/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make it possible to use DispVM as UpdateVM #2801

Closed
mig5 opened this Issue May 11, 2017 · 4 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Release 4.0
3 participants
@mig5 @marmarek @andrewdavidwong
@mig5

mig5 commented May 11, 2017

Qubes OS version (e.g., R3.2):

R3.2

It would be nice to have the ability to make the UpdateVM a Disposable VM. Say, to mitigate the (albeit rare) risk of some existing persistent malware in /rw on the relevant UpdateVM, interfering with handling the dom0 updates before they make their way back to dom0.

Do you think it's possible?

I tried already hacking a solution via piping the tar -C stuff to '/usr/lib/qubes/qfile-daemon-dvm qubes.VMShell dom0 red' but I couldn't get it to work. Maybe it's not possible given how restricted dom0 is in terms of how it can run commands on a dispVM (compared to the easier appVM -> dispVM)
@mig5

This comment has been minimized.

Show comment
Hide comment
@mig5

mig5 May 11, 2017

In any case there is a simple way to set up a 'quasi'-disposable VM by writing a wrapper script around the main qubes-dom0-update.

Leaving this here in case the idea is rejected but others still want to do something similar:

https://mig5.net/content/using-quasi-disposable-vm-updatevm-qubes

mig5 commented May 11, 2017
edited
Edited 1 time
  • @mig5 mig5 edited May 12, 2017 (most recent)

In any case there is a simple way to set up a 'quasi'-disposable VM by writing a wrapper script around the main qubes-dom0-update.

Leaving this here in case the idea is rejected but others still want to do something similar:

https://mig5.net/content/using-quasi-disposable-vm-updatevm-qubes
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek May 11, 2017

Member

This will be trivial in Qubes 4.0...
Member

marmarek commented May 11, 2017

This will be trivial in Qubes 4.0...
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek May 11, 2017

Member

You can create semi-persistent DispVM there - the VM stays on the list, together with its name etc, but its state is discarded as soon as it is stopped.
Member

marmarek commented May 11, 2017

You can create semi-persistent DispVM there - the VM stays on the list, together with its name etc, but its state is discarded as soon as it is stopped.

@andrewdavidwong andrewdavidwong added this to the Release 4.0 milestone May 12, 2017

@andrewdavidwong andrewdavidwong added C: core enhancement labels May 12, 2017

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Oct 23, 2017

Member

As said before, it is easy in Qubes 4.0:

qvm-create --class DispVM -t fedora-25-dvm -l orange disp-updatevm
qubes-prefs updatevm disp-updatevm
Member

marmarek commented Oct 23, 2017

As said before, it is easy in Qubes 4.0:

qvm-create --class DispVM -t fedora-25-dvm -l orange disp-updatevm
qubes-prefs updatevm disp-updatevm

@marmarek marmarek closed this Oct 23, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment