Since this is in my regular Fedora 24 template, won't this codebase be included in every app VM I run, whether I'm running PlayOnLinux in that app VM or not?
yes
Presumably none of that code would be running,
so there should be no problem (at least i can't see any problems)
but it would still be accessible to malware that wanted to call it.
for this the malware does need remote code execution. if it has remote code execution it simply can call sudo dnf install -y playonlinux it also could download anything and simply execute it as root. (root has no password) so not having something installed does not protect you if you would not call it anyways. it does protect you from user errors. e.g.: you have some malicious pdf in a vm. if you have noting to open the pdf, you can't accidentally open it and corrupt your vm. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/af70957f-600e-8bbc-dd72-c240d3972e4b%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.