> But look every vms in qubes base on the same,so if someone compromize sys-net 
> VM then it should not be so hard to compromize other VMs.

It would compromise sys-net.  Any writes to the template-based volume
(with /bin, /usr, /var, etc.) are discarded upon VM reboot.  They are
not written to the base template--only the template itself can do that.

It's possible malware could persist in sys-net, though, by compromising
its /rw partition, which *does* persist across reboots (but is only used
by that specific VM).  But even then: it only compromizes sys-net.


You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To post to this group, send email to
To view this discussion on the web visit
For more options, visit

Reply via email to