-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Tue, May 17, 2016 at 02:20:07PM +0200, Joanna Rutkowska wrote:
> On Tue, May 17, 2016 at 01:57:47PM +0200, Marek Marczykowski wrote:
> > Selecting srcvm as the DispVM template will have undesired effect: that
> > DispVM will have (read-only) access to srcvm private image. Not
> > something we want...
> >
>
> Right, good point. Anyway, I still think we should go for the "inherit only from
> the DispVM template" option.

Ok.

So, I think this will be enough for new DispVM implementation. To
summarize:

1. Modify qrexec policy to allow express "DispVM based on X", not only
"DispVM" by adding "$dispvm:vmname" option. Have "$dispvm" mean "default
DispVM", not "any DispVM".

2. Move target VM choice from calling VM to dom0, based on qrexec policy
and user choice (https://github.com/QubesOS/qubes-issues/issues/910)

2a. (optional for 4.0?) Add ability to specify default target VM for
given service and source VM.

3. Inherit all the VM settings from DispVM base VM, instead of calling
VM (including label and netvm)

Related:

4. Implement qubes.OpenURL service
(https://github.com/QubesOS/qubes-issues/issues/1487)

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJXOxFvAAoJENuP0xzK19cswGQH/2X3b8/oo6sRW1iZDRXNq6uf
beHhMe9NsxLMMPaFQyKzHpjYZIg+2Cx3rsZ/wf/RjA58APQETDaux/eEvCMhqPic
EobbU8e7dfnm5gNYc0H52DFXJf2kQaM99LSjIbX99fsivtrjkj1Q0Wgrkiq1Mwth
q/jdBflQ9GI6IkmMj0joL6SeEi47lB5hG3BKgtn2nyRv/fHmgNSBr18lU6hjd7j9
1bvxOn3zuzyPDn0ZqqAF3Ktkv7NwE5+MdEHY6os9Bykeet49QwHYeecS+WZ26GzY
G1cWmrUSVmz8zssdzRRsfR5gDeXrTgBsrwVj462cyYnjxoHETcuSkkT2FJQ+ubU=
=gdup
-----END PGP SIGNATURE-----