It actually does work for limited use cases. I sometimes run Qubes
inside Qubes for quickly testing things ;) The outer VM must be HVM,
and the inner-inner VMs must be PVM, or else you must enable some
less-tested and potentially dangerous code paths in Xen (nestedhvm=1)
which Qubes (on purpose) does not enable by default.
The main issue is networking does not work because Qubes relies on
being able to pci-passthrough a network card to sys-net, and this
(emulating pci passthrough) is afaik not implemented by qemu.
I suspect this is not actually what you meant though, and perhaps you
are asking about running Qubes inside e.g. virtualbox or vmware on
windows or osx? Well, in that case many of the security guarantees of
qubes (device isolation, boot sequence semi-protection, etc.) can not
be made since the outer system has full control and is fully exposed.
Then there is also the problem the outer hypervisors not correctly
emulating or exposing the hardware-assisted virtualization cpu
features to their guests. (IIRC virtualbox still doesn't? Don't quote
me on that though... I haven't tried it myself.)
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/CABQWM_ACBVEJfPY2cjzn6wuNqw9zsyf6OML%2BvdoYWmUpRt1TaA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
