Accidentally deleted 90-default.policy

… instead of removing my customized 30… policy I accidentally removed my 90-default.policy :exploding_head:

Please could someone point me to the default source code of the 90-default.policy or copy the default here. Thanks!

found source: qubes-core-admin/90-default.policy at master · QubesOS/qubes-core-admin · GitHub

copied it to original directory: /etc/qubes/policy.d

did a few tests attaching devices, copy files to VM … does not work.

Do I need to reboot / is it save to reboot?!

1 Like

chmod 664
chown root:qubes

1 Like

I did

chmod 664 90-default.policy

and

sudo chown root:qubes 90-default.policy

-rw-rw-r-- 1 root qubes 6338 … … …:… 90-default.policy

correct?

I still cannot copy to other appVMs. Do I need to restart something first or is it now save to reboot?

Still not working. When I try to Copy to other AppVM… nothing happens not even an error messages pops up.

Any further settings I need to do any operation / command to debug ?

Could someone send a ls -la screenshot of the /etc/qubes/policy.d ?

Here you go:

[user@dom0 ~]$ ls -la /etc/qubes/policy.d/
total 52
drwxrwxr-x 3 root root  4096 Oct 19 11:34 .
drwxr-xr-x 8 root root  4096 Aug 16 08:33 ..
-rw-rw---- 1 root qubes  293 Oct 19 11:34 30-qubesctl-salt.policy
-rw-r--r-- 1 root root     0 Sep 28 17:04 30-user.policy
-rw-rw-r-- 1 root root   674 Mar  5  2022 35-compat.policy
-rw-rw-r-- 1 root qubes  829 Feb 18  2022 80-whonix.policy
-rw-rw-r-- 1 root qubes 2150 Jul 22 02:00 85-admin-backup-restore.policy
-rw-rw-r-- 1 root qubes 7602 Jul 22 02:00 90-admin-default.policy
-rw-rw-r-- 1 root root  1129 Mar  5  2022 90-admin-policy-default.policy
-rw-rw-r-- 1 root qubes 6331 Jul 22 02:00 90-default.policy
drwxrwxr-x 2 root root  4096 May 28 19:30 include
-rw-rw-r-- 1 root root   185 Mar  5  2022 README
1 Like

Thanks @aronowski for your quick help!

One step done, file size indicated that I have copied a “Footer” word at the end of the 90-default.policy file (copy & paste issue from qubes-core-admin/90-default.policy at master · QubesOS/qubes-core-admin · GitHub). Interesting, one wrong word blocked the copy to appvm function …

Attaching device is still not working.

Are we sure the issue is related to that file only? Maybe I’ll just send a zip of all these listed files.

I am just not infront of my notebook. Let me first try to recreate a sys-usb. Maybe this will fix it.

[deleted by SteveC…off topic]

Well, it is somehow related to my issue but I would suggest you start your own thread since it takes over my originally posted issue and therefore it makes it hard to read and follow if someone would face the same issue.

PS: You will find some answers here.

Ok, I did:

  • delete sys-usb and reinstalled the sys-usb with USB qubes | Qubes OS it went through without any error message.

  • started sys-usb but I am still not able to pass any keyboard, Yubikey nor any usb device to any qube.

  • Qube’s notification error points to a non-existing qubes-usb-proxy installation. But this is wrong since it worked before and when I try to reinstall the qubes-usb-proxy it confirms that it is already installed.

/etc/qubes-rpc/qubes.InputKeyboard and …/qubes.InputMouse are set to:

sys-usb dom0 allow

Any other qubes policy I can check?

You’re right, it’s a potential hijack. I’m going to go back and wipe out my question.

You have not said exactly what the notification error says.
Nor have you said if this is now the only issue you have with qrexec.

Assuming you have a functioning 90-default.policy, and have deleted the
30-user.policy file, I would:
Start with mouse.
change allow to ask in qubes.InputMouse and restart - you should be prompted to allow
keyboard.
Check in sys-usb that lsusb shows attached device(s)

The notification error says:


Error
Attaching device NAME_OF_THE_USB_DEVICE failed
Error: QubesException - qubes-usb-proxy not installed in the VM

(for keyboard, Yubikey, mouse, usb storage etc.) and as I wrote before it is installed.

Well, I thought I did so by listing

(graphical operation like copy and move file to other AppVM works)

Yes, I have copied it from source followed your permission sets and double check the settings and file size. I follow your recommendation and see if I can manage to get my mouse working (again).

sys-usb: lsusb return bash: lsusb: command not found (but the tray icon shows all correctly)
dom0: qvm-usb shows all usb devices correctly

Do you have qubes-input-proxy-sender installed?

How exactly did you install sys-usb.

Standard routine.

I cannot recover it. I will do a fresh reinstallation, using my automated minimal Debian script. But first, I will make a backup archive of the Qubes policy folder.