Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide a directory in /run for temporary qrexec policy #8513

Open
DemiMarie opened this issue Sep 14, 2023 · 2 comments · May be fixed by QubesOS/qubes-core-qrexec#134
Open

Provide a directory in /run for temporary qrexec policy #8513

DemiMarie opened this issue Sep 14, 2023 · 2 comments · May be fixed by QubesOS/qubes-core-qrexec#134
Assignees
@DemiMarie
Labels
C: core P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. pr submitted A pull request has been submitted for this issue. T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.

Comments

@DemiMarie
Copy link

How to file a helpful issue

The problem you're addressing (if any)

Some programs need to create policies that assign privileges to disposable VMs. If the system is rebooted, these policies are leaked, which increases the likelihood of VM name use-after-free.

The solution you'd like

Provide a directory under /run for temporary policy that is cleaned out when the system is rebooted, and provide APIs for managing policy there.

The value to a user, and who that user might be

Programs can manage qrexec policy without having to worry about leaking it.
@DemiMarie DemiMarie added T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality. P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. labels Sep 14, 2023
@DemiMarie DemiMarie self-assigned this Sep 14, 2023
@marmarek
Copy link
Member

Should it be systemd-like config dir handling? Something like /usr/lib/qubes/policy.d, /etc/qubes/policy.d, /run/qubes/policy.d, where same-named files override those in earlier dir?

@DemiMarie
Copy link
Author

That is a good idea, and is indeed the inspiration for this. One advantage is that system-provided configuration can be moved out of /etc where it doesn’t really belong.

@ben-grande ben-grande mentioned this issue Nov 21, 2023
Closed
@DemiMarie DemiMarie removed their assignment Mar 5, 2024
DemiMarie added a commit to DemiMarie/qubes-core-qrexec that referenced this issue Mar 14, 2024
@DemiMarie
Support additional policy directories
9d31ff7 
This allows multiple directories to contain qrexec policy, which allows
for transient policy that disappears on reboot.

Fixes: QubesOS/qubes-issues#8513
@DemiMarie DemiMarie linked a pull request Mar 14, 2024 that will close this issue
Open
@DemiMarie DemiMarie added pr submitted A pull request has been submitted for this issue. C: core and removed C: other labels Mar 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DemiMarie DemiMarie

Labels
C: core P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. pr submitted A pull request has been submitted for this issue. T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.
Projects
Current team tasks
Status: In review
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Support additional policy directories DemiMarie/qubes-core-qrexec
3 participants
@marmarek @DemiMarie @andrewdavidwong