runtime to detect these kind
> of problems? I don't believe this is an error on qubes-policy-lint, as
> it is simply using StringPolicy.
>
> --
&g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Signed-off-by: Ben Grande
- ---
qrexec/policy/parser.py | 11 +--
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/qrexec/policy/parser.py b/qrexec/policy/parser.py
index ab50f9e..143f77f 100644
- --- a/qrexec/policy/parser.py
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The editor does not require the policy(.include).List RPC as of the last
commit[0], only requiring policy(.include).Get and
policy(.include).Replace.
The downside is that when the file is not found, it guesses the file
path using POLICYPATH and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The patches page[0] does not set any minimal or maximum duration to wait
to resend reminders.
The Qubes package-contributions[1] state that it should be once a month.
Is this the same for patches?
Xen Project advises[2] the time to be from 2-4
I created a standalone lint tool for the Qrexec policies, the name is
qubes-policy-lint. It is a wrapper around qrexec.policy.parser
TestPolicy|StringPolicy.
You can lint normal policies:
qubes-policy-lint /etc/qubes/policy.d/*.policy
Or policies included by !include-service:
ubes-devel/ZGZlKwviLqvWCfJW%40personal-mutt.
From e684e4c5de379c7412fd256adaf243b73cbff040 Mon Sep 17 00:00:00 2001
From: Ben Grande
Date: Thu, 18 May 2023 17:32:06 +
Subject: [PATCH] Fix missing include in RPC names in admin_client
Signed-off-by: Ben Grande
---
qrexec/policy/admin_client.py | 4 ++
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Contrary to what doc/package-contributions says to do a brief
description, I prefer a long explanation than having to answer questions
in future mails when I could have answered them upfront.
Index:
- - Presentation
- - Implementation
- - Questions
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 23-05-19 14:52:57, Marek Marczykowski-Górecki wrote:
> Hi,
>
> Those look very useful!
>
> I have one comment to qubes-policy-edit-terminal: when using
> policy_get() (or policy_include_get()), you get a policy content and a
> token. Use that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 23-05-24 14:57:12, Demi Marie Obenour wrote:
> On Wed, May 24, 2023 at 11:53:51AM +0000, Ben Grande wrote:
> > Contrary to what doc/package-contributions says to do a brief
> > description, I prefer a long explanation than h
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 23-05-25 10:54:48, Ben Grande wrote:
> On the code completion case, it is dynamically generated, so we might
> need to do something here. I don't know the risk of inserting text that
> is already on the file to the comple
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 23-05-27 19:25:54, Ben Grande wrote:
> Without this, it defaults to what unmask allows, normally 644.
> Without being group owned, editing the policy manually leads to a RO
> file and if the user force writes, will change the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Without this, it defaults to what unmask allows, normally 644.
Without being group owned, editing the policy manually leads to a RO
file and if the user force writes, will change the ownership to
user:user.
Signed-off-by: Ben Grande
- ---
qrexec
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Enforce file mode and ownership for replaced files.
Signed-off-by: Ben Grande
- ---
qrexec/policy/admin.py | 6 ++
1 file changed, 6 insertions(+)
diff --git a/qrexec/policy/admin.py b/qrexec/policy/admin.py
index da5bd9f..5f80070 100644
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 23-05-25 11:45:45, Demi Marie Obenour wrote:
> On Thu, May 25, 2023 at 10:54:48AM +0000, Ben Grande wrote:
> > On 23-05-24 14:57:12, Demi Marie Obenour wrote:
> > > On Wed, May 24, 2023 at 11:53:51AM +, Ben Grande wrot
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 23-05-26 00:57:04, Marek Marczykowski-Górecki wrote:
> On Thu, May 25, 2023 at 10:18:43PM +0000, Ben Grande wrote:
> > On 23-05-25 11:45:45, Demi Marie Obenour wrote:
> > > On Thu, May 25, 2023 at 10:54:48AM +
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 23-05-26 01:47:36, Marek Marczykowski-Górecki wrote:
> On Thu, May 25, 2023 at 11:24:15PM +0000, Ben Grande wrote:
> > [REDACTED]
> > Debian - unexpected module not found:
> > $ qubes-policy
> > Traceback (most rece
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 23-06-01 19:03:31, Ben Grande wrote:
> The editor does not require the policy(.include).List RPC as of the last
> commit[0], only requiring policy(.include).Get and
> policy(.include).Replace.
>
> The downside is that when the fi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 23-05-28 22:35:31, Ben Grande wrote:
> Enforce file mode and ownership for replaced files.
>
> Signed-off-by: Ben Grande
> ---
> qrexec/policy/admin.py | 9 +
> 1 file changed, 9 insertions(+)
>
> diff --git a/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 23-05-26 16:59:07, Ben Grande wrote:
> Signed-off-by: Ben Grande
> ---
> qrexec/policy/parser.py | 11 +--
> 1 file changed, 5 insertions(+), 6 deletions(-)
>
> diff --git a/qrexec/policy/parser.py b/qrexec/policy
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello,
I am developing some Salt Formulas for Qubes OS. You may find them in
the following link:
https://github.com/ben-grande/qusal
## Acknowledgments
I can't thank enough for everyone that made this possible. To Unman, as
I learned
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 23-10-24 12:32:50, Marek Marczykowski-Górecki wrote:
> On Tue, Oct 24, 2023 at 09:54:21AM +0000, Ben Grande wrote:
> > On 23-10-24 00:36:26, Marek Marczykowski-Górecki wrote:
> > > On Mon, Oct 23, 2023 at 09:24:13PM +
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello qubes-devel,
Qubes OS provides some Pillar Modules [0], qubes:type, qubes:template and
qubes:netvm. I'd like to propose for the inclusion of Gonzalo Bulnes
qubes:features [1] and qubes:tags [2], python scripts licensed under
GPL-2.0-or-later.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello qubes-devel,
Is it worth it looking into improving QubesOS NFTables rule matching
speed? In order of speed: `if` > `ifgroup` > `ifname` (output and
input). Qubes uses a mix of them. Should work regarding changing the
rules to have a faster
36 matches
Mail list logo