Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign upAllow DispVMs to inherit netvm without inheriting firewall rules #1296
Comments
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
marmarek
Oct 8, 2015
Member
Indeed useful feature.
I think this can be done as part of #866
For now, you can setup normal AppVM (mail-web) and open links there using qvm-open-in-vm. Not as good as DispVM, but in some cases good enough.
|
Indeed useful feature. For now, you can setup normal AppVM ( |
marmarek
added
enhancement
C: core
P: major
labels
Oct 8, 2015
marmarek
added this to the Release 4.0 milestone
Oct 8, 2015
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
andrewdavidwong
Oct 8, 2015
Member
For now, you can setup normal AppVM (
mail-web) and open links there usingqvm-open-in-vm. Not as good as DispVM, but in some cases good enough.
Yes, this is what I've been doing instead, and it's actually quite a good solution. The main drawback is potential cross-contamination from opening all the links in same persistent browser/VM.
Yes, this is what I've been doing instead, and it's actually quite a good solution. The main drawback is potential cross-contamination from opening all the links in same persistent browser/VM. |
andrewdavidwong commentedOct 8, 2015
One of the most common ways ordinary users are attacked today is via malicious links in emails. Therefore, it makes sense to create an email VM with restrictive firewall rules (e.g., allow only POP3S/IMAPS and URD traffic to email servers). However, then it becomes cumbersome for users to open links in emails.
Solution: Allow users to open links in DispVMs. Qubes currently allows users to open links in DispVMs and to set the netvm which the new DispVM will have. However, the new DispVM automatically inherits the restrictive firewall rules of its parent, making it useless for this pupose.