/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document qubes.PostInstall service, `/etc/qubes/post-install.d`, qvm-features-request #2829

Open
marmarek opened this Issue May 26, 2017 · 2 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Release 4.1
3 participants
@marmarek @adrelanos @andrewdavidwong
@marmarek
Member

marmarek commented May 26, 2017
edited
Edited 1 time
  • @marmarek marmarek edited May 26, 2017 (most recent)

Document mechanism used by VMs (especially templates) to announce what "features" it support. This apply to things like:

  • gui agent / seamless mode
  • being updates proxy
  • handling firewall rules set for VM by dom0 (qvm-firewall/qubes-firewall)
  • having own clock synchronization mechanism (request dom0 to not send dom0 time to it)

This is about #1637

@marmarek marmarek added C: doc P: major labels May 26, 2017

@marmarek marmarek added this to the Release 4.0 milestone May 26, 2017

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek May 26, 2017

Member

@adrelanos can you list what dom0 changes you'd like for better privacy in Whonix VMs (both WS and GW)?
Member

marmarek commented May 26, 2017

@adrelanos can you list what dom0 changes you'd like for better privacy in Whonix VMs (both WS and GW)?

marmarek added a commit to marmarek/old-qubes-core-agent-linux that referenced this issue May 26, 2017

@marmarek
Implement qubes.PostInstall service 
This is meant to notify dom0 about features supported by just-installed
template. This service is called by dom0 just after template
installation.

Fixes QubesOS/qubes-issues#1637
Documentation pending: QubesOS/qubes-issues#2829
Verified
This commit was signed with a verified signature.
@marmarek marmarek Marek Marczykowski-Górecki
GPG key ID: 063938BA42CFA724 Learn about signing commits
8694931
@adrelanos

This comment has been minimized.

Show comment
Hide comment
@adrelanos

adrelanos Jun 3, 2017

Member

@adrelanos can you list what dom0 changes you'd like for better privacy in Whonix VMs (both WS and GW)?

That's a pretty broad question.

Generally, not just dom0:

dom0 specific:

Block clflush and tsc instructions. Remove all timers. Avoid multi-threading VMs. Alternatively use non-interleaved NUMA with pinned vCPUs.

Pin vCPUs to separate pCPUs. Block tsc instructions. Remove all timers.
Member

adrelanos commented Jun 3, 2017

@adrelanos can you list what dom0 changes you'd like for better privacy in Whonix VMs (both WS and GW)?

That's a pretty broad question.

Generally, not just dom0:

dom0 specific:

Block clflush and tsc instructions. Remove all timers. Avoid multi-threading VMs. Alternatively use non-interleaved NUMA with pinned vCPUs.

Pin vCPUs to separate pCPUs. Block tsc instructions. Remove all timers.

@qubesos-bot qubesos-bot referenced this issue in QubesOS/updates-status Jun 9, 2017

Closed

core-agent-linux v4.0.0 (r4.0) #68

@marmarek marmarek referenced this issue Oct 22, 2017

Closed

Archlinux template for QubesOS 4.0 #3185

@marmarek marmarek referenced this issue Dec 23, 2017

Open

UpdateVM for templates always defaults to sys-net #3118

@andrewdavidwong andrewdavidwong added the task label Mar 31, 2018

@andrewdavidwong andrewdavidwong modified the milestones: Release 4.0, Release 4.1 Mar 31, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment