Hello! First and foremost, I did google and I did read this thread about Dom0 not being networkable anymore https://groups.google.com/d/msg/qubes-users/c2RyhLmTCm4/VQXWnHtyBQAJ
However, I need to have 3d acceleration available to a trusted-ish (in the sense, developed in-house) program that would need network access. Performance w/o acceleration access is unacceptable, while accelerated performance is okay (tested on raw fedora) so just giving up and running it in a Qubes AppVM is sadly not an option The software also needs network access. Current plan is to 1) restore Dom0 networking via netvm 2) build the program inside Dom0 3) take additional steps to mitigate possible risks (maybe run it in something like firejail - software in question runs well inside firejail in isolated network namespace as non-root with firejail's secomp and caps filters enabled) Thus questions are: a) how do I restore Dom0 networking via netvm "properly"? b) are there any additional pitfalls to compiling stuff in Dom0 c) what mitigations beyond firejail would be prudent (maybe also run something like pdnsd in netvm to deal with DNS-related issues mentioned here <https://groups.google.com/d/msg/qubes-users/c2RyhLmTCm4/RwZjfAOFBQAJ> specifically?) d) is this entire undertaking a worse idea than "just run this "trusted-ish" thing on an arch linux machine with grsec and a few KVM VM's for isolating less trusted apps" ? Thank you! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9f39bb85-acf2-44bb-9411-1cf0b88d2ec7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
