Hello all, I was looking to see if I could update an offline standalone VM, by appending a line to `etc/qubes-rpc/policy/qubes.UpdatesProxy` and I now have some questions.
First, I noticed the lines: ~~~ # Default rule for all TemplateVMs - direct the connection to sys-net $type:TemplateVM $default allow,target=sys-net ~~~ Q1) Is this correct? Shouldn't updates be directed to sys-firewall instead of sys-net? Are all of our templates exposed to (untrusted) sys-net? Hopefully I am wrong about this, but either way I'd appreciate if someone could explain... Q2) If I want to update an offline standalone VM called `OfflineSA`, what would be the proper syntax in `etc/qubes-rpc/policy/qubes.UpdatesProxy`? I have tried each of the following without success: OfflineSA $default allow,target=sys-net OfflineSA $default allow,target=sys-firewall OfflineSA allow,target=sys-net OfflineSA allow,target=sys-firewall $type:StandaloneVM $default allow,target=sys-net $type:StandaloneVM $default allow,target=sys-firewall Q3) do I need to restart my whole qubes system for any new `etc/qubes-rpc/policy/qubes.UpdatesProxy` rules to come into effect? Q4) can update proxies perhaps only be set via some $tag or $type? Thank you! -m0ssy -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/156da8f3-0a02-a404-3165-e8dbebe6d961%40riseup.net. For more options, visit https://groups.google.com/d/optout.
