(Was written by Marek. Forwarding this to qubes-devel in hope someone will have better answers than I might have. :)
Hi, Disposable VMs in Qubes 4.0 are much more flexible. The major difference is possibility to use different Disposable VMs "templates" (which in fact can be any AppVM) for different purposes (different services, different calling VM etc). All settings of Disposable VM are inherited from its "template", including private image (IOW, it isn't required to create /home/user/.qubes-dispvm-customized file for that anymore). This "all settings" include also netvm - it is no longer inherited from calling VM, but from Disposable VM "template". But since it's possible to create multiple such templates, it is possible to achieve the same behavior. What is used where is configured using qrexec policy. I'm preparing the policy for Whonix-related VMs for Qubes 4.0. Here are possible options I see: 1. Allow starting default Disposable VMs from both Whonix Gateway (sys-whonix) and Whonix Workstation (anon-whonix or other). This is the default (if you don't modify policy for Whonix), but it's a very bad idea, since such Disposable VM most likely will have access to clearnet directly. 2. Prevent starting Disposable VMs from any of Whonix VMs. This is safe option, but also it limit functionality. 3. Allow creating Disposable VMs based on anon-whonix, then allow only such DispVMs be started from Whonix VMs. 3a. Similar, but create separate anon-whonix-dvm for that. Major difference is that DispVMs based on anon-whonix-dvm will not have access to private image of anon-whonix here. Should the above be only about Whonix Workstation VM(s)? Whonix Gateway have access to the clearnet anyway (at least in theory), so it's much less important there. What about templates? I think preferred is point 3a, but it require that Whonix-based Disposable VMs works. OTOH, it should be much easier there, because in Qubes 4.0 there are no more savefiles - DisposableVM is started the same way as AppVM. -------- Forwarded Message -------- Subject: [Whonix-devel] Disposable VMs on Qubes 4.0 Date: Sun, 10 Sep 2017 15:28:15 +0200 From: Marek Marczykowski-Górecki <marma...@invisiblethingslab.com> Reply-To: whonix-de...@whonix.org To: whonix-de...@whonix.org -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/0f80b2a7-af84-fe3c-db9b-5d9bbeedfea6%40riseup.net. For more options, visit https://groups.google.com/d/optout.