On Sun, Nov 15, 2020 at 1:36 PM Matt McCutchen <m...@mattmccutchen.net> wrote:
> > I have a bunch of VMs based on one Fedora TemplateVM. In most cases, > I'm willing to install any Fedora package needed by any of the VMs in > the TemplateVM. However, due to security concerns, I have one VM that > runs Zoom, one that runs Skype, one that runs Google Chrome, and one > that runs Visual Studio Code... you get the idea. Each of those > applications offers its own dnf repository, but I don't want to add > those repositories to the TemplateVM. And I don't want to use > StandaloneVMs because that will multiply my management work; even if > there are management tools that could handle most of my needs, I'd > still have to learn and configure them. > > So far, I've been manually downloading the RPMs and extracting them > into the user home directory. (Fortunately, none of them have had > dependencies on absolute paths that would break this approach.) This > is enough of a pain that I rarely update the applications, which may be > bad for security. > > Does anyone know of a better but still convenient solution? > > My way of dealing with it is to just clone your pristine fedora-32 template and add the required packages to that template clone, then create an AppVM that uses that template. This way you limit any potential data loss or damage to just that one AppVM which you then use whenever you need one of those proprietary apps. The question now is what data would they share in that AppVM and is it reasonable for them to share the same AppVM? If the answer is yes then there is no problem. If no, then create another AppVM based on the same template for the other app. The downside is you now have to update two templates instead of one, but that of course can be automated. How many specialized AppVMs you create is then based on your own risk/benefit analysis. I would think it's reasonable for instance to have Zoom and Skype share the same memory space unless the topics discussed in each app are highly confidential. If so, you could also just launch a Disposable VM based on that one template, but for each and every instance of conversation, and then nothing is ever shared since each instance starts up with no user data. You just need to move any presentations between AppVMs to support those conversations. Steve -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ5FDnjiVg%3Dg0TTsb8RrjXTMtwOiYZRn7e4U2UxjA3_XtvVYVw%40mail.gmail.com.