Hello! I'd like to ask if it is possible to run certain applications (notably, browser) as dedicated users in appvm ?
I know that Qubes security model doesn't rely on users system for security, but combined with iptables, this could prevent traffic leaks when running certain "wonky" VPN configs (for instance, ipsec based VPNs where a tun device is absent) by straight up disallowing a certain user from communicating over anything other than the VPN link. The model here is not malware taking over the AppVM and using it to maliciously deanonymize the user (protecting against that would require a separate ipsec VM and frankly I already have way more VMs running than healthy) but rather fat fingers and forgetfulness causing a leak (not checking that Strongswan has brought tunnel up properly, etc) are there any special considerations for doing "browser running as separate user" in Qubes AppVM or can I straight up follow this https://wiki.archlinux.org/index.php/skype#Use_Skype_with_special_user and "be good" ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d1475e8f-4c91-42be-adf7-b43841432fb6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.