On Sat, Feb 25, 2017 at 6:50 PM, john.david.r.smith <john.david.r.sm...@openmailbox.org> wrote: > On 25/02/17 04:14, Oleg Artemiev wrote: >> >> Hi. >> >> If I want to run VMs from one Qubes in another > why would you even dualboot two qubesversions? Some activities are useless to encrypt, i.e. social networking and some other . Encription gives useless overhead. I want 1 Qubes OS unencrypted and 1 Qubes OS encrypted for everything else + activities from unencrypted Qubes also enabled.
>> would it be possible to >> have different coloring for the same VM in different Qubes OS instances? > here the questions is, what files you would share? For example: /var/lib/qubes/appvms/public-activity-vm/ or if it does any sense I may share files indiividually: /var/lib/qubes/appvms/public-activity-vm/* > i am not sure, where the label is saved, but if you only share the images, > it should work (but i am still not sure what you are trying to do). run same VM in diffrent boots of Qubes OS on the same computer. >> Is this possible from a VM to attack Dom0 by altering VM image files or >> this is just files and adversary able to rewrite image in one Qubes has no >> option to appear outside VM when it is loaded in another Qubes OS >> instance? > a vm can always only write data inside of an image. > if a vm can write data in dom0, your system is owned and you need something > as aem to protect the other instance. > but even with aem, i think one qubes dom0 A could compromise the other dom0 > B, since A can somehow read and write files of B. A is not encrypted, B is encrypted, A never used to mount something from B and has no clue about B luks password. > but if you assume both dom0 are secure, i don't see a problem. A is not that secure as B. If A is compromised I'm not glad, but it's not very important - all accounts I would use from A are already somewhat public. It looks that before booting into B I should check bootloader and /boot consistency of B w/ some sort of usb stick. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABunX6NbAjS5rdoRva0OpNA8%2B6y7HCdD6wKkpu7ParegnQb6_w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
