Provide a directory in /run
for temporary qrexec policy
#8513
Labels
C: core
P: default
Priority: default. Default priority for new issues, to be replaced given sufficient information.
pr submitted
A pull request has been submitted for this issue.
T: enhancement
Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.
How to file a helpful issue
The problem you're addressing (if any)
Some programs need to create policies that assign privileges to disposable VMs. If the system is rebooted, these policies are leaked, which increases the likelihood of VM name use-after-free.
The solution you'd like
Provide a directory under
/run
for temporary policy that is cleaned out when the system is rebooted, and provide APIs for managing policy there.The value to a user, and who that user might be
Programs can manage qrexec policy without having to worry about leaking it.
The text was updated successfully, but these errors were encountered: