TemplateVM is not defined on qubes-rpc policy by default

I changed the name of sys-net and then installing apps on template failed.
I rememberd that on 4.0 in updateproxy policy there was a something like @type:TemplateVM @default allow,target=sys-net but in 4.1 wasn’t there by default.
After added it I was able to install apps on templates but the question is, is it the flow different on 4.1 or why that statement was missing from 4.1?

I changed the name of sys-net and then installing apps on template failed.

4.1 has a different mechanism.
There is a default policy file in /etc/qubes/policy.d/90-default.policy

Read the head of the default file.
To override that file you create a new higher-numbered file in the same
directory, with the setting you want.

1 Like