I’m in the process of configuring different disposables for different things, like viewing DVMs and editing DVMs, but I don’t want to set a default disposable so traffic flow to dispvms is tightly controlled.
Is it possible to set a specific dvm template as the converter template?
You might be able to do that with some custom RPC policy? Something like the following might work:
qubes.PdfConvert * @anyvm @dispvm allow target=@dispvm:<DISPOSABLE_TEMPLATE>
I added the needs-doc tag.
I think the converter template should be offline by default. As it is used to convert untrusted files, it is very possible that some of them try to phone home, thus not allowing it to access the internet seems a better option to me.
I don’t really know why it is not the case by default. Is it by convenience, so that the default disposable template is used for everything?
Oh thanks for this link! I was thinking about trying to implement something like that by myself, and then maybe open an issue/pull request if I succeeded. It is nice to know that it exists already! I will look into it.
Thanks, @parulin.
On another note, I think this should be configurable along with the open-in-disp and edit-in-disp in the global config (similar to the URL handling). I’d assume it’s a rather standard use-case of anyone seeking to go from light to medium security, Qubes-relative.
I’d also like to see support for non-standard workflows like using regular qubes. I have a work-email qube, for instance, that opens all links in my work browsing qube. But that’s another matter.
Maybe I go too far OT, and maybe everyone knows about it, but I just dicovered dispvm_netvm property.
I think it still exists (?), and it seems like it could be useful for some related use-cases, but I am having trouble finding some documentation.
I also see an issue about DispVM inheriting firewall rules, which could prevent some applications of it, but I am not understanding the details Issue 1296
I would be very interested in your decisions about setting up tighter control.