Related to the following discuss-link see the following problem:
How to program which file in which policy to update the original-whonix-system via sys-whonix as before, on the other hand the clones (I call them here whonix-ws-16-TEST and whonix-gw-16-TEST) via sys-whonix-TEST?
And how can I prevent (in the new policies) that when starting these clones in the Qubes manager always starts sys-whonix and not the clone sys-whonix-TEST?
On a trial basis, I have renamed the target in “qubes.UpdatesProxy” to sys-whonix-TEST for this purpose:
$tag:whonix-updatevm $default allow,target=sys-whonix-TEST (instead of sys-whonix).
This works - shutting everything down and starting the update (e.g. from whonix-ws-16) will also start sys-whonix-TEST.
But adding a second line with a different rule to update/start the clones via sys-whonix-TEST and the originals via sys-whonix does not lead to success.
for example:
$tag:whonix-ws-16-TEST $default allow,target=sys-whonix-TEST
$tag:whonix-gw-16-TEST $default allow,target=sys-whonix-TEST
$tag:whonix-ws-16 $default allow,target=sys-whonix
$tag:whonix-gw-16 $default allow,target=sys-whonix
$tag:whonix.updatevm $anyvm deny
(I left out the whonix.updatevm line as it refers to whonix in general, but don’t know if that is correct).
I’m not sure if I wrote this correctly because it doesn’t work. Does anyone have any ideas? And most importantly:
Does this overlap with the entries in the policy.d files?
Thanks for opinions!