securedrop-workstation icon indicating copy to clipboard operation
securedrop-workstation copied to clipboard

Published 20 hours ago verified publisher icon freedomofpress

Functional RPC policy tests

Open micahflee opened this issue 9 months ago • 1 comments

Status

Ready for review

Description of Changes

Fixes #759.

This was simpler than I first expected it to be.

As discussed in #759, I skipped testing qubes.USBAttach, qubes.USB, qubes.OpenInVM rules, and also GPG-related allow rules, to allow the tests to run without user interaction.

This tests securedrop.Log (allow and deny), securedrop.Proxy (allow and deny), and the GPG-related rules (deny). It relies on there existing sys-net and sys-firewall VMs, as it uses these as example VMs where various SDW policies should be denied.

micahflee avatar May 07 '24 22:05 micahflee

Now the securedrop.Log tests use qubesadmin to test each running VM with the sd-workstation to make sure it's allowed, and each running VM without it to make sure it's denied.

micahflee avatar May 09 '24 19:05 micahflee