I am creating a policy files in /etc/qubes/policy.d/. I wanted to create a policy with extremely lockdown system in mind which can have last rule as-
@anyvm@anyvm deny
Does anybody know how to do that.
The main hindrance is VMRootShell. I don’t know how to writes rules for it so that it can be used in useful way but not jeoparding whole system security. AFAIK it is required for templates updates so it can not be denied always.
Recently user policy files in /etc/qubes/policy.d/ does not work properly. (If you have a usb mouse, mouse is not assigned to dom0 even after no blocking rules present in user policy and qubes-rpc/policy is set to do so).
It used to work perfectly like about 20 days back.
Yes, that’s true. I have also same kind of problems while testing sys-gui in 4.1. Maybe a redirection in code from dom0 to sys-gui is causing these issues.