can i mix tag and type in rpc policy? because if i tag an appvm and then make a disposable based on it, then the disposable inherits the tag.
i want to be able to tag only the appvm itself, not disposable created from it.
i tried this syntax: @type:AppVM:@tag:mytag but it doesn’t seem to work.
phceac
2
Not an expert, but would it meet your requirements to use two lines of policy: first deny access for @dispvm:@tag:TAG, then allow for @tag:TAG?
It is not as general as stacking @ tokens, but it simplifies the parsing. It seems to be the design, as described here.
1 Like