Oops, didn't CC the list... On Thu, Oct 17, 2019, 02:37 Steve Coleman <[email protected]> wrote:
> On 2019-10-16 11:57, Jin-oh Kang wrote: > > Sorry I might be out of touch, but can't you just install Android > directly on your HVM without a container? Anbox is meant to run Android > *without* a hypervisor like Xen which is the whole point of using Qubes. > Anbox does allow you to run Android under PV/PVH but that sounds just as > absurd. Plus if the Android system you're trying to emulate is ARM-based > there's no advantage over running a plain Android emulator on QEMU. > > There is an issue, at least with the Andoroid-x86 distribution when used > under Xen, in that the Android installer can't even see the Qubes disk > space as to partition and install the android system. This is due to the > specific Xen driver support not being recognized by the Android > installer, so the fix required is not within Qubes. Likewise qemu isn't > going to work to resolve a missing system disk. As I see it, one can can > either recompile Xen to provide a different disk type, or recompile the > Android-x86/installer to recognize a new disk type. The funny thing is > they used to work together before Xen changed how they did this > particular driver. I actually had one running under Qubes 3.0 but lost > it around the R3.1 time frame. > Oh so it's just x86? Nice. Qubes R4 is based on libvirt, and it geneates all domain configuration files based on a jinja XML template at /usr/share/qubes/templates/libvirt/. Details at https://dev.qubes-os.org/projects/core-admin/en/latest/libvirt.html . Maybe doing a per-domain override so that it closely matches what Android expects would work. Anbox looks like it might be worth a shot if someone really wants to > work with android apps, and having a disassembler/debugger within the > same AppVM would be possible as well. At one point I was wanting to do > some security analysis of a few specific android apps in my free time, > but figuring out how to get Android to install again took too way too > much of my time, and it just was not worth it. > Fair point. At least with Anbox you are starting from a bootable system and simply > adding executables to it, so that is a much more reasonable approach > rather than perhaps recompiling Xen and causing all kinds of potential > issues with Qubes general security model. Since the Qube that Anbox runs > in is confined to just that AppVM its still isolated from the rest of > the Qubes system and doesn't break that security model. I may just dust > off that old project and take another stab at it using Anbox when I find > some 'extra' time on my hands. > There's an unofficial Qubes template based on Ubuntu though, check out https://www.qubes-os.org/doc/templates/ubuntu/ . > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAMnQwqXN%3DcJhmJj4V3U1_ruestdeVU-pE13eJRx8Dz2DUk%3DYZw%40mail.gmail.com.
