I am creating a policy files in /etc/qubes/policy.d/. I wanted to create a policy with extremely lockdown system in mind which can have last rule as-
@anyvm @anyvm deny
Does anybody know how to do that.
The main hindrance is VMRootShell. I don’t know how to writes rules for it so that it can be used in useful way but not jeoparding whole system security. AFAIK it is required for templates updates so it can not be denied always.
- @anyvm @anyvm deny