Re: [qubes-users] Convert live system to VM in Qube OS?

[Jean-Philippe Ouellet]

On Sat, Feb 4, 2017 at 7:31 AM, Alex  wrote:
> First, you may already have thought about it, but the simple
> transposition of a work pc to a VM environment (be it qubes or not) does
> not give you any additional security benefit. It only increases the
> compatibility problems!

On the other hand, it allows one to start using qubes without suddenly
breaking your entire workflow, and allows one to gradually adopt the
Qubes model while still being able to get your work done. The
realistic alternative is likely not trying Qubes and continuing to use
your old system indefinitely because the perceived migration burden is
too great.

> If you want to
> benefit from fake persistence of system files, you will need to try to
> move as much software as possible in either the template (installing
> with dnf) or in /usr/local/bin (if manually-compiled or direct binary
> package).

/usr/local/bin is not "fake-persisted", it is persisted. All of
/usr/local is a symlink to /rw/usrlocal, which is persisted.

> For your actual question, there's no tool to assist in "converting" a
> live system to a Qubes VM: since there would be so little benefit
> there's no actual reason to make such a tool.

I disagree. I think a migration tool could be quite helpful, and I am
often asked if one exists while promoting Qubes to friends.
Unfortunately there are (and will likely always be) higher priority
things to implement.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABQWM_DnNq33w%2BShrHc%2BeMmzx1pOW5MEj8cm4Q-Yw5O-8V4-FQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Convert live system to VM in Qube OS?

[Alex]

On 02/04/2017 01:12 PM, szalonylabra...@gmail.com wrote:
> Hi, I am desktop end-user looking for additional security for my
> daily driver PC. I need to have access to all of the files on the
> system that I currently use for work - planning to fade it off, but
> at this time I was thinking I will try converting live system to a VM
> in Qube OS to use it when needed as I cannot afford re-configuring
> all of the software that I need on daily basis from scratch (time
> constraint).
> 
> What would be the best way to do that?
> 
First, you may already have thought about it, but the simple
transposition of a work pc to a VM environment (be it qubes or not) does
not give you any additional security benefit. It only increases the
compatibility problems!

To actually benefit from the Qubes architecture a deep restructuring of
both your filesystem and your habits must be done. If you want to
benefit from multi-vm-isolation, then you will need to split your
software usage (thus, configurations) among several VM. If you want to
benefit from fake persistence of system files, you will need to try to
move as much software as possible in either the template (installing
with dnf) or in /usr/local/bin (if manually-compiled or direct binary
package).

TL: DR; it takes time to get used to the split-vm environment,
especially so if you come from a single-workstation (both personal and
work) mindset. It took me ~1 month, and a couple reinstallations, two
years ago.

For your actual question, there's no tool to assist in "converting" a
live system to a Qubes VM: since there would be so little benefit
there's no actual reason to make such a tool. Since linux PVM are just
Xen domains, you may try to move all the files in your home directory
into the /home directory into the private.img ext4 volume of an AppVM of
your choice. If you use custom systemd unit files for your automations,
you could either put them in the template or in ~/.config/systemd/user
and enable/start them as user units (I do that for syncthing, for example).

If you use Windows, since this OS is supported as HVM (a nearly standard
virtual machine), you would not be able to easily move things between
the live system and the HVM, since the easiest way to have it working is
to install Windows *in* the HVM, thus having its own registry and system
files. If your main programs are on Windows, you will need to
reconfigure them from scratch. Trying to mount an image of the live
system in the HVM, or trying to mount it as a separate disk, could lead
to way more time being spent in investigating poorly documented issues.
Not that a Windows HVM is that much documented itself...

Good luck
-- 
Alex

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/96061a77-22be-73e9-8383-3bf88a3757cc%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[qubes-users] Convert live system to VM in Qube OS?

[szalonylabrador]

Hi,
I am desktop end-user looking for additional security for my daily driver PC. I 
need to have access to all of the files on the system that I currently use for 
work - planning to fade it off, but at this time I was thinking I will try 
converting live system to a VM in Qube OS to use it when needed as I cannot 
afford re-configuring all of the software that I need on daily basis from 
scratch (time constraint). 

What would be the best way to do that?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8cccf9b2-f4a0-4d53-b5db-e1e2e3be31e6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.