On Tuesday, July 26, 2016 at 10:18:13 PM UTC-7, Nicklaus McClendon wrote: ...
> As Virtualbox and Vagrant currently run within HVMs, does this mean that > Virtualbox (and other visualization tools) will likely work in AppVMs in > Qubes 4? > > from https://wiki.xen.org/wiki/Nested_Virtualization_in_Xen "2. Virtual Box fails to boot on top of Xen (L1 panic while booting L2)" you better use a different back end. the libvirt one is nice. i used to vagrant-mutate virtualbox boxes that worked for most of the virtualbox vagrant files. sometimes you have to tweak the vagrantfile. "4. Using populate-on-demand (memory!=maxmem) or guest paging in an L1 hypervisor for an L2 guest may deadlock the L0 hypervisor. This means an L1 admin can DOS the L0 hypervisor. This is a potential security issue; for this reason, we do not recommend running nested virtualization in production yet" leads me to believe the isolation for nested guests isnt quite there yet. Vagrant is both really important, almost critical to some peoples work, but also potentially dangerous for qubes. the idea of a qr-exec back end has been brought up, but i dont think anyone wrote one. even if you did, vagrant boxes would have to be somehow convereted. vagrant-mutate could possibly be adapted. another solution: remote "vagrant server" to ssh to. on the plus side, it frees up resources on your laptop. the big negative is you have to have a connection. another negative is not being able to use existing "utility" vagrant boxes that would need to run from your laptop. if your sharing this box, might be able to use lxc as an easy way to get separate network namespaces so you can run the same vagrant files without cross interference. havent tried virtualbox inside lxc yet. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/8d2cb3f8-c622-42b9-9f9c-f50e2426ba7f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
