Is qemu in dom0 still a no-go?

74 views

Skip to first unread message

Martin Thygesen

unread,

Aug 27, 2019, 2:19:44 AM8/27/19

to qubes-devel

Per https://github.com/QubesOS/qubes-issues/issues/1133

"""

This will give also obligatory qemu in dom0, without any reasonable way
to sandbox it (no support for stub domains). Check its latest security
advisories to see why we have avoided it all the time...

"""

Since this was written back in 2015, is that feedback still valid or has there been sufficient movement in qemu to permit this activity?

- Regards Martin

Marek Marczykowski-Górecki

unread,

Aug 27, 2019, 8:27:23 AM8/27/19

to Martin Thygesen, qubes-devel

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

No, we don't want qemu (or any other device emulator) running directly
in dom0.

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAl1lIaMACgkQ24/THMrX
1ywqNAf/fbaB47df89pdNcruRb0ogVmadgg7UlZ8FSm3j0ia80fXWzXeOHdzCshV
eaarUAWQQ8hMITrgQMj5X0G587C1bHYrg2GscC1rm66CuQRBSdOHl9VCNwYa2w40
WvCtq315F07K6RllA2iur+suudL04oTh9kz86nA7FwQLLVYVQWgKby15fpGyf0h4
1RdA8l+ZHDpTibZhXR/MHcP6helnnXz8BUH57oV/rLeJ50MqcgdRNy+OAJOgfE2G
QLL0suqUScoWz+EAA8W0inxhF85WUTXqT+KaEciW0ZbmH4tvjgr3gTZDrXZj3aBy
OkYPZmfCuCIxEaQ5rHdNBcXuEXlfXw==
=bnax
-----END PGP SIGNATURE-----

Reply all

Reply to author

Forward

0 new messages