fix: GUI Global Config precedes packaged policies

ben-grande · Jun 17, 2024 · 59e8fc3 · 59e8fc3
1 parent faa00fb
commit 59e8fc3
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 5 deletions.
diff --git a/salt/sys-bitcoin/create.sls b/salt/sys-bitcoin/create.sls
@@ -279,4 +279,6 @@ tags:
     - name: qvm-volume extend dvm-bitcoin-builder:private 20Gi
 
 {% from 'utils/macros/policy.sls' import policy_set with context -%}
-{{ policy_set(sls_path, '70') }}
+{{ policy_set(sls_path, '45') }}
+{% from 'utils/macros/policy.sls' import policy_unset with context -%}
+{{ policy_unset(sls_path, '70') }}
diff --git a/salt/sys-cacher/create.sls b/salt/sys-cacher/create.sls
@@ -97,10 +97,10 @@ features:
 {%- endload %}
 {{ load(defaults) }}
 
-{% from 'utils/macros/policy.sls' import policy_unset with context -%}
-{{ policy_unset(sls_path, '75') }}
 {% from 'utils/macros/policy.sls' import policy_set with context -%}
 {{ policy_set(sls_path, '45') }}
+{% from 'utils/macros/policy.sls' import policy_unset with context -%}
+{{ policy_unset(sls_path, '75') }}
 
 "{{ slsdotpath }}-extend-volume":
   cmd.run:

diff --git a/salt/sys-cacher/files/admin/policy/default.policy b/salt/sys-cacher/files/admin/policy/default.policy
@@ -8,8 +8,6 @@ qubes.OpenURL * {{ sls_path }} @default allow target={{ sls_path }}-browser
 qubes.OpenURL * {{ sls_path }} @anyvm   deny
 qubes.ConnectTCP +8082 {{ sls_path }}-browser  @default  allow target={{ sls_path }}
 qubes.ConnectTCP *     {{ sls_path }}-browser  @anyvm    deny
-qubes.UpdatesProxy * @tag:whonix-updatevm     @default allow  target=sys-whonix
-qubes.UpdatesProxy * @tag:whonix-updatevm     @anyvm   deny
 qubes.UpdatesProxy * @tag:updatevm-{{ sls_path }} @default  allow  target={{ sls_path }}
 qubes.UpdatesProxy * @tag:updatevm-{{ sls_path }} @anyvm    deny
 ## vim:ft=qrexecpolicy