anon999
December 28, 2025, 10:21am
1
I’m trying to set up sys-gui-vnc, but I’m having trouble understanding the Qubes documentation. Despite finding it well-written and having read most of it, I feel like this topic is lacking in detail. I have so many questions
First, I’ve executed these commands:
sudo qubesctl top.enable qvm.sys-gui-vnc
sudo qubesctl top.enable qvm.sys-gui-vnc pillar=True
sudo qubesctl --all state.highstate
sudo qubesctl top.disable qvm.sys-gui-vnc
qvm-start sys-gui-vnc
Now, I need to create a RPC policy allow connection from sys-remote.Q1. What should be the correct RPC policy line?
I’ve somehow botched the configuration enough to get to the login screen in VNC viewer in sys-remote for testing.sys-remote to the sys-gui-vnc port 5900 using qvm-connect-tcp. I can do that according to the Q1. answer.
By now, I’ve also added the password to the login user in sys-gui-vnc, and I’ve installed tigervnc as a persistent application in sys-remote. (My ultimate goal is to connect to sys-remote via a Wi-Fi hotspot run by sys-remote from my laptop.)
When I log in, I get a bunch of error notifications (Denied from sys-gui-vnc to dom0):
Denied: admin.vm.property.GetAllDenied: admin.vm.device.pci.AssignedDenied: admin.vm.device.block.AvailableDenied: admin.vm.device.usb.AvailableDenied: admin.vm.device.webcam.AvailableDenied: admin.vm.feature.Get+update-availableDenied: admin.vm.device.block.AttachedDenied: admin.vm.device.usb.AttachedDenied: admin.vm.device.mic.AttachedDenied: admin.vm.device.webcam.AttachedDenied: admin.vm.feature.Get+device-attach-with-micDenied: admin.vm.feature.Get+hide-children Denied: admin.vm.feature.CheckWithTemplate+internalDenied: admin.vm.feature.Get+appmenus-dispvm
Q2. What should be the correct RPC policies to fix these errors?
Again, I’ve kind of botched these errors again by adding RPC policy:
* * sys-gui-vnc @adminvm allow
Finally, I’m not getting any VMs displaying in the app menu instead of sys-gui-vnc and dom0Q3. What is the problem now, and how to fix it?
Q4. (Optional) Is my setup any good? How would you have done it?
anon999
December 30, 2025, 10:39am
2
I’m still scratching my head with this one. I would be very grateful for any insights you can share.
Well, I have a few answers.
qubes.ConnectTCP * sys-remote @deafult allow target=sys-gui-vnc
qvm-connect-tcp 5900:@default:5900
According to #10025 , I have used jmynes’ policies and these errors are gone.
This is fixed by using above policies.
I have one more question. Like I can change qvm-prefs vm-name guivm sys-gui-vnc, which qubes should I change that for? I’m concerned that if I set it to all, then I won’t be able to use my system with just my monitor.
My policies:
1 Like
phceac
January 2, 2026, 3:50am
5
I am watching here (lurking), and planning to try sys-gui-xxxx soon.
I tested before with sys-gui, more than 1-2 years ago. I did not yet find my notes, so the following is only memory. I do not want to waste your time, but maybe it can help…
I found it was helpful to use the special tags to help with making it usable - “created-by-sys-gui” and “managed-by-sys-gui” - maybe there were even some existing policies. For your tests, “xxxx-by-sys-gui-vnc”… as suggested by the docs.
I remember (maybe) it was convenient to clone some templates, and give “managed-by” tag, and then it was possible to create and manage a set of AppVMs inside sys-gui. It was also possible for sys-gui to see and administer an AppVM, but not its Template - it seemed very clever for compartmentalisation.
There is a little information here:https://doc.qubes-os.org/en/latest/developer/services/admin-api.html#tags
1 Like
I’m still stuck. I failed to mention in my last reply that while VMs do show in the app menu, nothing was actually working. I experimented with tag managed-by-sys-gui-vm and while some things worked, much of it didn’t. I do think the concept is sound and I will use tags when the basic setup is working.
admin.vmclass.List * sys-gui-vnc @adminvm allow
admin.vm.List * sys-gui-vnc @adminvm allow
admin.vm.List * sys-gui-vnc sys-gui-vnc allow
admin.vm.Create.AppVM * sys-gui-vnc @adminvm allow
admin.vm.Create.TemplateVM * sys-gui-vnc @adminvm allow
admin.vm.Create.StandaloneVM * sys-gui-vnc @adminvm allow
admin.vm.Create.DispVM * sys-gui-vnc @adminvm allow
admin.vm.CreateInPool.AppVM * sys-gui-vnc @adminvm allow
admin.vm.CreateInPool.TemplateVM * sys-gui-vnc @adminvm allow
admin.vm.CreateInPool.StandaloneVM * sys-gui-vnc @adminvm allow
admin.vm.CreateInPool.DispVM * sys-gui-vnc @adminvm allow
admin.vm.CreateDisposable * sys-gui-vnc @type:TemplateVM allow
admin.vm.Remove * sys-gui-vnc @anyvm allow
admin.label.List * sys-gui-vnc @adminvm allow
admin.label.Create * sys-gui-vnc @adminvm allow
admin.label.Get * sys-gui-vnc @adminvm allow
admin.label.Index * sys-gui-vnc @adminvm allow
admin.label.Remove +label sys-gui-vnc @adminvm allow
# admin.property.List * sys-gui-vnc @adminvm allow # don't manage dom0
# admin.property.Get * sys-gui-vnc @adminvm allow # don't manage dom0
# admin.property.GetAll * sys-gui-vnc @adminvm allow # don't manage dom0
# admin.property.Help * sys-gui-vnc @adminvm allow # don't manage dom0
# admin.property.HelpRst * sys-gui-vnc @adminvm allow # don't manage dom0
# admin.property.Reset * sys-gui-vnc @adminvm allow # don't manage dom0
# admin.property.Set * sys-gui-vnc @adminvm allow # don't manage dom0
admin.vm.property.List * sys-gui-vnc @adminvm allow
admin.vm.property.Get +keyboard_layout sys-gui-vnc @adminvm allow
admin.vm.property.Get +label sys-gui-vnc @adminvm allow
admin.vm.property.Get * sys-gui-vnc @tag:admin-vm-tag allow target=sys-gui-vnc
admin.vm.property.Get +kernel sys-gui-vnc @type:StandaloneVM allow
admin.vm.property.Get +installed_by_rpm sys-gui-vnc @type:TemplateVM:AppVM allow
admin.vm.property.Get +label sys-gui-vnc @type:TemplateVM:AppVM:DispVM:StandaloneVM allow
admin.vm.property.Get +name sys-gui-vnc @type:TemplateVM:AppVM:DispVM:StandaloneVM allow
admin.vm.property.Get +qid sys-gui-vnc @type:TemplateVM:AppVM:DispVM:StandaloneVM allow
admin.vm.property.Get +uuid sys-gui-vnc @type:TemplateVM:AppVM:DispVM:StandaloneVM allow
admin.vm.property.Get +guivm sys-gui-vnc @type:TemplateVM:AppVM allow
admin.vm.property.Get +template_for_dispvms sys-gui-vnc @type:AppVM allow
admin.vm.property.Get +netvm sys-gui-vnc @type:AppVM:DispVM:StandaloneVM allow
admin.vm.property.Get +template sys-gui-vnc @type:AppVM:DispVM allow
admin.vm.property.Get +autostart sys-gui-vnc @type:DispVM allow
admin.vm.property.Get +dispid sys-gui-vnc @type:DispVM allow
admin.vm.property.Get +maxmem sys-gui-vnc @type:DispVM:StandaloneVM allow
admin.vm.property.Get +memory sys-gui-vnc @type:DispVM:StandaloneVM allow
admin.vm.property.Get +provides_network sys-gui-vnc @type:DispVM:StandaloneVM allow
admin.vm.property.Get +vcpus sys-gui-vnc @type:StandaloneVM allow
admin.vm.property.Get +virt_mode sys-gui-vnc @type:DispVM:StandaloneVM allow
admin.vm.property.Get +default_dispvm sys-gui-vnc @type:AppVM allow
admin.vm.property.Get +keyboard_layout @anyvm sys-gui-vnc allow
admin.vm.property.Get +label @anyvm sys-gui-vnc allow
# +audiovm # no need for my setup
# +backup_timestamp # no need for my setup
# +bootmode # no need for my setup
# +debug # no need for my setup
# +default_user # no need for my setup
# +default_denied # no need for my setup
# +dns # no need for my setup
# +gateway # no need for my setup
# +gateway6 # no need for my setup
# +icon # no need for my setup
# +include_in_backups # no need for my setup
# +ip # no need for my setup
# +ip6 # no need for my setup
# +kernelopts # no need for my setup
# +klass # no need for my setup
# +mac # no need for my setup
# +management_dispvm # no need for my setup
# +qrexec_timeout # no need for my setup
# +shutdown_timeout # no need for my setup
# +start_time # no need for my setup
# +stubdom_mem # no need for my setup
# +stubdom_uuid # no need for my setup
# +stubdom_xid # no need for my setup
# +updateable # no need for my setup
# +visible_gateway # no need for my setup
# +visible_gateway6 # no need for my setup
# +visible_ip # no need for my setup
# +visible_ip6 # no need for my setup
# +visible_netmask # no need for my setup
# +xid # no need for my setup
# admin.vm.property.GetAll * sys-gui-vnc @adminvm allow
# admin.vm.property.GetAll * sys-gui-vnc @anyvm allow
admin.vm.property.GetDefault +bootmode sys-gui-vnc @anyvm allow
admin.vm.property.GetDefault +guivm sys-gui-vnc @anyvm allow
admin.vm.property.GetDefault +audiovm sys-gui-vnc @anyvm allow
admin.vm.property.GetDefault +virt_mode sys-gui-vnc @anyvm allow
admin.vm.property.GetDefault +installed_by_rpm sys-gui-vnc @anyvm allow
admin.vm.property.GetDefault +memory sys-gui-vnc @anyvm allow
admin.vm.property.GetDefault +maxmem sys-gui-vnc @anyvm allow
admin.vm.property.GetDefault +stubdom_mem sys-gui-vnc @anyvm allow
admin.vm.property.GetDefault +vcpus sys-gui-vnc @anyvm allow
admin.vm.property.GetDefault +kernel sys-gui-vnc @anyvm allow
admin.vm.property.GetDefault +kernelopts sys-gui-vnc @anyvm allow
admin.vm.property.GetDefault +debug sys-gui-vnc @anyvm allow
admin.vm.property.GetDefault +default_user sys-gui-vnc @anyvm allow
admin.vm.property.GetDefault +qrexec_timeout sys-gui-vnc @anyvm allow
admin.vm.property.GetDefault +shutdown_timeout sys-gui-vnc @anyvm allow
admin.vm.property.GetDefault +autostart sys-gui-vnc @anyvm allow
admin.vm.property.GetDefault +include_in_backups sys-gui-vnc @anyvm allow
admin.vm.property.GetDefault +backup_timestamp sys-gui-vnc @anyvm allow
admin.vm.property.GetDefault +default_dispvm sys-gui-vnc @anyvm allow
admin.vm.property.GetDefault +management_dispvm sys-gui-vnc @anyvm allow
admin.vm.property.GetDefault +updateable sys-gui-vnc @anyvm allow
admin.vm.property.GetDefault +devices_denied sys-gui-vnc @anyvm allow
admin.vm.property.GetDefault +keyboard_layout sys-gui-vnc @anyvm allow
# admin.vm.property.Help + sys-gui-vnc @anyvm allow # no need
# admin.vm.property.HelpRst + sys-gui-vnc @anyvm allow # no need
# admin.vm.property.Reset + sys-gui-vnc @anyvm allow # no need
admin.vm.property.List * sys-gui-vnc @anyvm allow
admin.vm.feature.Get +preload-dispvm-threashold sys-gui-vnc @adminvm allow
admin.vm.feature.Get +menu-favorites sys-gui-vnc @adminvm allow
admin.vm.feature.Get +gui-default-secure-copy-sequence sys-gui-vnc @adminvm allow
admin.vm.feature.Get +gui-default-secure-paste-sequence sys-gui-vnc @adminvm allow
admin.vm.feature.Get +last-updates-chec sys-gui-vnc @adminvm allow
admin.vm.feature.Get +updates-available sys-gui-vnc @adminvm allow
admin.vm.feature.Get +default-menu-items sys-gui-vnc @type:TemplateVM:AppVM allow
admin.vm.feature.Get +menu-items sys-gui-vnc @type:TemplateVM:AppVM:DispVM allow
admin.vm.feature.Get +appmenus-dispvm sys-gui-vnc @type:AppVM:DispVM allow
admin.vm.feature.Get +preload-dispvm sys-gui-vnc @type:AppVM allow
admin.vm.feature.Get +internal sys-gui-vnc @type:AppVM allow
admin.vm.feature.Get +gui-events-max-delay sys-gui-vnc @type:AppVM allow
admin.vm.feature.Get +servicevm sys-gui-vnc @type:DispVM allow
admin.vm.feature.Get +service.clocksync sys-gui-vnc @type:DispVM allow
admin.vm.feature.Get +service.minimal-netvm sys-gui-vnc @type:DispVM allow
admin.vm.feature.Get +selinux sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +qrexec sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +kicksecure sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +whonix-gw sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-feature.keyboard-layout sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-feature.memory-hotplug sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +os sys-gui-vnc @type:TemplateVM:StandaloneVM allow
admin.vm.feature.Get +supported-service.modem-manager sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-service.apparmor sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +apparmor sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-service.no-qubesincoming-cleanup sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-service.crond sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-service.updates-proxy-setup sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-service.minimal-usbvm sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-service.network-manager sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-service.blueman sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-service.qubes-updates-proxy sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-service.clocksync sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-service.qubes-network sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-service.gui-agent-clipboard-wipe sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-service.cups sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-service.guivm-gui-agent sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-service.qubes-firewall sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-service.pipewire sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-service.meminfo-writer sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-service.minimal-netvm sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-service.qubes-update-check sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.PdfConvert sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.ResizeDisk sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.StartApp sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.VMRootShell sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.ShowInTerminal sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.SetDateTime.anondist sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.WaitForNetworkUplink sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.VMShell sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.VMRootExec sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.UpdatesProxy.anondist sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.sdwdate-gui.ConnectCheck sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.UpdatesProxy sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.Restore sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.GetImageRGBA sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.TemplateDownload sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.UpdateAppMenusFor sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.SyncNtpClock.anondist sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.SetDateTime sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.SuspendPreAll sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.SelectFile sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.RestoreById sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.WaitForSession sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.SuspendPost sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.GpgImportKey sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.Gpg sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.InstallUpdatesGUI sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.RegisterBackupLocation sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.USBDetach sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.GuiVMSession sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.Filecopy sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.SuspendPre sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.Backup sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.WaitForRunningSystem sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.PostInstall sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.GetAppmenus sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.USB sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.GetDate sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.OpenURL sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.SaltLinuxVM sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.SuspendPostAll sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.SetDateTime.anondist-orig sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.VMExec sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.VMExecGUI sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.OpenInVM sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.TemplateSearch sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.USBAttach sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.SetMonitorLayout sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.DetachPciDevice sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.SelectDirectory sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +os-distribution sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +os-distribution-like sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +boot-mode.kernelopts.sysmaint sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +boot-mode.kernelopts.unrestricted sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +boot-mode.kernelopts.user sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +boot-mode.default-user.sysmaint sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +boot-mode.name.sysmaint sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +boot-mode.name.unrestricted sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +boot-mode.name.user sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +boot-mode.active sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +boot-mode.appvm-default sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +os-version sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +os-eol sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +qubes-agent-version sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +gui sys-gui-vnc @type:TemplateVM:StandaloneVM allow
admin.vm.feature.Get +qubes-firewall sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +vmexec sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +template-name sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +template-epoch sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +template-version sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +template-release sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +template-reponame sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +template-buildtime sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +template-installtime sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +template-license sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +template-url sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +template-summary sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +template-description sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +updates-available sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +last-updates-check sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-service.dummy-psu sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-service.dummy-backlight sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.InputTablet sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.Notifications sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.InputMouse sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +supported-rpc.qubes.InputKeyboard sys-gui-vnc @type:TemplateVM allow
admin.vm.feature.Get +rpc-clipboard sys-gui-vnc @type:StandaloneVM allow
admin.vm.feature.Get +stubdom-qrexec sys-gui-vnc @type:StandaloneVM allow
admin.vm.feature.Get +audio-model sys-gui-vnc @type:StandaloneVM allow
admin.vm.feature.Get +timezone sys-gui-vnc @type:StandaloneVM allow
admin.vm.feature.Get +no-monitor-layout sys-gui-vnc @type:StandaloneVM allow
admin.vm.feature.Get +gui-emulated sys-gui-vnc @type:StandaloneVM allow
admin.vm.feature.Get +service.lightdm sys-gui-vnc @type:AppVM allow
admin.vm.feature.Get +service.guivm sys-gui-vnc @type:AppVM allow
admin.vm.feature.Get +service.guivm-vnc sys-gui-vnc @type:AppVM allow
admin.vm.feature.Get +service.dummy-psu sys-gui-vnc @type:AppVM allow
admin.vm.feature.Get +service.blueman sys-gui-vnc @type:AppVM allow
admin.vm.feature.CheckWithTemplate +internal sys-gui-vnc @anyvm allow
admin.vm.feature.CheckWithTemplate +gui sys-gui-vnc @anyvm allow
admin.vm.feature.CheckWithNetvm * sys-gui-vnc @dispvm:@tag:network-parent allow
admin.vm.feature.CheckWithAdminVM * sys-gui-vnc @adminvm allow
admin.vm.feature.CheckWithTemplateAndAdminVM * sys-gui-vnc @adminvm allow
admin.vm.feature.CheckWithTemplateAndAdminVM * sys-gui-vnc @type:TemplateVM allow
admin.vm.property.Remove * sys-gui-vnc @anyvm allow
admin.vm.property.Set * sys-gui-vnc @anyvm allow
admin.vm.notes.Get * sys-gui-vnc @anyvm allow
admin.vm.notes.Set * sys-gui-vnc @anyvm allow
admin.vm.tag.List * sys-gui-vnc @anyvm allow
admin.vm.tag.Get +tagname sys-gui-vnc @anyvm allow
admin.vm.tag.Remove +tagname sys-gui-vnc @anyvm allow
admin.vm.tag.Set +tagname sys-gui-vnc @anyvm allow
admin.vm.firewall.Get * sys-gui-vnc @anyvm allow
admin.vm.firewall.Set * sys-gui-vnc @anyvm allow
admin.vm.firewall.Reload * sys-gui-vnc @anyvm allow
admin.vm.device.pci.Attach * sys-gui-vnc @adminvm allow
admin.vm.device.block.Attach * sys-gui-vnc @adminvm allow
admin.vm.device.usb.Attach * sys-gui-vnc @adminvm allow
admin.vm.device.mic.Attach * sys-gui-vnc @adminvm allow
admin.vm.device.webcam.Attach * sys-gui-vnc @anyvm allow
admin.vm.device.pci.Detach * sys-gui-vnc @adminvm allow
admin.vm.device.block.Detach * sys-gui-vnc @adminvm allow
admin.vm.device.usb.Detach * sys-gui-vnc @adminvm allow
admin.vm.device.mic.Detach * sys-gui-vnc @adminvm allow
admin.vm.device.webcam.Detach * sys-gui-vnc @anyvm allow
admin.vm.device.pci.Assign * sys-gui-vnc @adminvm allow
admin.vm.device.block.Assign * sys-gui-vnc @adminvm allow
admin.vm.device.usb.Assign * sys-gui-vnc @adminvm allow
admin.vm.device.mic.Assign * sys-gui-vnc @adminvm allow
admin.vm.device.webcam.Assign * sys-gui-vnc @anyvm allow
admin.vm.device.pci.Unassign * sys-gui-vnc @adminvm allow
admin.vm.device.block.Unassign * sys-gui-vnc @adminvm allow
admin.vm.device.usb.Unassign * sys-gui-vnc @adminvm allow
admin.vm.device.mic.Unassign * sys-gui-vnc @adminvm allow
admin.vm.device.webcam.Unassign * sys-gui-vnc @anyvm allow
admin.vm.device.pci.Set.required * sys-gui-vnc @adminvm allow
admin.vm.device.block.Set.required * sys-gui-vnc @adminvm allow
admin.vm.device.usb.Set.required * sys-gui-vnc @adminvm allow
admin.vm.device.mic.Set.required * sys-gui-vnc @adminvm allow
admin.vm.device.webcam.Set.required * sys-gui-vnc @anyvm allow
admin.deviceclass.List +block sys-gui-vnc @adminvm allow
admin.deviceclass.List +pci sys-gui-vnc @adminvm allow
admin.deviceclass.List +usb sys-gui-vnc @adminvm allow
admin.deviceclass.List +mic sys-gui-vnc @adminvm allow
admin.deviceclass.List +webcam sys-gui-vnc @adminvm allow
admin.deviceclass.List +block sys-gui-vnc @type:TemplateVM:AppVM:DispVM:StandaloneVM allow
admin.deviceclass.List +pci sys-gui-vnc @type:TemplateVM:AppVM:DispVM:StandaloneVM allow
admin.deviceclass.List +usb sys-gui-vnc @type:TemplateVM:AppVM:DispVM:StandaloneVM allow
admin.deviceclass.List +mic sys-gui-vnc @type:TemplateVM:AppVM:DispVM:StandaloneVM allow
admin.deviceclass.List +webcam sys-gui-vnc @type:TemplateVM:AppVM:DispVM:StandaloneVM allow
admin.vm.device.pci.Available * sys-gui-vnc @adminvm allow
admin.vm.device.block.Available * sys-gui-vnc @adminvm allow
admin.vm.device.usb.Available * sys-gui-vnc @adminvm allow
admin.vm.device.mic.Available * sys-gui-vnc @adminvm allow
admin.vm.device.webcam.Available * sys-gui-vnc @anyvm allow
admin.vm.device.pci.Assigned * sys-gui-vnc @adminvm allow
admin.vm.device.block.Assigned * sys-gui-vnc @adminvm allow
admin.vm.device.usb.Assigned * sys-gui-vnc @adminvm allow
admin.vm.device.mic.Assigned * sys-gui-vnc @adminvm allow
admin.vm.device.webcam.Assigned * sys-gui-vnc @anyvm allow
admin.vm.device.pci.Attached * sys-gui-vnc @adminvm allow
admin.vm.device.block.Attached * sys-gui-vnc @adminvm allow
admin.vm.device.usb.Attached * sys-gui-vnc @adminvm allow
admin.vm.device.mic.Attached * sys-gui-vnc @adminvm allow
admin.vm.device.webcam.Attached * sys-gui-vnc @adminvm allow
admin.pool.List * sys-gui-vnc @adminvm allow
admin.pool.ListDrivers * sys-gui-vnc @adminvm allow
# admin.pool.Info * sys-gui-vnc @adminvm allow # no need to manage dom0
# admin.pool.Add * sys-gui-vnc @adminvm allow # no need to manage dom0
# admin.pool.Set.revisions_to_keep * sys-gui-vnc @adminvm allow # no need to manage dom0
# admin.pool.ListSnapshots * sys-gui-vnc @adminvm allow # no need to manage dom0
# admin.pool.Snapshots * sys-gui-vnc @adminvm allow # no need to manage dom0
# admin.pool.Revert * sys-gui-vnc @adminvm allow # no need to manage dom0
# admin.pool.Resize * sys-gui-vnc @adminvm allow # no need to manage dom0
# admin.pool.Import * sys-gui-vnc @adminvm allow # no need to manage dom0
# admin.pool.CloneFrom * sys-gui-vnc @adminvm allow # no need to manage dom0
# admin.pool.CloneTo * sys-gui-vnc @adminvm allow # no need to manage dom0
admin.vm.pool.List * sys-gui-vnc @anyvm allow
admin.vm.pool.Info +root sys-gui-vnc @anyvm allow
admin.vm.pool.Info +private sys-gui-vnc @anyvm allow
admin.vm.pool.Info +volatile sys-gui-vnc @anyvm allow
admin.vm.pool.Info +kernel sys-gui-vnc @anyvm allow
admin.vm.pool.Set.revisions_to_keep +root sys-gui-vnc @anyvm allow
admin.vm.pool.Set.revisions_to_keep +private sys-gui-vnc @anyvm allow
admin.vm.pool.Set.revisions_to_keep +volatile sys-gui-vnc @anyvm allow
admin.vm.pool.Set.revisions_to_keep +kernel sys-gui-vnc @anyvm allow
admin.vm.pool.ListSnapshots +root sys-gui-vnc @anyvm allow
admin.vm.pool.ListSnapshots +private sys-gui-vnc @anyvm allow
admin.vm.pool.ListSnapshots +volatile sys-gui-vnc @anyvm allow
admin.vm.pool.ListSnapshots +kernel sys-gui-vnc @anyvm allow
admin.vm.pool.Snapshots +root sys-gui-vnc @anyvm allow
admin.vm.pool.Snapshots +private sys-gui-vnc @anyvm allow
admin.vm.pool.Snapshots +volatile sys-gui-vnc @anyvm allow
admin.vm.pool.Snapshots +kernel sys-gui-vnc @anyvm allow
admin.vm.pool.Revert +root sys-gui-vnc @anyvm allow
admin.vm.pool.Revert +private sys-gui-vnc @anyvm allow
admin.vm.pool.Revert +volatile sys-gui-vnc @anyvm allow
admin.vm.pool.Revert +kernel sys-gui-vnc @anyvm allow
admin.vm.pool.Resize +root sys-gui-vnc @anyvm allow
admin.vm.pool.Resize +private sys-gui-vnc @anyvm allow
admin.vm.pool.Resize +volatile sys-gui-vnc @anyvm allow
admin.vm.pool.Resize +kernel sys-gui-vnc @anyvm allow
admin.vm.pool.Import +root sys-gui-vnc @anyvm allow
admin.vm.pool.Import +private sys-gui-vnc @anyvm allow
admin.vm.pool.Import +volatile sys-gui-vnc @anyvm allow
admin.vm.pool.Import +kernel sys-gui-vnc @anyvm allow
admin.vm.pool.ImportWithSize +root sys-gui-vnc @anyvm allow
admin.vm.pool.ImportWithSize +private sys-gui-vnc @anyvm allow
admin.vm.pool.ImportWithSize +volatile sys-gui-vnc @anyvm allow
admin.vm.pool.ImportWithSize +kernel sys-gui-vnc @anyvm allow
admin.vm.pool.Clear +root sys-gui-vnc @anyvm allow
admin.vm.pool.Clear +private sys-gui-vnc @anyvm allow
admin.vm.pool.Clear +volatile sys-gui-vnc @anyvm allow
admin.vm.pool.Clear +kernel sys-gui-vnc @anyvm allow
admin.pool.CloneFrom +root sys-gui-vnc @anyvm allow
admin.pool.CloneFrom +private sys-gui-vnc @anyvm allow
admin.pool.CloneFrom +volatile sys-gui-vnc @anyvm allow
admin.pool.CloneFrom +kernel sys-gui-vnc @anyvm allow
admin.vm.pool.CloneTo +root sys-gui-vnc @anyvm allow
admin.vm.pool.CloneTo +private sys-gui-vnc @anyvm allow
admin.vm.pool.CloneTo +volatile sys-gui-vnc @anyvm allow
admin.vm.pool.CloneTo +kernel sys-gui-vnc @anyvm allow
admin.vm.CurrentState * sys-gui-vnc @adminvm allow
admin.vm.CurrentState * sys-gui-vnc @anyvm allow
admin.vm.Start * sys-gui-vnc @anyvm allow
admin.vm.Shutdown * sys-gui-vnc @anyvm allow
admin.vm.Pause * sys-gui-vnc @anyvm allow
admin.vm.Unpause * sys-gui-vnc @anyvm allow
admin.vm.Kill * sys-gui-vnc @anyvm allow
# admin.backup.Execute * sys-gui-vnc @adminvm allow # no need
# admin.backup.Info * sys-gui-vnc @adminvm allow # no need
# admin.backup.Cancel * sys-gui-vnc @adminvm allow # no need
# admin.vm.Stats * sys-gui-vnc @adminvm allow # vm-stats
When I try to log in from my laptop, my screen looks like this:
While I don’t have sys-gui-vnc to sys-gui-vnc policies in there, I can confidently say they didn’t work for any error, no matter their precedence.
Hey!
.
Bump again
