Re: [qubes-users] Bug or Feature? DispVM inherits settings from calling VM

2016-10-12 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-10-12 01:50, Robert Mittendorf wrote:
> If I use /usr/bin/qvm-run to open an application in an disposible VM, the 
> dispVM inherits some setings from the calling VM
> 
> example: I use
> 
> /usr/bin/qvm-run --dispvm firefox
> 
> In work-VM. My work-VM is configured to allow intranet IPs only. The starting 
> dispVM is blue like the work VM, even though normal DispVMs are red.
> 
> Also the firewall rules (intranet only) are inherited from the work VM.
> 
> 
> mit freundlichem Gruß,
> 
> Robert Mittendorf
> 

Yes, these are intentional DispVM design decisions.

However, there are also plans to allow DispVMs to inhert the NetVM of the 
calling VM without also inheriting its firewall rules:

https://github.com/QubesOS/qubes-issues/issues/1296

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJX/rG6AAoJENtN07w5UDAwEbIP/1V6cb+BIbJwF1Mpw30bC5T6
ObOJozl40vJN+CZIA1PKEKJV2ELqPgWg+SO9xaawPPz4YvzRiBhi+oxhBUTekCpx
NRMpqWHAJU4Vr6KHM/H7K0XRN8UexFDYF9giyVgaboBupNs/k+bOpyeio6Ak1KVc
6vW1gL91ea84UxupNqZcDeDUn4fFvQ9H/ULLvzhbcyOHXh/LIH1JnFfpnLpnRICH
h5moGm+NX5Ssq8A+oO9uigpo7mpqvFstUVbTqL6htvdxPZ2RxlAL2Q8dk51nGmMN
N9SRJUDGqdB1a6A8UOWSS6SVy+6/V7mTwM2tZbKtr+J2XsFTqgu1SuuMEW4IOax0
Zg/7h3ritkixrxh2l8Ll4uREYlS9rCVnwjWGYJ1PmVMmg/0G37RTKpHnlsCPT/sT
9lD14UCYo2nuZGJYJpoc+d1UwICJpIoWw/84XC1V3Z0LaZ+UVDJ7a46s5I+EVWYL
2P9RK8HFlaAIQbWMfGMjc7Thi99SMg8KNNpS7ndOLzc7l/sQvjQ1ZbrCSPYQfF0t
+YlJYv4IkT3+bAKAuj1ra0ftiL7aCugOWMM+bcL2slGDTBEDkB3H8XEFGMVJYvlJ
XU5/cbWdIDi41sJgdql1fvMcp2jHAQ6W48Myq+5uA0DARfprQSHH+TNRkZbMDr7U
BYu3KN8wyiAdsvmgR0+p
=O5PZ
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3f4415cd-3188-5ac7-0e53-82a284670b16%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Bug or Feature? DispVM inherits settings from calling VM

2016-10-12 Thread Robert Mittendorf 
If I use /usr/bin/qvm-run to open an application in an disposible VM, 
the dispVM inherits some setings from the calling VM


example: I use

/usr/bin/qvm-run --dispvm firefox

In work-VM. My work-VM is configured to allow intranet IPs only. The 
starting dispVM is blue like the work VM, even though normal DispVMs are 
red.


Also the firewall rules (intranet only) are inherited from the work VM.


mit freundlichem Gruß,

Robert Mittendorf

--
M. Sc. Informatik Robert Mittendorf

DigiTrace GmbH - Kompetenz in IT-Forensik
Geschäftsführer: Alexander Sigel, Martin Wundram
Registergericht Köln, HR B 72919
USt-IdNr: DE278529699

Zollstockgürtel 59, 50969 Köln
Telefon: 0221-6 77 86 95-2
Website: www.DigiTrace.de
E-Mail: i...@digitrace.de

Haben Sie schon den DigiTrace-Newsletter abonniert?
http://www.digitrace.de/de/service/newsletter

DigiTrace ist Partner der Allianz für Cyber-Sicherheit
sowie Mitglied im nrw.units Netzwerk für IT-Sicherheit:
  https://www.allianz-fuer-cybersicherheit.de
  http://www.nrw-units.de/netzwerk/

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9cd098fc-3e92-999c-40a0-0449b5612e0e%40digitrace.de.
For more options, visit https://groups.google.com/d/optout.