How do you use Qubes Policies?

deeplow · May 27, 2021, 6:08am

The other one was already pinned on all forum pages. What I’ve done is move this discussion into its own thread because otherwise folks would probably miss the goal. Now it’s in the title and this topic is now the one pinned on all pages. @ninavizz fell free to edit the title of this new post.

fsflover · May 27, 2021, 12:38pm

I have a USB mouse and I set the policy to allow it without asking.

I have configured automatic opening of links from my email-qube and instant-messaging-qube in a disposable VM, so my policy allows those VMs to start corresponding dispVMs.

Nothing else in my Policies.

adw · May 28, 2021, 5:34am

Oh, I just assumed she meant updates, because “backups over Tor” makes no sense. (The closest thing would be uploading backups over Tor, which would be even less relevant to this topic than what was actually asked. )

deeplow · May 28, 2021, 9:58am

I use policies to open multiple documents in the same disposableVM when I click open in DisposableVM.

fsflover · May 28, 2021, 10:06am

Can you do the same with links?

deeplow · May 28, 2021, 10:09am

I believe so. See these:

ninavizz · May 29, 2021, 7:57pm

Yes! Another team I work with had the same question. I’m thinking of suggesting that functionality go into the Settings window for individual qubes. Where might you expect such a setting to live?

fsflover · May 30, 2021, 11:56am

I think this is not straightforward. Let’s say, I receive a couple of emails/intant-messages with links in some qube. I click on them and they are opened each in its own dispVM.

Do I want this or do I want them to be opened both in a single dispVM? It probably depends on how much I trust the senders and the linked websites. I don’t think I will ever want to apply “opening in the same dispVM” by default unless (1) I have not enough RAM or unless (2) opening a dispVM is annoyingly long. In the (1) case, such option would probably be useful. I expect that it could be shown in Advanced qube Settings, probably with a hint that it may decrease your security/privacy but save RAM. In the (2) case, I would very much prefer that the following issues are solved instead:

github.com/QubesOS/qubes-issues

Proposal and code for instantaneously started disposable VMs

opened 09:02AM - 13 Dec 15 UTC

qubesuser

C: core P: major S: in progress T: enhancement community-dev release notes

**Community Dev:** @qubesuser ----- Starting disposable VMs is faster than… normal VMs, but it can often still take several seconds and be a noticeable delay in the user experience. This proposes to solve this issue by keeping one or more disposable VMs always around runnning, but without qubes-guid started and thus "invisible". When the user requests a disposable VMs, the system takes one of those cached disposable VMs, adjusts them if necessary and starts qubes-guid, and then starts another cached disposable VMs for the next request. This allows instantaneously started DispVMs at the cost of losing 1.5-6 GB of RAM, which can be a good tradeoff at least for machines with >= 16GB RAM. There are two ways of doing this: the most flexible way would be to support any DispVM usage by starting the appropriate service on the cached DVM, and there is an inflexible but faster way that pre-starts the application as well, but only supports a limited number of DispVM applications started from dom0 (typically a web browser and a terminal). My code implements the "inflexible" way and offers two modes: a faster "separate" mode that keeps around a DispVM for each configured application, and a slower but less RAM hungry "unified" mode that keeps a DispVM with all the applications running, and kills the ones not needed at user request. You can find the implementation at: https://github.com/qubesuser/qubes-core-admin/tree/insta_dvm You'll need to create a configuration file in /etc/qubes/dvms like the one provided in the branch. The mode is chosen automatically depending on available RAM, but can be configured in /etc/qubes/cached-dvm-mode The branch is missing packaging for qubes-start-cached-dvm and the dvms config file, systemd integration for starting it at boot, and making dom0 start menu entries use it. It's also somewhat hackish overall and might need a rewrite in Python and adjustment to the new core code if shipped after that.

github.com/QubesOS/qubes-issues

Preloaded DisposableVMs

opened 08:28PM - 13 May 20 UTC

ejose19

C: core P: default T: enhancement

**The problem you're addressing (if any)** Disposable vms are very useful for t…he intent they're made, however one drawback they have is that usage is not instant as other appvms, and one need to wait for it to load before using it (varying from 7-20s depending on hardware) **Describe the solution you'd like** It would be great if there was an option to "preload" the dispvm (quantity to preload would be defined by the user and limited by hardware specs) so whenever you need to use a dispvm the target program launches automatically. **Where is the value to a user, and who might that user be?** It would be a great benefit in terms of speed and convenience depending on how much the user relies on dispvms **Additional context** Currently behaviour would be preserved, if you launch a program for a dispvm using the qubes menu, each call would use a different preloaded dispvm, no reuse would be made. Also when one dispvm is "used", another one would be preloaded to keep the defined amount always ready.

Note, that I can always simply use ctrl+c, ctrl+shift+c, ctrl+shift+v, ctrl+v instead and open the second link in the first dispVM in this way. Anything more complicated/flexible than that might be useless.

deeplow · May 30, 2021, 12:00pm

@ninavizz this could indeed be a very interesting usage of the policies. I have made a similar proposal for the SecureDrop Workstation project:

github.com/freedomofpress/securedrop-workstation

Investigate per-source dispVM

opened 08:27PM - 13 Nov 19 UTC

deeplow

## Description Following a conversation on [gitter](https://gitter.im/freedom…ofpress/securedrop), I'd like to propose the idea of per-source dispVMs. If possible, it would allow us to quickly open any other document for the same source as long as the source's original dispVM is still open ## User Research Evidence No user research has been conducted on this, but I would suggest evaluating the user reaction to the relatively long time it takes to open documents. ## User Stories (made up story) > As a journalists I don't like to have to wait (~15 secs - time to open a dispVM) every time I open a new document. ## Comments **Security implications**: these will have to be well considered, especially the flows of information. possibly related issues: - https://github.com/freedomofpress/securedrop-client/issues/52 - https://github.com/freedomofpress/securedrop-client/issues/137

Sven · May 31, 2021, 5:55am

At this point I am sure to annoy someone, but here goes:

If you set the policy to “ask” you will have the choice for each and every file (OpenInVM) and URL (OpenURL)

Your options are:

start new dispVM using dispVM template of your choice
use already running dispVM
use (and start) any other qube
cancel

You have this choice every time you open a file or URL! How is that not the default? (I know, not advocating to make my preference the default, but man this is handy)

ninavizz · June 4, 2021, 5:05am

I loved that you brought this up for SD, and the solution you proposed!

@Sven I totally agree with you and hope to put this policy’s setting option in the individual Qube’s setting pane. Seems like the best place to surface it. Looking forward to getting a version of this stuff into a prototype and in front of users.

deeplow · June 4, 2021, 6:06pm

Screen Sharing

Also, I’ve used policies to share the screen of one AppVM into another. This is useful when you want to do a presentation from your work qube, for example. But the designs you’ve been working on are on your other qube. It’s not as safe, but possibly better than installing the fully bloated zoom client on the qube where you stall all your creations. See:

https://github.com/QubesOS/qubes-issues/issues/6426

“Split-zotero”

I also use policies to have to be able safely use zotero ( a reference manager). I don’t particularly trust Zotero. So what I do is having a zotero qube where I store public documents fetched from the web via the zotero browser plugin (1-click local web page archiver – super convenient). And then I have an offline qube you can think of it as a notes-vault where I do my note-taking. When I click a citation on my notes-vault it selects that document on the other qube’s zotero. The communication between these two is very very minimal. Just the document id is passed, not even the document’s titles.

(before someone asks, I don’t have this in a shareable form. It’s just for personal use. But extremely simple to replicate.)

The other way around I created the SecureDrop issue first and it was on the back of my mind and what motivated me to seek a solution.

UncleBob · June 20, 2021, 4:21am

I don’t, but I wish I could edit certain properties like auto-delete after ‘x’ amount of time.
Yes.
Learning to do something similar to this: just explicitly asking for confirmation.

4.yes, see adw response.

Nope, and I would like to learn how

unman · June 20, 2021, 2:11pm

It’s completely unclear to me what questions you are answering, because
I cant identify the message you are commenting on.

For this, look at using qubes-app-shutdown-idle which will
automatically shutdown a qube when there are not open windows.
You can edit the timeout period in the configuration file ( by default 5
minutes)

UncleBob · June 26, 2021, 4:33am

@unman When I have 45ish minutes free I’ll go more in depth. Sorry, I didn’t mean to be unclear, it made sense in my head when typing it: 1 corresponds to first bullet point of original post, and so on.

For ”1” here are the specifics:
https://forum.qubes-os.org/t/wipe-vm-clipboards-with-a-trigger/

unman · June 26, 2021, 11:17am

@UncleBob - It’s a problem at my end.
I use mailing list mode, and when a thread is split, I have no
idea what the original topic might have been.
That means that if you refer to a post in the original thread, I’m
just lost.
Look forward to some more detail.

QubesIncoming · August 17, 2021, 9:22pm

How do you configure it this way ?

ninavizz · August 24, 2021, 8:18pm

So, an amnesiac property for clipboards (global or qube specific) is something you’d like?

ninavizz · August 24, 2021, 8:23pm

Seeking feedback on some design stuff! In this thread: Feedback Sought: System/Global Settings & Policies UI stuff