mirror of
https://github.com/Rudd-O/ansible-qubes.git
synced 2025-03-01 14:22:33 +01:00
Add note about dom0 security policy.
This commit is contained in:
Manuel Amador (Rudd-O)
parent
46ab127940
commit
11d19eee93
15
README.md
15
README.md
@ -89,7 +89,20 @@ Enabling bombshell-client access to dom0
|
||||
create a file `/etc/qubes-rpc/qubes.VMshell` with mode `0644` and make
|
||||
sure its contents say `/bin/bash`.
|
||||
|
||||
That's it -- `bombshell-client` should work against dom0 now.
|
||||
You will then create a file `/etc/qubes-rpc/policy/qubes.VMShell` with
|
||||
mode 0664, owned by your login user, and group `qubes`. Add a policy
|
||||
line towards the top of the file:
|
||||
|
||||
```
|
||||
yourvm dom0 ask
|
||||
```
|
||||
|
||||
Where `yourvm` represents the name of the VM you will be executing
|
||||
`bombshell-client` against dom0 from.
|
||||
|
||||
That's it -- `bombshell-client` should work against dom0 now. Of course,
|
||||
you can adjust the policy to have it not ask — do the security math
|
||||
on what that implies.
|
||||
|
||||
How to use the connection technology with automation tools like Ansible
|
||||
-----------------------------------------------------------------------
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user