Bring Network Manager Applet to Dom0 / GUIVM
44 views
Skip to first unread message
Iestyn Best
May 24, 2016, 7:53:30 PM5/24/16
to qubes-devel
Hi,
I have just had some interesting thoughts and wanted to share to see what the general feel of such an idea would be.
In line with my thinking about using a rump kernel as the NetVM, I thought it would be good to reduce the requirements for any GUI components to exist in the NetVM. With this in mind I came up with an idea (and mind you I am not a developer and I have not done any research into this idea at the moment) that it may be possible to have the NM-Applet (well a modified version) installed to the secure GUI interface (whether it be Dom0 or the new GUIVM) that links via secure inter VM communications (I am not sure which it is I should reference but I am guessing something like either vchans or qrexec) to control network device settings.
I believe this could also reduce the requirements for static information within the NetVM as the network settings can be stored within the QubesDB or something like that then passed through when required by this "Qubes Adapter Configurator" or whatever you would like to call it.
In my thoughts, this could either be a modified version of the NM-Applet or something new developed by the Qubes team (not meaning to put more work on your plate).
Future considerations could also include its ability control multiple NetVMs (if they split wired and wireless into separate VMs).
These are just my thoughts and I have some other crazy thoughts that I would like to share to understand what the Qubes team and others think of the ideas.
Please let me know your thoughts.
Regards,
Iestyn Best
Marek Marczykowski-Górecki
May 24, 2016, 8:28:38 PM5/24/16
to Iestyn Best, qubes-devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Tue, May 24, 2016 at 04:53:29PM -0700, Iestyn Best wrote:
> Hi,
>
> I have just had some interesting thoughts and wanted to share to see what
> the general feel of such an idea would be.
>
> In line with my thinking about using a rump kernel as the NetVM, I thought
> it would be good to reduce the requirements for any GUI components to exist
> in the NetVM. With this in mind I came up with an idea (and mind you I am
> not a developer and I have not done any research into this idea at the
> moment) that it may be possible to have the NM-Applet (well a modified
> version) installed to the secure GUI interface (whether it be Dom0 or the
> new GUIVM) that links via secure inter VM communications (I am not sure
> which it is I should reference but I am guessing something like either
> vchans or qrexec) to control network device settings.
This is somehow possible and even we do consider it for better UX.
Network status/connection icon integrated into desktop environment:
https://github.com/QubesOS/qubes-issues/issues/1758#issuecomment-219746108
Can be done with a very simple proxy for network manager commands and
expose it in dom0 simulating d-bus network manager interface. But to be
reasonably secure, the interface needs to be really simple.
> I believe this could also reduce the requirements for static information
> within the NetVM as the network settings can be stored within the QubesDB
> or something like that then passed through when required by this "Qubes
> Adapter Configurator" or whatever you would like to call it.
As the interface should be as simple as possible, it may handle things
like "connect to network X", but configuration of such network, as
possibly quite complex thing (all the possible WiFi security options, IP
custom settings etc), should be handled in sys-net itself (using
GUI there).
So, sorry, sys-net still needs a GUI.
> In my thoughts, this could either be a modified version of the NM-Applet or
> something new developed by the Qubes team (not meaning to put more work on
> your plate).
>
> Future considerations could also include its ability control multiple
> NetVMs (if they split wired and wireless into separate VMs).
That would also be possible. But as noted above - in limited scope.
> These are just my thoughts and I have some other crazy thoughts that I
> would like to share to understand what the Qubes team and others think of
> the ideas.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXRPGtAAoJENuP0xzK19csZaEH/i63YXuFHS51mLYFEaG+Ldh7
YE/jNqlNK/tbaLSeXk5TMQOqRsHqohNiVvCOwIi3dROZ6fsjMl7auF7gMD92lRg4
nDs0h7snFBzV3PqrotMnMga6Lb7GzH2r0NO0T8Bker/FJEKhUnCHAN7x2OKYJfb2
eSL4f2Elob5tb14rbjUMK/eiFXaEboNsKsoptReeNwlMawKnYNvM6n4K3DHSb/7q
6WEaVjp+Vh+l64UMXBA+4Z+elj3JZhaAQIEwZoKZaxq2/Dt745xwCAwgWFnTtTm9
hUCYM/f8t9BdV2HkwWZLnhdB0z1AIfGeEei9+bRd+0ydadkWGq7r0IOZk6iw+Jg=
=8vpL
-----END PGP SIGNATURE-----
Hash: SHA256
On Tue, May 24, 2016 at 04:53:29PM -0700, Iestyn Best wrote:
> Hi,
>
> I have just had some interesting thoughts and wanted to share to see what
> the general feel of such an idea would be.
>
> In line with my thinking about using a rump kernel as the NetVM, I thought
> it would be good to reduce the requirements for any GUI components to exist
> in the NetVM. With this in mind I came up with an idea (and mind you I am
> not a developer and I have not done any research into this idea at the
> moment) that it may be possible to have the NM-Applet (well a modified
> version) installed to the secure GUI interface (whether it be Dom0 or the
> new GUIVM) that links via secure inter VM communications (I am not sure
> which it is I should reference but I am guessing something like either
> vchans or qrexec) to control network device settings.
Network status/connection icon integrated into desktop environment:
https://github.com/QubesOS/qubes-issues/issues/1758#issuecomment-219746108
Can be done with a very simple proxy for network manager commands and
expose it in dom0 simulating d-bus network manager interface. But to be
reasonably secure, the interface needs to be really simple.
> I believe this could also reduce the requirements for static information
> within the NetVM as the network settings can be stored within the QubesDB
> or something like that then passed through when required by this "Qubes
> Adapter Configurator" or whatever you would like to call it.
like "connect to network X", but configuration of such network, as
possibly quite complex thing (all the possible WiFi security options, IP
custom settings etc), should be handled in sys-net itself (using
GUI there).
So, sorry, sys-net still needs a GUI.
> In my thoughts, this could either be a modified version of the NM-Applet or
> something new developed by the Qubes team (not meaning to put more work on
> your plate).
>
> Future considerations could also include its ability control multiple
> NetVMs (if they split wired and wireless into separate VMs).
> These are just my thoughts and I have some other crazy thoughts that I
> would like to share to understand what the Qubes team and others think of
> the ideas.
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXRPGtAAoJENuP0xzK19csZaEH/i63YXuFHS51mLYFEaG+Ldh7
YE/jNqlNK/tbaLSeXk5TMQOqRsHqohNiVvCOwIi3dROZ6fsjMl7auF7gMD92lRg4
nDs0h7snFBzV3PqrotMnMga6Lb7GzH2r0NO0T8Bker/FJEKhUnCHAN7x2OKYJfb2
eSL4f2Elob5tb14rbjUMK/eiFXaEboNsKsoptReeNwlMawKnYNvM6n4K3DHSb/7q
6WEaVjp+Vh+l64UMXBA+4Z+elj3JZhaAQIEwZoKZaxq2/Dt745xwCAwgWFnTtTm9
hUCYM/f8t9BdV2HkwWZLnhdB0z1AIfGeEei9+bRd+0ydadkWGq7r0IOZk6iw+Jg=
=8vpL
-----END PGP SIGNATURE-----
vfre...@gmail.com
May 24, 2016, 9:40:07 PM5/24/16
to Marek Marczykowski-Górecki, qubes-devel
Hi Marek,
Thanks for your feedback. Looks like some of the idea has already been thought about and parts of it have been worked on previously.
The tor status information in the post you mentioned sounds interesting as well.
Regards,
Iestyn Best
Reply all
Reply to author
Forward
0 new messages