Is Template concept unique to Qubes?
59 views
Skip to first unread message
franc...@tutamail.com
Mar 25, 2018, 11:08:19 PM3/25/18
to qubes...@googlegroups.com
Security considerations aside, it's so convenient having shared root filesystems that can be updated once for multiple child-VMs. Is this feature unique to Qubes or is something like this often replicated when using other hypervisor systems?
Specifically, I want to run a **not**-secure bleeding edge testbox that has gpu acceleration in dom0. (Example: archlinux + KVM). I know thin-provisioning (COW?) will allow one copy of OS on the filesystem to be re-used but is it possible to base multiple VM's on a single template like Qubes? Thanks for reading.
Specifically, I want to run a **not**-secure bleeding edge testbox that has gpu acceleration in dom0. (Example: archlinux + KVM). I know thin-provisioning (COW?) will allow one copy of OS on the filesystem to be re-used but is it possible to base multiple VM's on a single template like Qubes? Thanks for reading.
Zrubi
Mar 26, 2018, 12:39:51 AM3/26/18
to franc...@tutamail.com, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 03/26/2018 05:08 AM, franc...@tutamail.com wrote:
> Security considerations aside, it's so convenient having shared
> root filesystems that can be updated once for multiple child-VMs.
> Is this feature unique to Qubes or is something like this often
> replicated when using other hypervisor systems?
VMware using similar solution for handling snapshots, and
non-persistent disk images. VMware VDI also using this for
provisioning new (disposable) desktops.
Don't know about the others.
- --
Zrubi
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEw39Thm3rBIO+xeXXGjNaC1SPN2QFAlq4eXwACgkQGjNaC1SP
N2SxFA//Wr33HvkNh6J5hUbs42K54lpMJI+7eNKwwwcSxoH+Fh6oPSZ67tlrUHWB
HWeFGFZeq6ZwPiQ4dIkL5fx9gl+8SjaZaz1Ypb2HNwlzOP3PutRnYQMraeCdbKbF
UkR+JMFfb0xkxPNYIT9GyK4h4C0IGxAShP6V4rmzASKSgY7QCcSAPWyZNs1bSQ7R
7ZIU66G50Szc/YUbcpAUeaWfWNXS5YMvwnC4Oc7/trOp+AXuBPnwenNE17dtNw2r
wfkb8UMrEEjQiYmc+N3WiyXMMwX0kRdTQz+SLm/CgzvxoOBjnnHWKfnoXSsmc/tA
/SGMqj++/eLzSJPDJUTtGLp48vrPZee7NRz9Vkmn6144ziK3t75GCHPLr/rTnJf0
KPindCCo+6QWLmV9lycrbOJ9o+uYKHZtDUi1QZJt+KopQbWhFqMRj0KDa888vViY
pTl4Dgm8LZYyjP9HUs/Z1ZLWkbcNqiCm/JA65335BtxisSh5lQwLSQMePIil2cO2
mRLwxcNBUqylYHfEXUa760ygsJ9DIOr7Ceb3+5RnqTa+RW38D/qegxgP495OPstO
J9JaU4QMgwab37YaXb3J1eHf9/aQtnENVA00to/74x0PEu2y+ctdyA0ouKiAlb7A
OZP4ztMSaXM1vfPE9twir9xzlpObQ2Sn76M7m96wkpUEnZge3M0=
=PVM2
-----END PGP SIGNATURE-----
Hash: SHA256
On 03/26/2018 05:08 AM, franc...@tutamail.com wrote:
> Security considerations aside, it's so convenient having shared
> root filesystems that can be updated once for multiple child-VMs.
> Is this feature unique to Qubes or is something like this often
> replicated when using other hypervisor systems?
non-persistent disk images. VMware VDI also using this for
provisioning new (disposable) desktops.
Don't know about the others.
- --
Zrubi
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEw39Thm3rBIO+xeXXGjNaC1SPN2QFAlq4eXwACgkQGjNaC1SP
N2SxFA//Wr33HvkNh6J5hUbs42K54lpMJI+7eNKwwwcSxoH+Fh6oPSZ67tlrUHWB
HWeFGFZeq6ZwPiQ4dIkL5fx9gl+8SjaZaz1Ypb2HNwlzOP3PutRnYQMraeCdbKbF
UkR+JMFfb0xkxPNYIT9GyK4h4C0IGxAShP6V4rmzASKSgY7QCcSAPWyZNs1bSQ7R
7ZIU66G50Szc/YUbcpAUeaWfWNXS5YMvwnC4Oc7/trOp+AXuBPnwenNE17dtNw2r
wfkb8UMrEEjQiYmc+N3WiyXMMwX0kRdTQz+SLm/CgzvxoOBjnnHWKfnoXSsmc/tA
/SGMqj++/eLzSJPDJUTtGLp48vrPZee7NRz9Vkmn6144ziK3t75GCHPLr/rTnJf0
KPindCCo+6QWLmV9lycrbOJ9o+uYKHZtDUi1QZJt+KopQbWhFqMRj0KDa888vViY
pTl4Dgm8LZYyjP9HUs/Z1ZLWkbcNqiCm/JA65335BtxisSh5lQwLSQMePIil2cO2
mRLwxcNBUqylYHfEXUa760ygsJ9DIOr7Ceb3+5RnqTa+RW38D/qegxgP495OPstO
J9JaU4QMgwab37YaXb3J1eHf9/aQtnENVA00to/74x0PEu2y+ctdyA0ouKiAlb7A
OZP4ztMSaXM1vfPE9twir9xzlpObQ2Sn76M7m96wkpUEnZge3M0=
=PVM2
-----END PGP SIGNATURE-----
pixel fairy
Mar 28, 2018, 4:43:53 AM3/28/18
to qubes-users
On Sunday, March 25, 2018 at 8:08:19 PM UTC-7, franc...@tutamail.com wrote:
> Security considerations aside, it's so convenient having shared root filesystems that can be updated once for multiple child-VMs. Is this feature unique to Qubes or is something like this often replicated when using other hypervisor systems?
>
> Specifically, I want to run a **not**-secure bleeding edge testbox that has gpu acceleration in dom0. (Example: archlinux + KVM). I know thin-provisioning (COW?) will allow one copy of OS on the filesystem to be re-used but is it possible to base multiple VM's on a single template like Qubes? Thanks for reading.
docker and vagrant come to mind. you could also do this yourself the same way qubes does it with a root template and machine specific home disk, or some shared storage if that doesnt work. vagrant has a way to update and rebox existing vagrant boxes so you dont have to rebuild it every time you want to update. so theres that, or scripting it yourself with virsh or one of its bindings.
> Security considerations aside, it's so convenient having shared root filesystems that can be updated once for multiple child-VMs. Is this feature unique to Qubes or is something like this often replicated when using other hypervisor systems?
>
> Specifically, I want to run a **not**-secure bleeding edge testbox that has gpu acceleration in dom0. (Example: archlinux + KVM). I know thin-provisioning (COW?) will allow one copy of OS on the filesystem to be re-used but is it possible to base multiple VM's on a single template like Qubes? Thanks for reading.
heres some notes on using kvmgt with libvirt, https://github.com/TobleMiner/KVMGT
if you do this, dont forget to make a usb canary, and maybe use the iommu to wall of other scary ports.
Reply all
Reply to author
Forward
0 new messages