Disposable VMs
431 views
Skip to first unread message
Loren Rogers
Feb 4, 2017, 12:42:26 PM2/4/17
to qubes-users
Hi all,
I'm confused about running disposable VMs - if I open a browser or file viewer, then want to open a terminal for the same VM, how could I do this? (E.g. I want to view an untrusted file, then make some edits.)
Is there a way to configure the default disposable VM in the Qubes menu? I see that disposable VMs can be configured for individual domains, but I can't find where the generic one is.
Also, is it possible to specify a different template for disposable machines? Say I'm running something based on the default fedora-23, and I want to open a document from my work VM, which uses that template. But I want to open it with my fedora-23-custom template as a disposable VM. (E.g. running a video in VLC that has untrustworthy components.) Is this doable?
Sent with ProtonMail Secure Email.
john.david.r.smith
Feb 4, 2017, 1:03:03 PM2/4/17
to Loren Rogers, qubes-users
On 04/02/17 18:42, Loren Rogers wrote:
> Hi all,
>
> I'm confused about running disposable VMs - if I open a browser or file viewer, then want to open a terminal for the same VM, how could I do this? (E.g. I want to view an untrusted file, then make some edits.)
right click the dispvm in the qubes manager.
> Hi all,
>
> I'm confused about running disposable VMs - if I open a browser or file viewer, then want to open a terminal for the same VM, how could I do this? (E.g. I want to view an untrusted file, then make some edits.)
select run command.
enter xterm or whatever you want to run
or user (in dom0) qvm-run DISPVM_NAME xterm
>
> Is there a way to configure the default disposable VM in the Qubes menu? I see that disposable VMs can be configured for individual domains, but I can't find where the generic one is.
>
> Also, is it possible to specify a different template for disposable machines? Say I'm running something based on the default fedora-23, and I want to open a document from my work VM, which uses that template. But I want to open it with my fedora-23-custom template as a disposable VM. (E.g. running a video in VLC that has untrustworthy components.) Is this doable?
currently you can only have one dispvm.
> Is there a way to configure the default disposable VM in the Qubes menu? I see that disposable VMs can be configured for individual domains, but I can't find where the generic one is.
>
> Also, is it possible to specify a different template for disposable machines? Say I'm running something based on the default fedora-23, and I want to open a document from my work VM, which uses that template. But I want to open it with my fedora-23-custom template as a disposable VM. (E.g. running a video in VLC that has untrustworthy components.) Is this doable?
if you want, you can set the template as default for dispvms (qvm-create-default-dvm)
-john
Unman
Feb 4, 2017, 3:59:05 PM2/4/17
to john.david.r.smith, Loren Rogers, qubes-users
You can't configure disposable VMs for individual qubes - what you can
do is change the netVM which will apply if you start a disposableVM from
that qube. The dispVM that will be started is determined by the default
dvm, and this is set by qvm-create-default-dvm.
As John said, you can only have one default dvm, but it's trivial to
work around this with a small script. It's possible to do this because
qvm-create-default-dvm does NOT remove the files for old dvms. You can
see this if you generate a new default-dvm, and then look in
/var/lib/qubes/appvms.
So if you generate a number of different dvms based on different
templates, it's simple to switch between them before launching a new
dispVM. The launch time isn't noticeably different from starting up a
new dispVM, and voila - multiple template disposable VMs on the cheap.
I do this without any apparent ill effects, but it certainly isn't part
of the canon.
unman
Loren Rogers
Feb 4, 2017, 4:06:38 PM2/4/17
to Unman, john.david.r.smith, qubes-users
Very interesting - thanks for the info on how it's done. I'm glad I wasn't just missing something obvious!
Loren
Andrew David Wong
Feb 5, 2017, 7:38:26 AM2/5/17
to Unman, john.david.r.smith, Loren Rogers, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2017-02-04 12:59, Unman wrote:
> On Sat, Feb 04, 2017 at 07:02:57PM +0100, john.david.r.smith
> wrote:
>> On 04/02/17 18:42, Loren Rogers wrote:
>>> Hi all,
>>>
>>> I'm confused about running disposable VMs - if I open a browser
>>> or file viewer, then want to open a terminal for the same VM,
>>> how could I do this? (E.g. I want to view an untrusted file,
>>> then make some edits.)
>> right click the dispvm in the qubes manager. select run command.
>> enter xterm or whatever you want to run
>>
>> or user (in dom0) qvm-run DISPVM_NAME xterm
>>>
>>> Is there a way to configure the default disposable VM in the
>>> Qubes menu? I see that disposable VMs can be configured for
>>> individual domains, but I can't find where the generic one is.
>>>
Yes, you can customize the default DispVM by following
these instructions:
https://www.qubes-os.org/doc/dispvm-customization/
>>> Also, is it possible to specify a different template for
>>> disposable machines? Say I'm running something based on the
>>> default fedora-23, and I want to open a document from my work
>>> VM, which uses that template. But I want to open it with my
>>> fedora-23-custom template as a disposable VM. (E.g. running a
>>> video in VLC that has untrustworthy components.) Is this
>>> doable?
>>
>> currently you can only have one dispvm. if you want, you can set
>> the template as default for dispvms (qvm-create-default-dvm)
>>
>> -john
>
> Loren,
>
> You can't configure disposable VMs for individual qubes - what you
> can do is change the netVM which will apply if you start a
> disposableVM from that qube. The dispVM that will be started is
> determined by the default dvm, and this is set by
> qvm-create-default-dvm.
>
> As John said, you can only have one default dvm, but it's trivial
> to work around this with a small script.
Care to share that script, unman?
> It's possible to do this because qvm-create-default-dvm does NOT
> remove the files for old dvms. You can see this if you generate a
> new default-dvm, and then look in /var/lib/qubes/appvms. So if you
> generate a number of different dvms based on different templates,
> it's simple to switch between them before launching a new dispVM.
> The launch time isn't noticeably different from starting up a new
> dispVM, and voila - multiple template disposable VMs on the cheap.
>
How do you easily switch between the different DVM templates?
> I do this without any apparent ill effects, but it certainly isn't
> part of the canon.
>
> unman
>
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYlxywAAoJENtN07w5UDAwL6sQAKsIaVtoIYt9bZJswcalKALa
U2CN68p1snmVCNmI4BAAULK1T33GbKcDUMgIAwIQdtLD5GVm3MC/t80LTEq3GQ3o
Px5+Tx0Ho32RpLIG4hAauGTPY+afHrR8SU4fNbR+hbENzWpiQ5JSitADlB5aOaMN
IgQ72QUZPKvgHFX05HqJeDKQlwaiM+EgnhqOaw7UxO3dTwFnE8Rwu/GZFhez3NAC
Z8xVwrBgyTWiyGw/f2iQW5oDIgbfisRaAhHHh0il6sPG5LGheyjbf0n5kD85PFrk
mbMGXNRqt7NtMLHBjKQLjZTRHE7h4Y+kxC5J8RH/dohdcMY4K8lQWeL4j4XMv1ln
v+BypyOJ5cOyBGLGoxuYwJeZxwrleJb2TVo6PxpvNog7F0UsokxUHwS/P63uT+VF
VOMHfvjX5tL83gPAd+uEMXbhWkqX3rSXcwlb5W5NFJaxhj/7e5C5TJaNB74uxN9C
wvkgE8zM87UxvyIPB75NcF9SzXD8ma66zilooaMnAO8+ljYGuGHj2StrM5Qe54Ys
jyb/FjzLiy/gTdwK+ZvsmHQSCaF27d3/ekvsT9NdWyoLqxjkOjXCqXFR2QxIGFaz
wxJGx9chxan1JXAdmxAek0PHcdNdVnF2+9ql4NvpvkVv7KpMGhiOqcsZxZUzP3nd
tNGvf5phasOxfyK3A7Dp
=GkEc
-----END PGP SIGNATURE-----
Hash: SHA512
On 2017-02-04 12:59, Unman wrote:
> On Sat, Feb 04, 2017 at 07:02:57PM +0100, john.david.r.smith
> wrote:
>> On 04/02/17 18:42, Loren Rogers wrote:
>>> Hi all,
>>>
>>> I'm confused about running disposable VMs - if I open a browser
>>> or file viewer, then want to open a terminal for the same VM,
>>> how could I do this? (E.g. I want to view an untrusted file,
>>> then make some edits.)
>> right click the dispvm in the qubes manager. select run command.
>> enter xterm or whatever you want to run
>>
>> or user (in dom0) qvm-run DISPVM_NAME xterm
>>>
>>> Is there a way to configure the default disposable VM in the
>>> Qubes menu? I see that disposable VMs can be configured for
>>> individual domains, but I can't find where the generic one is.
>>>
these instructions:
https://www.qubes-os.org/doc/dispvm-customization/
>>> Also, is it possible to specify a different template for
>>> disposable machines? Say I'm running something based on the
>>> default fedora-23, and I want to open a document from my work
>>> VM, which uses that template. But I want to open it with my
>>> fedora-23-custom template as a disposable VM. (E.g. running a
>>> video in VLC that has untrustworthy components.) Is this
>>> doable?
>>
>> currently you can only have one dispvm. if you want, you can set
>> the template as default for dispvms (qvm-create-default-dvm)
>>
>> -john
>
> Loren,
>
> You can't configure disposable VMs for individual qubes - what you
> can do is change the netVM which will apply if you start a
> disposableVM from that qube. The dispVM that will be started is
> determined by the default dvm, and this is set by
> qvm-create-default-dvm.
>
> As John said, you can only have one default dvm, but it's trivial
> to work around this with a small script.
> It's possible to do this because qvm-create-default-dvm does NOT
> remove the files for old dvms. You can see this if you generate a
> new default-dvm, and then look in /var/lib/qubes/appvms. So if you
> generate a number of different dvms based on different templates,
> it's simple to switch between them before launching a new dispVM.
> The launch time isn't noticeably different from starting up a new
> dispVM, and voila - multiple template disposable VMs on the cheap.
>
> I do this without any apparent ill effects, but it certainly isn't
> part of the canon.
>
> unman
>
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYlxywAAoJENtN07w5UDAwL6sQAKsIaVtoIYt9bZJswcalKALa
U2CN68p1snmVCNmI4BAAULK1T33GbKcDUMgIAwIQdtLD5GVm3MC/t80LTEq3GQ3o
Px5+Tx0Ho32RpLIG4hAauGTPY+afHrR8SU4fNbR+hbENzWpiQ5JSitADlB5aOaMN
IgQ72QUZPKvgHFX05HqJeDKQlwaiM+EgnhqOaw7UxO3dTwFnE8Rwu/GZFhez3NAC
Z8xVwrBgyTWiyGw/f2iQW5oDIgbfisRaAhHHh0il6sPG5LGheyjbf0n5kD85PFrk
mbMGXNRqt7NtMLHBjKQLjZTRHE7h4Y+kxC5J8RH/dohdcMY4K8lQWeL4j4XMv1ln
v+BypyOJ5cOyBGLGoxuYwJeZxwrleJb2TVo6PxpvNog7F0UsokxUHwS/P63uT+VF
VOMHfvjX5tL83gPAd+uEMXbhWkqX3rSXcwlb5W5NFJaxhj/7e5C5TJaNB74uxN9C
wvkgE8zM87UxvyIPB75NcF9SzXD8ma66zilooaMnAO8+ljYGuGHj2StrM5Qe54Ys
jyb/FjzLiy/gTdwK+ZvsmHQSCaF27d3/ekvsT9NdWyoLqxjkOjXCqXFR2QxIGFaz
wxJGx9chxan1JXAdmxAek0PHcdNdVnF2+9ql4NvpvkVv7KpMGhiOqcsZxZUzP3nd
tNGvf5phasOxfyK3A7Dp
=GkEc
-----END PGP SIGNATURE-----
Unman
Feb 5, 2017, 5:23:40 PM2/5/17
to Andrew David Wong, john.david.r.smith, Loren Rogers, qubes-users
First generate assorted dvms using qvm-create-default-dvm and customize
them as wou will. (Strictly this isnt necessary but you may as well get
your dvm just the way you want it.)
Then just run the script:
"./switch_dvm debian-8 xterm" will load a dvm based on the debian-8 template
and run xterm in a new dispVM derived from that dvm.
The debian-8-dvm will be the default from then on, but you can easily
switch to another: "./switch_dvm xenial-desktop "
If you havent generated a dvm already, then the script calls 'qvm-create
-default-dvm' for you.
Because you can set dvms with different netvms, and alternate
Qubes networking paths, it's possible to trigger dispVMs using
different torVMs/ VPNs through different NICs, in the same time it takes
to load a dispVM ordinarily.
I have a number of keyboard shortcuts to call it with different
parameters, to do exactly this.
It should be obvious that because you are using the saved dvm, you wont
see any changes you make in the template until you trigger an updated
saved dvm.
There's all sorts of stuff wrong with it, but it's a quick hack and it
works fine (for me). Try it at your own risk.
unman
Andrew David Wong
Feb 6, 2017, 1:42:59 AM2/6/17
to Unman, john.david.r.smith, Loren Rogers, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hash: SHA512
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
UOPdKA9pChMYNjooULpResPgOJCjWOxhBMqBUmHom5u6F9ACITWg7KaFTZj7EKM3
qS5Y6TI91MENQjVcwNd3Dhp4wX7VOxvBdJNIin1rf/NXuqrSCmiQUtGNMxugqtdD
katbdW17w7euG9F+4z2yx84wlIkU0bDMJpHC7LYc3m+RbM2D0F8kQi7QyEe+9Ow1
Zp5wO2Xl0wGunpE5O/6yghSDVtqzlzZ5VA+vjy3F6kyOWVFqH0blbZYeQSL1yvNH
O7RW6FvFksDaLBbLmxu00JU9Cicel5hf+2gKra91h4hGNu7iPQm8JmmeQrcyUBfA
jlmZtL2qomHGe6CKaNHfPtC7JxgUmSnVdVDhDTT8wknXMb69Ne/KxKe/sh+G80sM
ceiq0m4oWdmcX/rFOAaZa3ah/pirsExcYmF2FbZ7spiLgg/+0teFIlCW2rQ3Rvv3
cwdFFWGD3LrWHj30G8qtt+poUwzVok5YL+d0L0wtQfpnHhB9nc6gS7G67y7PmLzI
ld4gKccZU3FN2Hshr/AZiezoyPAB4ODwBTcHIR/fUMcrL8bpmy91/PbAPOULchKH
NfYtF2KzjKXK3SWD+wwLRs37aMrELm0jbitWw1mkN8xUFJ9jqxMoMjhlIkUu26KE
F+8mM7rAElEaL9Lxs2xd
=hK6W
-----END PGP SIGNATURE-----
cang...@gmail.com
Jun 1, 2018, 12:32:52 PM6/1/18
to qubes-users
Hi, as you mentioned above, is using the approach "or user (in dom0) qvm-run DISPVM_NAME xterm", safe?* The pop up window has no domain dispXXX (disposable number) on the bar. Does this mean that if I follow this approach, the "whole dVM" is at risk?
*As you know, right clicking and choosing run in Qubes manager has the same effect, i.e., pop up window has "no" domain dispXXX on the bar. On the other hand, from the applications menu, when we click the terminal, the pop up window has domain dispXXX. For the later, the risk is encapsulated in domain dispXXX for sure whereas for the former the risk is allover the whole dVM, I think?
Thank you
Reply all
Reply to author
Forward
0 new messages