On 10/13/2016 12:45 PM, Robert Mittendorf wrote:
Am 10/13/2016 um 04:50 AM schrieb raahe...@gmail.com:feature. I use to make menu shortcuts to launch programs in dispvms inheriting firewall rules. But xfce only lets you edit already existing rules, not create new ones :( editing a config file is a little too much effort for me lol.You can edit the rules in Xfce-Dom0 via the Qubes VM Manager?! How can this "feature" be disabled? I want to start a normal DispVM, not a "special" DispVM.....
Of course it's a feature. You want to open those pesky attachments of your mail VM in a dispVM, don't you? But do you want to grant that VM internet access? At least I wouldn't want that and thus would expect that those firewall rules are inherited.
Use Case: Mail VM is only allowed to access Mail-Server. I want to start a Browser in DispVM for urls in Mails. This works fine, but those "special" DispVMs have the same limitations. I want just a normal DispVM like the one started via Dom0. The only way to achieve this afaik is to let the special DispVM connect to NetVM, so no ProxyVM is used. But this means that the DispVM has access to the intranet.....
Currently your easiest option is not to click on the links, but to copy-paste them to an open dispVM. Small sacrifice for a major security gain.
-- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to firstname.lastname@example.org. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a906460e-0754-3b34-ca6e-232d3252ef34%40hackingthe.net. For more options, visit https://groups.google.com/d/optout.
Description: S/MIME Cryptographic Signature