Just noting two more pitfalls: 1) When you create a new device, you should overwrite all the content (standard mkfs is not enough) before attaching it to a VM. If you don't do so, the VM might get some old data leaked from another VM. Maybe thin LVs have a different behavior.
2) When booting from Qubes installation image and trying to perform system recovery, it seems to scan all LVs, regardless they are dom0 LVs or domU LVs. This is potentially dangerous (filesystem parsing bugs). And since the installation image is not updated frequently, there is even higher probability of a known unpatched vulnerability. Maybe it could be determined by the name if it should be scanned. Since LVM thin volumes are to be used in Qubes 4.0, I'd like to ask you if Qubes addresses those two issues there. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d589117b-2830-4df5-8fd9-73f66e6a4bc4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
