Tomster/QubesOS-Scripts
1
0
Fork 0
mirror of https://github.com/tommytran732/QubesOS-Scripts synced 2025-02-08 13:11:34 -05:00
Code

Update Quality of Life.md

Browse Source 
Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2025-02-02 03:31:59 -07:00 committed by GitHub
parent c0d738b15b
commit 23e0fedf32
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Quality of Life.md
View File

@ -47,6 +47,14 @@ ctap.GetInfo * microsoft-edge sys-usb allow
ctap.ClientPin * microsoft-edge sys-usb allow ctap.ClientPin * microsoft-edge sys-usb allow
``` ```
### Split GPG
The GUI configurator is very broken so I don't use it. Instead, I write my own policy at `/etc/qubes/policy.d/50-gpg.policy`
```
qubes.Gpg * thunderbird vault allow
```
Note that I just use allow here, because the vault VM on a new Fedora 41 already prompts for confirmation, so I don't wanna have to answer yet another prompt from dom0.
### Trivial data exfiltration prevention ### Trivial data exfiltration prevention
One trivial way for malicious applications to exfiltrate data from an offline VM is to open a link in a disposable VM with a payload. To prevent this, open the VM settings, go to advanced and set the default disposable template to none. One trivial way for malicious applications to exfiltrate data from an offline VM is to open a link in a disposable VM with a payload. To prevent this, open the VM settings, go to advanced and set the default disposable template to none.