I recently made a stuff up and copy pasted from anon-whonix into a debian-11 VM. It got me thinking, why the hell is Qubes RPC even allowed between Whonix and non-Whonix VMs?
I added some initial rules to prevent the Filecopy case:
qubes.Filecopy * @tag:anon-vm @tag:anon-vm allow
qubes.Filecopy * @tag:anyvm @tag:anon-vm deny
qubes.Filecopy * @tag:anon-vm @anyvm deny
qubes.Filecopy * @tag:anon-vm @tag:whonix-updatevm allow
qubes.Filecopy * @anyvm @tag:whonix-updatevm deny
I am not certain this covers every case but it is a good enough start.
I then got to thinking, I don’t really want ANY Qubes RPC touching my whonix vms other than what is absolutely necessary. I guess this includes anything initiated by dom0 and the sdwdate GUI stuff. Coming up with the appropriate rules for this isn’t exactly straightforward without intricate knowledge of Qubes and Whonix. Is this something that has been looked into? If not, why not?