/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New standalone VMs inherit template's private filesystem state #4045

Open
tasket opened this Issue Jun 29, 2018 · 5 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Release 4.0 updates
3 participants
@tasket @andrewdavidwong @marmarek
@tasket

tasket commented Jun 29, 2018

Qubes OS version:

R4.0

Affected component(s):

Standalone VMs created from templates

Steps to reproduce the behavior:

  1. Add some file to templateVM's /home/user then shutdown
  2. Create standalone VM from template
  3. Start standalone and view the files

Expected behavior:

Standalone VM receives a newly-initialized private fs.

Actual behavior:

Information from template private fs is retained.

General notes:

Related issues:

@andrewdavidwong andrewdavidwong added bug C: core labels Jun 30, 2018

@andrewdavidwong andrewdavidwong added this to the Release 4.0 updates milestone Jun 30, 2018

@andrewdavidwong

This comment has been minimized.

Show comment
Hide comment
@andrewdavidwong

andrewdavidwong Jun 30, 2018

Member

If I understand correctly, @tasket is saying that, since TemplateBasedVMs no longer inherit the contents of /home from their parent TemplateVMs in 4.0 (changed from 3.2), StandaloneVMs also should not inherit the contents of /home from the TemplateVMs from which they are created.
Member

andrewdavidwong commented Jun 30, 2018

If I understand correctly, @tasket is saying that, since TemplateBasedVMs no longer inherit the contents of /home from their parent TemplateVMs in 4.0 (changed from 3.2), StandaloneVMs also should not inherit the contents of /home from the TemplateVMs from which they are created.
@tasket

This comment has been minimized.

Show comment
Hide comment
@tasket

tasket Jun 30, 2018

I was going to say that... Thanks for clarifying! The consistency part of it is the most important, IMO, because ppl will use template-based appVMs most of the time and expect the same 'cleanliness' from standalones -- but may leak files without realizing.

tasket commented Jun 30, 2018

I was going to say that... Thanks for clarifying! The consistency part of it is the most important, IMO, because ppl will use template-based appVMs most of the time and expect the same 'cleanliness' from standalones -- but may leak files without realizing.
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Jun 30, 2018

Member

Note that when you create a StandaloneVM from a Template, it is in fact qvm-clone --class StandaloneVM operation. But indeed it is inconsistent.
Member

marmarek commented Jun 30, 2018

Note that when you create a StandaloneVM from a Template, it is in fact qvm-clone --class StandaloneVM operation. But indeed it is inconsistent.
@tasket

This comment has been minimized.

Show comment
Hide comment
@tasket

tasket Jul 4, 2018

I guess this is limited to the GUI tool, as qvm-create gives me an error when I specify standaloneVM and a template.

Should this be resolved with import_data(blank_file) ?

tasket commented Jul 4, 2018

I guess this is limited to the GUI tool, as qvm-create gives me an error when I specify standaloneVM and a template.

Should this be resolved with import_data(blank_file) ?
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Jul 11, 2018

Member

Should this be resolved with import_data(blank_file) ?

Better skip cloning private volume at all in such a case. See clone_vm function. Maybe some extra argument there (ignore_volumes, or clone_volumes)? Then use it in qvm-clone tool (some extra option) and also in GUI when creating standalone VM.
Member

marmarek commented Jul 11, 2018

Should this be resolved with import_data(blank_file) ?

Better skip cloning private volume at all in such a case. See clone_vm function. Maybe some extra argument there (ignore_volumes, or clone_volumes)? Then use it in qvm-clone tool (some extra option) and also in GUI when creating standalone VM.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment