On Thu, Mar 19, 2020 at 02:18:55AM -0700, 'M' via qubes-users wrote: > Ok, I'll try to make a Fedora multimedia template and see how that works... > > According to the following webpage, the advice is to clone a preinstalled > template: https://www.qubes-os.org/doc/multimedia/ > > 1) Can I just clone the fedora-30 template and set networking in the new > template to the sys-firewall, or would that compromise the security of > Qubes OS ?
TemplateVMs do not require networking to install software. Qubes implements an UpdateProxy in your sys-firewall and all TemplateVMs know how to connect to it to retrieve updates without having an explicit network interface. The idea is to NEVER give a TemplateVM network access to prevent accidential contamination. Only legit update/install traffic will go over the dedicated UpdateProxy. > If the last is true: How shall I instead make a new Fedora template, > and install the applications I want in it ? Just try: - qvm-clone fedora-30 fedora-30-multimedia - qvm-run -a fedora-30-multimedia xterm - in Xterm: sudo dnf update It'll work without network interface. > 2) Shall networking in all templates be set to none as default, and is it > necessary to change this when installing new plugins for multimedia manager > applications which the user would like stayed installed after the VM is > restarted ? The other basic idea of Qubes is to install but never run any applications in the TemplateVM. So after you cloned the TemplateVM and installed software via 'sudo dnf install' shut it down and create an AppVM based on the template: qvm-create --template fedora-30-multimedia --label red multimedia qvm-run -a multimedia xterm ... then in XTerm launch your applications and try them. /Sven -- public key: https://www.svensemmler.org/0x8F541FB6.asc fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200319162621.GA1715%40app-email-private.
signature.asc
Description: PGP signature
