-
-
Notifications
You must be signed in to change notification settings - Fork 47
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provide a directory in /run
for temporary qrexec policy
#8513
Closed
Labels
C: core
P: default
Priority: default. Default priority for new issues, to be replaced given sufficient information.
pr submitted
A pull request has been submitted for this issue.
T: enhancement
Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.
Comments
DemiMarie
added
T: enhancement
Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.
P: default
Priority: default. Default priority for new issues, to be replaced given sufficient information.
labels
Sep 14, 2023
Should it be systemd-like config dir handling? Something like |
That is a good idea, and is indeed the inspiration for this. One advantage is that system-provided configuration can be moved out of |
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Mar 14, 2024
This allows multiple directories to contain qrexec policy, which allows for transient policy that disappears on reboot. Fixes: QubesOS/qubes-issues#8513
DemiMarie
added
pr submitted
A pull request has been submitted for this issue.
C: core
and removed
C: other
labels
Mar 14, 2024
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Jun 27, 2024
This allows multiple directories to contain qrexec policy, which allows for transient policy that disappears on reboot. Fixes: QubesOS/qubes-issues#8513
DemiMarie
added a commit
to DemiMarie/qubes-core-qrexec
that referenced
this issue
Jun 27, 2024
This allows multiple directories to contain qrexec policy, which allows for transient policy that disappears on reboot. Fixes: QubesOS/qubes-issues#8513
marmarek
added a commit
to marmarek/qubes-core-admin
that referenced
this issue
Sep 26, 2024
marmarek
added a commit
to marmarek/qubes-core-admin
that referenced
this issue
Sep 26, 2024
marmarek
added a commit
to marmarek/qubes-core-admin
that referenced
this issue
Sep 26, 2024
This was referenced Oct 4, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
C: core
P: default
Priority: default. Default priority for new issues, to be replaced given sufficient information.
pr submitted
A pull request has been submitted for this issue.
T: enhancement
Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.
How to file a helpful issue
The problem you're addressing (if any)
Some programs need to create policies that assign privileges to disposable VMs. If the system is rebooted, these policies are leaked, which increases the likelihood of VM name use-after-free.
The solution you'd like
Provide a directory under
/run
for temporary policy that is cleaned out when the system is rebooted, and provide APIs for managing policy there.The value to a user, and who that user might be
Programs can manage qrexec policy without having to worry about leaking it.
The text was updated successfully, but these errors were encountered: