Hi. Folks.
New to qubesOS here, I wanted to qvm-connect-tcp between two qubes, edited the policy file like the example in 90-default.policy that reads:
qubes.ConnectTCP +22 vm1 @default allow target=vm2
but that is silently ignored. What worked for me is:
qubes.ConnectTCP +11434 work gpu allow
am I missing something or is it just the sample comment that is wrong/outdated?
Cheers,
Can you give more details on where you made your policy and also how you started qvm-connect-tcp?
I replicated the setup and was able to reach the other qube via ssh just fine.
On work vm:
qvm-connect-tcp 11434:gpu:11434
I tried putting policy in a new “30-user-networking.policy”, when that didn’t work I tried in 90-default.policy directly, above the default deny one.
journalctl tells me “qrexec bla bla denied by 90-default.policy:22” with proposed syntax, ignoring or not matching the line
90-default.policy should be left as is. Add new policies to other files, such as 30-user-networking.policy, as you mentioned.
If you add the following policy to 30-user-networking.policy
qubes.ConnectTCP +22 work @default allow target=gpu
And then run qvm-connect-tcp 22:@default:22 in your work qube, does ssh work if you use ssh user@localhost?