How can I write a qrexec policy for qubes.Filecopy that lets me copy from an anon-vm to another anon-vm, but not from a non anon-vm to an anon-vm and the other way around?
I imagine this:
qubes.Filecopy * @tag:anon-vm @tag:anon-vm ask # Accept whonix to whonix
qubes.FileCopy * @tag:anon-vm !@tag:anon-vm deny # Deny Whonix to non-Whonix
qubes.FileCopy * !@tag:anon-vm @tag:anon-vm deny # Deny non-Whonix to Whonix
The ! here is made up by me to mean negate, is a policy like this possible?
Great, I had tried something similar but I believe it failed without the @default clause. This works.
Some additional questions, is /etc/qubes/policy.d/50-config-filecopy.policy the right file? Where should I put my options to not have them get overwritten?
Can we use multiple tags? Whonix templates have the tag whonix-updatevm but not anon-vm.
It is managed by Qubes Global Config, so it’s not the best place to add new policies. Create a new policy file with a lower number instead so that it is read first and doesn’t get overwritten by anything else.
Unfortunately not on the same line, but it has been proposed on github:
Until it is implemented, you can duplicate the lines, but with the other tag instead.