-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Fri, Dec 22, 2017 at 05:30:49AM -0800, Vít Šesták wrote: > As far as I remember, there was an idea to kill stubdoms after boot, which > would both reduce risk (as stubdoms run in PV) and CPU+memory overhead. I > cannot try it right now, because I haven't installed Q4.
Unfortunately this doesn't work. But with PVHv2 stubdomain is also not needed. We're almost there - the only remaining thing is to solve issues in this pull request: https://github.com/QubesOS/qubes-linux-kernel/pull/13 > > If I switch to disposable VMs, I assume the risk would be reduced. > > You can sort reduce some risk of having your AppVMs permanently pwned. As a > result, this could prevent some kinds of gradual pwnage of dom0. > > OTOH, if attacker pwns some your VM and has a reliable way to escape from the > VM to dom0, it does not matter if it is DispVM or not. > > > Can this be done for the sys-vms? > > Not sure about 4, but I have done something similar for sys-usb in Q3.2. > Strictly speaking, it is not a DVM, but it behaves similarly. The hack is > simple in Q3.2: 1. Truncate VM's private.img to zero bytes. 2. Ensure that > the VM template has created /home/user in root.img. (You can do something > like this: sudo mkdir /tmp/root && sudo mount --bind / /tmp/root && sudo > mkdir /tmp/root/home/user && sudo chown user:user /tmp/root/home/user && sudo > chmod 700 /tmp/root/home/user) > > In Q4, you will probably be able to do something similar, but you probably > can't truncate LVM volume to zero bytes, so this will require some > elaboration. In Q4 you can create static DispVM for various tasks, including sys-usb. I haven't tried it, but something like this should work: qvm-create -C DispVM -l red sys-usb2 qvm-pci attach --persistent sys-usb2 dom0:00_1a.0 qvm-prefs sys-usb2 autostart true # optional, if you want qvm-prefs sys-usb2 provides_network true Then, disable (or remove) default sys-usb. Of course you need to adjust device for your hardware. This way, every time the VM is started, it gets new private volume, which gets discarded at VM shutdown. But VM configuration is persistent, so you don't have to configure it each time. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlo/AesACgkQ24/THMrX 1yxYpAf/cs7JQIWng5JoHFnPwa7T39ca+Qgwl7nEnmsh47giMUKN/wFBjEc2M4AB hN6nL8fBaqFTCLwXJ7JEei2+ynkDHf6e7fD1f46iukDUAcsirXu71D732R5p2oIn r3/YkPLxJuu6uhbHNxDLI5fNDmZV19WpN3XlZG0yBapVcgxY0Wtp/IsXlukCibXx s4nwES4PzJ5J4gsM1Hms/Rj+R1GAwZpqaOMB1JV3PopPln5elkU4Xy6WHY4Huf/O WBMtqExBNejs2t88PRnoTaqvOAQPtXvdeeRfYz4KUhzszt5LesWR6ha0v9F/bIcx FArUa0FebieskJpcOxfeX4j+Sa4+mw== =o+xQ -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171224012457.GB3743%40mail-itl. For more options, visit https://groups.google.com/d/optout.
