Why is there no option to save VM state?
100 views
Skip to first unread message
Guerlan
Oct 23, 2019, 1:08:36 AM10/23/19
to qubes-users
In KVM with Qemu I used a lot of VM state saving, where I could save the entire VM to disk and restore that. Since my SSD is very fast that only took 5 seconds in average, so it was very useful. Specially, since I cannot put my laptop to sleep and hibernate wont work either, my only option was to be able to save VM state, but I don't see any way of doing it.
Is it possible or is it a feature to be implemented?
Demetri A. Mkobaranov
Oct 24, 2019, 5:06:58 AM10/24/19
to qubes...@googlegroups.com
On 10/23/19 7:08 AM, Guerlan wrote:
> In KVM with Qemu I used a lot of VM state saving, where I could save
> the entire VM to disk and restore that.
>
> Is it possible or is it a feature to be implemented?
Recently I started learning about Proxmox and in its manual they speak
> Is it possible or is it a feature to be implemented?
about LVM-thin
https://pve.proxmox.com/wiki/LVM2 which allows faster and more efficient
snapshots that regular LVM2 volumes.
I've the feeling that LVM-thin could be the solution here.
Please take this reply with extreme skepticism because I've no clue if
this can work and I have very limited understanding of the whole
technology but it's worth to investigate imo.
qtpie
Oct 25, 2019, 3:18:31 PM10/25/19
to qubes...@googlegroups.com
Guerlan:
The feature of Qubes concerning state, is that the state is *not* saved,
apart from the files in the home directory, since state can include
malware. On every start of a vm, you get a clean machine, since it
copies its state from a template-vm, which is kept secure.
This is a core feature of Qubes so I dont think saving state will be
considered, but Im curious to hear what others have to say?
You can create a 'standalone' qube which doesnt use templates and so
preserves more of its state, but this is not the same as saving full
state obviously.
apart from the files in the home directory, since state can include
malware. On every start of a vm, you get a clean machine, since it
copies its state from a template-vm, which is kept secure.
This is a core feature of Qubes so I dont think saving state will be
considered, but Im curious to hear what others have to say?
You can create a 'standalone' qube which doesnt use templates and so
preserves more of its state, but this is not the same as saving full
state obviously.
Vít Šesták
Oct 29, 2019, 12:20:43 PM10/29/19
to qubes-users
Actually, not saving state is not a security feature per se*. It is a consequence of template-based VM design.
The root filesystem of a template-based VM is cloned from the template on boot. This allows performing updates of many VMs at once by updating just one TemplateVM. There is however a filesystem for storing some state (typically mounted at /rw).
If it was a security feature, it would be quite weak. On typical OSes, the attacker has plenty of places where they can drop/hook a malware, for example .bashrc and /rw/config/rc.local.
If you want to store something in other directories than /home, /usr/local and similar, you can:
a. Extend the list of persisted directories: https://www.qubes-os.org/doc/bind-dirs/
b. Create a Standalone VM. This allows you full control of the VM, but it will take more space and you won't be able to update it just by updating its template.
Regards,
Vít Šesták 'v6ak'
*) Well, it can improve security by making administration easier. Without that, it would be easy to make some infrequently-used VM outdated. When you would start the VM after some time, you would risk various attacks sooner or lated.
Claudia
Oct 31, 2019, 6:58:19 AM10/31/19
to qubes...@googlegroups.com
Guerlan:
It would be possible to implement, and probably not all that hard seeing
as how Xen already supports it, but no one has taken the time to
implement it yet.
There are a couple of issues on github about this. Here's one of them:
https://github.com/QubesOS/qubes-issues/issues/2273
-------------------------------------------------
This free account was provided by VFEmail.net - report spam to ab...@vfemail.net
ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!
as how Xen already supports it, but no one has taken the time to
implement it yet.
There are a couple of issues on github about this. Here's one of them:
https://github.com/QubesOS/qubes-issues/issues/2273
-------------------------------------------------
This free account was provided by VFEmail.net - report spam to ab...@vfemail.net
ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!
Reply all
Reply to author
Forward
0 new messages