Hello,
When wanting to require confirmation for qrexec calls, the target is not prefilled in the prompt. This has to be done in the policy file with the default_target
parameter.
I wanted to ask if there is any other possibility to have a simple “yes/no” user confirmation for qrexec without explicitly setting the target qube in the policy, as this is not possible for my use case. (targets are dispVMs with random names that are created on demand and are only policed by a static tag)
When using qrexec calls and simply allowing them, for example for split-ssh with multiple clients and vaults, the qrexec system obiously knows the target for the call from the caller, so this should be possible in theory. The qrexec-policy-daemon known the requested target from the domU.
Rational
Although my specific use case can arguably be viewed as an unimportant special case with a small user base, i sincerely think this is a highly versatile feature that should be easy to configure and would allow users to create insanely cool “now you are thinking with qubes” things.