Qubes-Whonix DisposableVM documentation created
76 views
Skip to first unread message
Patrick Schleizer
Dec 15, 2016, 7:25:00 PM12/15/16
to qubes-users, Whonix-devel
https://www.whonix.org/blog/qubes-whonix-dispvm
Before we had just a [stub][1]. Now [Qubes-Whonix][2] [DisposableVMs][3]
are fully [documented][4] thanks to [contributions][5] by the
[community][6]. ([wiki history][7])
**What are DisposableVMs?**
Under the Qubes TemplateVM model, any changes made to a
TemplateBasedVM's root filesystem are lost upon reboot. This is
advantageous for several reasons: it allows centralized (and therefore
faster) updates for all applications (most) inside the root filesystem,
saves time and disk space.
However, certain directories are designed to persist between reboots in
order to store files and settings. These directories are stored in /rw/
and include /home/user as well as additional directories defined by
"[bind directory][8]" settings.
To ensure that all changes to the filesystem are discarded after a
session, Qubes offers [DisposableVMs][9]. When a DisposableVM is
shutdown, the VM is removed from Qubes and all related VM images are
deleted from the host filesystem.
**What is a Whonix-Workstation DisposableVM?**
As the name suggests, this is a [Qubes][10] DisposableVM template based
on the Whonix-Workstation. This allows [Qubes-Whonix][2] users to create
throw-away instances of their Whonix-Workstation.
**Why Should I Consider Using a Whonix-Workstation DisposableVM?**
Whonix-Workstation DisposableVMs:
* Are quickly generated;
* Are disposed of (deleted) when the user has finished browsing and
other activities in a single session; and
* Will not remember any of the user's activities across DisposableVM
sessions, unless customized.
The major benefit of this approach is that the Whonix-Workstation
DisposableVM can be created in order to host a single application
usually the Tor Browser mitigating the risk that a compromise of the
browser will affect any of your other VMs.
Critically, a Tor Browser exploit will not effect (poison) later
instances of the Tor Browser running in a subsequent DisposableVM
session, because the DisposableVM is always started in its original state.
**Can I Customize Whonix-Workstation DisposableVMs?**
Yes. For advanced users, the instructions include steps to create a
customized savefile that will remember specific changes, such as
personalized Tor Browser settings. Due to concerns over possible
fingerprinting issues, users should carefully read the wiki warnings
before proceeding on this course of action.
**Can I Easily Add DisposableVM Entries to the Qubes Menu?**
Not yet for Qubes R3.2 XFCE 4, but you can [edit existing DispVM start
menu entries][11] and [desktop shortcuts can be created][12].
**What Else Should I Know?**
Due to a few usability issues affecting anonymity, do not use
Whonix-Workstation DisposableVMs until:
* You understand Whonix-WS DispoableVMs are NOT yet amnesic; and
* Have carefully read and understood the available Qubes-Whonix
DisposableVM documentation.
Alternatively, you may wish to wait for Qubes 4.0 before you start using
Qubes DisposableVMs, due to [significant enhancements][13] planned for
the later release.
_Credits:_
_This blog post [was written][14] by [torjunkie][14]._
[1]:
https://www.whonix.org/w/index.php?title=Qubes/Disposable_VM&oldid=24228
[2]: https://www.qubes-os.org/doc/whonix/
[3]: https://www.qubes-os.org/doc/dispvm/
[4]: https://www.whonix.org/wiki/Qubes/Disposable_VM
[5]:
https://forums.whonix.org/t/using-whonix-workstation-as-a-disposablevm-dispvm
[6]: https://forums.whonix.org/t/qubes-dispvm-technical-discussion
[7]:
https://www.whonix.org/w/index.php?title=Qubes/Disposable_VM&action=history
[8]: https://www.qubes-os.org/doc/bind-dirs/
[9]: https://theinvisiblethings.blogspot.de/2010/06/disposable-vms.html
[10]: https://www.qubes-os.org
[11]: http://Qubes/Disposable_VM#Edit_Qubes_DisposableVM_start_menu
[12]:
https://www.whonix.org/wiki/Qubes/Disposable_VM#Adding_desktop_shortcut
[13]:
https://github.com/QubesOS/qubes-issues/issues/866#issuecomment-220495485
[14]: https://forums.whonix.org/t/qubes-dispvm-technical-discussion
Before we had just a [stub][1]. Now [Qubes-Whonix][2] [DisposableVMs][3]
are fully [documented][4] thanks to [contributions][5] by the
[community][6]. ([wiki history][7])
**What are DisposableVMs?**
Under the Qubes TemplateVM model, any changes made to a
TemplateBasedVM's root filesystem are lost upon reboot. This is
advantageous for several reasons: it allows centralized (and therefore
faster) updates for all applications (most) inside the root filesystem,
saves time and disk space.
However, certain directories are designed to persist between reboots in
order to store files and settings. These directories are stored in /rw/
and include /home/user as well as additional directories defined by
"[bind directory][8]" settings.
To ensure that all changes to the filesystem are discarded after a
session, Qubes offers [DisposableVMs][9]. When a DisposableVM is
shutdown, the VM is removed from Qubes and all related VM images are
deleted from the host filesystem.
**What is a Whonix-Workstation DisposableVM?**
As the name suggests, this is a [Qubes][10] DisposableVM template based
on the Whonix-Workstation. This allows [Qubes-Whonix][2] users to create
throw-away instances of their Whonix-Workstation.
**Why Should I Consider Using a Whonix-Workstation DisposableVM?**
Whonix-Workstation DisposableVMs:
* Are quickly generated;
* Are disposed of (deleted) when the user has finished browsing and
other activities in a single session; and
* Will not remember any of the user's activities across DisposableVM
sessions, unless customized.
The major benefit of this approach is that the Whonix-Workstation
DisposableVM can be created in order to host a single application
usually the Tor Browser mitigating the risk that a compromise of the
browser will affect any of your other VMs.
Critically, a Tor Browser exploit will not effect (poison) later
instances of the Tor Browser running in a subsequent DisposableVM
session, because the DisposableVM is always started in its original state.
**Can I Customize Whonix-Workstation DisposableVMs?**
Yes. For advanced users, the instructions include steps to create a
customized savefile that will remember specific changes, such as
personalized Tor Browser settings. Due to concerns over possible
fingerprinting issues, users should carefully read the wiki warnings
before proceeding on this course of action.
**Can I Easily Add DisposableVM Entries to the Qubes Menu?**
Not yet for Qubes R3.2 XFCE 4, but you can [edit existing DispVM start
menu entries][11] and [desktop shortcuts can be created][12].
**What Else Should I Know?**
Due to a few usability issues affecting anonymity, do not use
Whonix-Workstation DisposableVMs until:
* You understand Whonix-WS DispoableVMs are NOT yet amnesic; and
* Have carefully read and understood the available Qubes-Whonix
DisposableVM documentation.
Alternatively, you may wish to wait for Qubes 4.0 before you start using
Qubes DisposableVMs, due to [significant enhancements][13] planned for
the later release.
_Credits:_
_This blog post [was written][14] by [torjunkie][14]._
[1]:
https://www.whonix.org/w/index.php?title=Qubes/Disposable_VM&oldid=24228
[2]: https://www.qubes-os.org/doc/whonix/
[3]: https://www.qubes-os.org/doc/dispvm/
[4]: https://www.whonix.org/wiki/Qubes/Disposable_VM
[5]:
https://forums.whonix.org/t/using-whonix-workstation-as-a-disposablevm-dispvm
[6]: https://forums.whonix.org/t/qubes-dispvm-technical-discussion
[7]:
https://www.whonix.org/w/index.php?title=Qubes/Disposable_VM&action=history
[8]: https://www.qubes-os.org/doc/bind-dirs/
[9]: https://theinvisiblethings.blogspot.de/2010/06/disposable-vms.html
[10]: https://www.qubes-os.org
[11]: http://Qubes/Disposable_VM#Edit_Qubes_DisposableVM_start_menu
[12]:
https://www.whonix.org/wiki/Qubes/Disposable_VM#Adding_desktop_shortcut
[13]:
https://github.com/QubesOS/qubes-issues/issues/866#issuecomment-220495485
[14]: https://forums.whonix.org/t/qubes-dispvm-technical-discussion
Andrew David Wong
Dec 16, 2016, 7:42:12 AM12/16/16
to Patrick Schleizer, qubes-users, Whonix-devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2016-12-15 16:24, Patrick Schleizer wrote:
> https://www.whonix.org/blog/qubes-whonix-dispvm
>
> Before we had just a [stub][1]. Now [Qubes-Whonix][2] [DisposableVMs][3]
> are fully [documented][4] thanks to [contributions][5] by the
> [community][6]. ([wiki history][7])
>
> [...]
>
Excellent! Thank you to everyone who contributed. Added a link to the post here:
https://www.qubes-os.org/doc/whonix/#customizing-reinstalling--uninstalling-whonix
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYU+EDAAoJENtN07w5UDAwUcwQAKyUtzmOwCxKLtTuLscAjI0P
OgX3Z/9sKHq2MJJkda6wgtgDRxB3ruUivg7zvdDAUBViAbjIBrlupW51feYnpfmL
xW6jtLh1YPRn4r0wPmeER+KnFZqA3e4fSw4aWGXD3JdY1+QbTHRQWPQsh/hPaJXy
spo+q15QHUQcyHenpcyFv8xl73zVyfP9nZc1m3tsgkmgy+4TAY3U3MQOYe7uqH7Z
ZKYJXz8NBQx75PA6bbh2ktBUG55mf6R/1aC1FRZvhgry5UTWbYQQBftmAK3wq9VY
0bHB2DX02IPBJFskunM2S7PoBbSjpWL0Ke4RcdRNFjyvN9Dm/r5+mRS2kEqrUj41
UqmyR0+r/HUEgE3lfce+dh/dM9CpXE9UEZ27UDo/zMn6H9rUjWjDn/9Iqn21WNoU
r7x/Xl4Y58C1KRZMb6Xzj0DhHhKGUYVqiYftHsORX4B2N/nnxudCVlOWjOJB5hzS
yoYC5Jyhk8Akze7OJJ0EanLttExp/OqMy8bjX6U331kS4Jr8PF0u5bQ8PK38Z+Rz
iy3/QAM+VGFp1+XmfE1RGxK1TFcKXAX7AgQilRnRNHPSbaWMfIf/AsM8h6UgjCuj
LxUqD3JnShELylOglxqrB0MK7Eyz2qjtRX11FXnAYHcPk/hCU5s1E0/iqBHBQPWA
cVYoksV18LTrrPzVAfFz
=Jd1f
-----END PGP SIGNATURE-----
Hash: SHA512
On 2016-12-15 16:24, Patrick Schleizer wrote:
> https://www.whonix.org/blog/qubes-whonix-dispvm
>
> Before we had just a [stub][1]. Now [Qubes-Whonix][2] [DisposableVMs][3]
> are fully [documented][4] thanks to [contributions][5] by the
> [community][6]. ([wiki history][7])
>
>
Excellent! Thank you to everyone who contributed. Added a link to the post here:
https://www.qubes-os.org/doc/whonix/#customizing-reinstalling--uninstalling-whonix
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYU+EDAAoJENtN07w5UDAwUcwQAKyUtzmOwCxKLtTuLscAjI0P
OgX3Z/9sKHq2MJJkda6wgtgDRxB3ruUivg7zvdDAUBViAbjIBrlupW51feYnpfmL
xW6jtLh1YPRn4r0wPmeER+KnFZqA3e4fSw4aWGXD3JdY1+QbTHRQWPQsh/hPaJXy
spo+q15QHUQcyHenpcyFv8xl73zVyfP9nZc1m3tsgkmgy+4TAY3U3MQOYe7uqH7Z
ZKYJXz8NBQx75PA6bbh2ktBUG55mf6R/1aC1FRZvhgry5UTWbYQQBftmAK3wq9VY
0bHB2DX02IPBJFskunM2S7PoBbSjpWL0Ke4RcdRNFjyvN9Dm/r5+mRS2kEqrUj41
UqmyR0+r/HUEgE3lfce+dh/dM9CpXE9UEZ27UDo/zMn6H9rUjWjDn/9Iqn21WNoU
r7x/Xl4Y58C1KRZMb6Xzj0DhHhKGUYVqiYftHsORX4B2N/nnxudCVlOWjOJB5hzS
yoYC5Jyhk8Akze7OJJ0EanLttExp/OqMy8bjX6U331kS4Jr8PF0u5bQ8PK38Z+Rz
iy3/QAM+VGFp1+XmfE1RGxK1TFcKXAX7AgQilRnRNHPSbaWMfIf/AsM8h6UgjCuj
LxUqD3JnShELylOglxqrB0MK7Eyz2qjtRX11FXnAYHcPk/hCU5s1E0/iqBHBQPWA
cVYoksV18LTrrPzVAfFz
=Jd1f
-----END PGP SIGNATURE-----
0 new messages