-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Currently several parts are missing (see above project), but
the goal is to make it possible. I'd like to have enough integration to
support two scenarios:
1. Full control by the user of GuiVM, including all kind of
configuration changes. This doesn't add much security boundary between
dom0 and GuiVM, but should still allow nice things:
- much smaller dom0 (no desktop environment there), possibly base OS
immutable with dm-verity
- updates of desktop environment not tied to updating dom0
2. Limited user - any pre-made qube can be used normally, but user
cannot make changes to any configuration. Possibly cannot also get shell
in templates (only dedicated service to install updates, if not
completely automatic). Configuration can be changed through dedicated
management vm.
There are a lot of options in between, mixed scenarios etc, but some may
require extra features that are out of scope for now.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAmXXN/UACgkQ24/THMrX
1yz01Qf9HAIHlfzW5/21AbUl7zj413z30lwtzswlSYs21erB3OwhotTZdna4IR74
T3qzc3DWfWQdAep8z7kHwxgftXCZXE0b6heEojcQ7aGGbsTiIv2mx4ZVt87hlyQS
456og0xGTHHFNt0ln889v5Trx+HhAR6b9LH1tyUj0aLkdczU5H/YimlnTB0zzz0V
PJ70dhBCz0YtMpzEXDdYdeGYIes2W1mmI2CeeDaCoiWtfWRP46wOFsFmDYsZywZi
CGHdL3rObybiCC/LlVi8jobTr46SeXLoPxotriaJAZlsYF/RbES//r3PHEBvcYO5
cCWS5M6ur/Rad/WmTagdBsq+kcNssw==
=TP+y
-----END PGP SIGNATURE-----