-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Sun, Jun 05, 2016 at 09:26:14AM -0700, 981'0932481'029438'0194328'0913284'0913284'09182'3 wrote: > Hello, > > Can I build a Template VM hierarchy? > > i) If I install all apps in the same TVM, that it looks pretty the same mess > like in a monolithic system > ii) If I install any app in a new HVM, than I waste lots of space. > > If I take the working hypothesis, that I can define more safe and mess safe > apps, I could build N TVM's for different topics and additional some > dependent Template Sub-VM's, which contains more risky apps. > > E.g. TVM-Hierarchy for text processing > > TVM1 contains only a secure and simple text editor > TVM1-1 is based on TVM1 and contains also a simple painting tool > TVM1-1-1 is based on TVM1-1 and enables the more risky JAVA stack and > OpenOffice > > So only AppVM's based on TVM1-1-1 like > > AVM1-1-1-1 > AVM1-1-1-2 > AVM1-1-1-3 > AVM1-1-1-4... take the JAVA risk > but you will save the space, because TVM1-1 don't get duplicated only to > build up TVM1-1-1. > > Even you can update the full T-Hierarchy in the best case with one click. > > Will be this possible? > And how can I reach it? > > The benefit will be, that any app-code get stored and updated only once, but > the risk can be limited (if a good app black- and white list exists).
No, it isn't possible. Template VMs are done at block device level, not filesystem level (to limit attack surface), so it isn't possible to merge different levels. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJXVFSsAAoJENuP0xzK19css0sH/0aRgjpLT7o8E5XXZZ984BnI PTQ2iWtRErd3YhYxY8eq9tZKpT74t2YZp/HIZ8HMGnzUdgPmCUozvImGJUkcYEnl z6LbVMtWfHh8Uk6iWdwPJgyE4qgWuHirfA0ZFNgKMSap8mUJbcmvW5xWO2KSVe5Y ALKw/SlIdmbctmV66+Lx0LfEgTz5+Ug9HhOuSfcBqaNSyRWUepZn/VXoPWz/gI9W 0Y2nRTC24bgpv6LEEBTqgwPZDMszUEkfiq/l0n57eLPDwvcCHmqHUg2oD7ogjoEI FWgfm0wj9UTBHGRovatwprTyLkP4+S2u1ZE2Kt0sSTBsv9i1ksDKworW3wT7oIY= =smF3 -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160605163451.GK1593%40mail-itl. For more options, visit https://groups.google.com/d/optout.
