Support FirewallVM in Dom0

[marmarek]

Reported by joanna on 23 Mar 2011 11:05 UTC
When the users decided to use networking in Dom0 (b/c has no VT-d support), we should ensure the firewall enforcement will run in Dom0 as well.

Migrated-From: https://wiki.qubes-os.org/ticket/124

[marmarek]

Modified by rafal on 25 Mar 2011 15:54 UTC

[marmarek]

Modified by rafal on 25 Mar 2011 15:54 UTC

[marmarek]

Modified by joanna on 30 Mar 2011 08:43 UTC

[marmarek]

Modified by joanna on 30 Mar 2011 08:43 UTC

[marmarek]

Comment by joanna on 30 Mar 2011 13:53 UTC
So, the netvm seems to be working fine (after fixing the suspend script). And, from what I understand, it also works fine on other people's systems too? I think we should not support networking in Dom0, because:

• We're moving away from this possibility anyway (this is one of the unique features of Qubes arch -- sure we also have other unique things, such as GUI isolation, but this one is also important)
• It requires some additional work (e.g. this ticket) and we really have lots of other tasks to do
• Supporting networking in Dom0 requires us to immediately release patches for any potential vulnerability in any of the net components (DHCP, NM, driver, stacks). And we really don't want to do that

So, I'm closing this ticket. For now (Beta 1), we will leave all the networking-related code in Dom0, so in case some user really have problems with netvm, they could still manually switch to Dom0 networking. But they will not have firewalling, and the switching procedure will requires some manual tinkering (qvm-setdefault-netvm, rmmod pcoiback, etc). In Beta 2 we will likely remove all the network-related code from Dom0, hopefully hugely reducing the no of packets to maintain there.

[marmarek]

Comment by joanna on 30 Mar 2011 13:53 UTC
So, the netvm seems to be working fine (after fixing the suspend script). And, from what I understand, it also works fine on other people's systems too? I think we should not support networking in Dom0, because:

• We're moving away from this possibility anyway (this is one of the unique features of Qubes arch -- sure we also have other unique things, such as GUI isolation, but this one is also important)
• It requires some additional work (e.g. this ticket) and we really have lots of other tasks to do
• Supporting networking in Dom0 requires us to immediately release patches for any potential vulnerability in any of the net components (DHCP, NM, driver, stacks). And we really don't want to do that

So, I'm closing this ticket. For now (Beta 1), we will leave all the networking-related code in Dom0, so in case some user really have problems with netvm, they could still manually switch to Dom0 networking. But they will not have firewalling, and the switching procedure will requires some manual tinkering (qvm-setdefault-netvm, rmmod pcoiback, etc). In Beta 2 we will likely remove all the network-related code from Dom0, hopefully hugely reducing the no of packets to maintain there.