gaschz/ansible-qubes
1
0
Fork 0
mirror of https://github.com/Rudd-O/ansible-qubes.git synced 2025-03-01 14:22:33 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add note about dom0 security policy.

Browse Source
This commit is contained in:
Manuel Amador (Rudd-O) 2017-05-15 18:41:21 +00:00
parent 46ab127940
commit 11d19eee93
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
README.md
View File

@ -89,7 +89,20 @@ Enabling bombshell-client access to dom0
create a file `/etc/qubes-rpc/qubes.VMshell` with mode `0644` and make create a file `/etc/qubes-rpc/qubes.VMshell` with mode `0644` and make
sure its contents say `/bin/bash`. sure its contents say `/bin/bash`.
That's it -- `bombshell-client` should work against dom0 now. You will then create a file `/etc/qubes-rpc/policy/qubes.VMShell` with
mode 0664, owned by your login user, and group `qubes`. Add a policy
line towards the top of the file:
```
yourvm dom0 ask
```
Where `yourvm` represents the name of the VM you will be executing
`bombshell-client` against dom0 from.
That's it -- `bombshell-client` should work against dom0 now. Of course,
you can adjust the policy to have it not ask — do the security math
on what that implies.
How to use the connection technology with automation tools like Ansible How to use the connection technology with automation tools like Ansible
----------------------------------------------------------------------- -----------------------------------------------------------------------