Disposable VMs (Qubes R4.0RC4) & indefinitely logging of dispVM startup/kernel output, etc.?
24 views
Skip to first unread message
brenda...@gmail.com
Feb 16, 2018, 2:51:22 PM2/16/18
to qubes-devel
I happened to notice that qubes leaves log files for all closed-out VMs, including disposable ones, in the /var/log/libvirst/libxl/, /var/log/qubes/ and /var/log/xen/console/ directories.
Those are definitely required for debugging, but...should there be any concern about keeping these logs in these places indefinitely in production systems?
While certain types of information leakage from all VMs into dom0 is an accepted part of the qubes architecture (it houses the GUI after all)...it might be unexpected from a user perspective that in-depth records of disposable VM startups, configuration and kernel logging is being stored indefinitely in these logs.
If so, I'll put a request into the qubes-issues github repository, perhaps for a setting or switch to address.
Brendan
Those are definitely required for debugging, but...should there be any concern about keeping these logs in these places indefinitely in production systems?
While certain types of information leakage from all VMs into dom0 is an accepted part of the qubes architecture (it houses the GUI after all)...it might be unexpected from a user perspective that in-depth records of disposable VM startups, configuration and kernel logging is being stored indefinitely in these logs.
If so, I'll put a request into the qubes-issues github repository, perhaps for a setting or switch to address.
Brendan
Tom Zander
Feb 17, 2018, 10:41:14 AM2/17/18
to qubes...@googlegroups.com, brenda...@gmail.com
On Friday, 16 February 2018 20:51:19 CET brenda...@gmail.com wrote:
> I happened to notice that qubes leaves log files for all closed-out VMs,
> including disposable ones, in the /var/log/libvirst/libxl/,
> /var/log/qubes/ and /var/log/xen/console/ directories.
I suggest writing a logrotate script that uses file-dates.
> I happened to notice that qubes leaves log files for all closed-out VMs,
> including disposable ones, in the /var/log/libvirst/libxl/,
> /var/log/qubes/ and /var/log/xen/console/ directories.
Yes, old ones should definily be removed. Disposable ones is a good example
but also ones I created and had already deleted were still there...
Cleanup is a must.
--
Tom Zander
Blog: https://zander.github.io
Vlog: https://vimeo.com/channels/tomscryptochannel
Reply all
Reply to author
Forward
0 new messages