Re: [qubes-users] Two qubes multinoot
On Sat, Feb 25, 2017 at 6:50 PM, john.david.r.smith wrote: > On 25/02/17 04:14, Oleg Artemiev wrote: >> >> Hi. >> >> If I want to run VMs from one Qubes in another > why would you even dualboot two qubesversions? Some activities are useless to encrypt, i.e. social networking and some other . Encription gives useless overhead. I want 1 Qubes OS unencrypted and 1 Qubes OS encrypted for everything else + activities from unencrypted Qubes also enabled. >> would it be possible to >> have different coloring for the same VM in different Qubes OS instances? > here the questions is, what files you would share? For example: /var/lib/qubes/appvms/public-activity-vm/ or if it does any sense I may share files indiividually: /var/lib/qubes/appvms/public-activity-vm/* > i am not sure, where the label is saved, but if you only share the images, > it should work (but i am still not sure what you are trying to do). run same VM in diffrent boots of Qubes OS on the same computer. >> Is this possible from a VM to attack Dom0 by altering VM image files or >> this is just files and adversary able to rewrite image in one Qubes has no >> option to appear outside VM when it is loaded in another Qubes OS >> instance? > a vm can always only write data inside of an image. > if a vm can write data in dom0, your system is owned and you need something > as aem to protect the other instance. > but even with aem, i think one qubes dom0 A could compromise the other dom0 > B, since A can somehow read and write files of B. A is not encrypted, B is encrypted, A never used to mount something from B and has no clue about B luks password. > but if you assume both dom0 are secure, i don't see a problem. A is not that secure as B. If A is compromised I'm not glad, but it's not very important - all accounts I would use from A are already somewhat public. It looks that before booting into B I should check bootloader and /boot consistency of B w/ some sort of usb stick. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABunX6NbAjS5rdoRva0OpNA8%2B6y7HCdD6wKkpu7ParegnQb6_w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Two qubes multinoot
On 25/02/17 04:14, Oleg Artemiev wrote: Hi. If I want to run VMs from one Qubes in another why would you even dualboot two qubesversions? would it be possible to have different coloring for the same VM in different Qubes OS instances? here the questions is, what files you would share? i am not sure, where the label is saved, but if you only share the images, it should work (but i am still not sure what you are trying to do). Is this possible from a VM to attack Dom0 by altering VM image files or this is just files and adversary able to rewrite image in one Qubes has no option to appear outside VM when it is loaded in another Qubes OS instance? a vm can always only write data inside of an image. if a vm can write data in dom0, your system is owned and you need something as aem to protect the other instance. but even with aem, i think one qubes dom0 A could compromise the other dom0 B, since A can somehow read and write files of B. but if you assume both dom0 are secure, i don't see a problem. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a92d6504-05e1-a166-23c3-f306f72b9271%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Two qubes multinoot
Hi. If I want to run VMs from one Qubes in another - would it be possible to have different coloring for the same VM in different Qubes OS instances? Is this possible from a VM to attack Dom0 by altering VM image files or this is just files and adversary able to rewrite image in one Qubes has no option to appear outside VM when it is loaded in another Qubes OS instance? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABunX6Orj8H2iPsnP3oCByY1WRC8%3Db_AzWCz8mutkvMwGkmrBA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.