Re: [qubes-users] Template VM Hierachy?
> On 05.06.2016 18:26, 981'0932481'029438'0194328'0913284'0913284'09182'3 wrote: >> Hello, > >> Can I build a Template VM hierarchy? > No, it isn't possible. Template VMs are done at block device level, not > filesystem level (to limit attack surface), so it isn't possible to > merge different levels. [...] > I think this would be difficult to implement. One reason for this is that when > you update TVM1 for example, the filesystem of it diverges. You would have to > do something like a three-Way Merge as known from version control systems like > git. I am not aware how this could be done. That's a deliberate architectural choice; what if there were as many virtual disks (/dev/xvdN) as the level, and the mounting was done via something like overlayfs? This would allow for mounting from many disks into the same directory, specifying which source would be the "lower one" (read only) and the "upper one" (read-write), and merging directory contents too. Any AppVM would have all the lower layers as read-only, one above the other, and still keep /rw as the only read-write filesystem mounted with unionfs. This would semi-solve the update problem: you would update the cascade of templates starting from the root, and you would have your binaries updated. The only problem is with the installed application database from the package manager, which would be out-of-sync in the child templates with the actual version installed of the apps in the root templates. This is imho the biggest problem, not the actual technical implementation of the overlay/union of filesystems; as long as there is no package manager that can "discover" the actual packages installed and needed without a separate database, or without a carefully designed single-file-per-package-info database, this will only be an update nightmare. -- Alex -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b016fd3b-aa71-3790-3977-2e21a7de3d87%40gmx.com. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Template VM Hierachy?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 05.06.2016 18:26, 981'0932481'029438'0194328'0913284'0913284'09182'3 wrote: > Hello, > > Can I build a Template VM hierarchy? > > i) If I install all apps in the same TVM, that it looks pretty the same > mess like in a monolithic system ii) If I install any app in a new HVM, > than I waste lots of space. > > If I take the working hypothesis, that I can define more safe and mess safe > apps, I could build N TVM's for different topics and additional some > dependent Template Sub-VM's, which contains more risky apps. > > E.g. TVM-Hierarchy for text processing > > TVM1 contains only a secure and simple text editor TVM1-1 is based on TVM1 > and contains also a simple painting tool TVM1-1-1 is based on TVM1-1 and > enables the more risky JAVA stack and OpenOffice > > So only AppVM's based on TVM1-1-1 like > > AVM1-1-1-1 AVM1-1-1-2 AVM1-1-1-3 AVM1-1-1-4... take the JAVA risk but you > will save the space, because TVM1-1 don't get duplicated only to build up > TVM1-1-1. > > Even you can update the full T-Hierarchy in the best case with one click. > > Will be this possible? And how can I reach it? > > The benefit will be, that any app-code get stored and updated only once, > but the risk can be limited (if a good app black- and white list exists). > > Kind Regards > I think this would be difficult to implement. One reason for this is that when you update TVM1 for example, the filesystem of it diverges. You would have to do something like a three-Way Merge as known from version control systems like git. I am not aware how this could be done. I think your best beat is to use a COW filesystem like btrfs. This was discussed a few days ago on this list that you can use btrfs to reflink copy VMs. The only limitation to your scenario would be that changes in TVM1 would not get magically merged down the hierarchy. - -- Live long and prosper Robin `ypid` Schneider -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXVFWhAAoJEIb9mAu/GkD4FkQP/AjH8golFQ3b5viaiWCsdeyQ Q+e1CFwKtGZ2fDMUs7Kxo3gI1bwPGg88G0zwgl5TI+RsilcraNCeawKvGiC/JIeS iHIMdCVKMF8JCx4ebMNaaWJUN7rOqwztsR46cf4/vmoEI1nB/NBz5NuRDeTL/9ss HQKV8BBJppbQpmyE4OZe5ksWZbo2BO8f/+KI3JVX0qw6KgpEnkeY+V2JxW0izQUj F2nViEj11U7EZZhkiOWA6sF3jntEavQrUD5k9l5y5z+qpFEGyoiECmQTRcAGYxIx 44WXPhD0to7PtI7ROxHEtL1eoz1aDwXVzUxGRDHDBBoDqwjt/5aI9PKpWn+fZ+Bq K81VKCRff60xRr6yuaM4gsjY76VLKFN22RVAC1JVH6x4mxQ2bGXW3L6cHBhVtlwV dZGN+EjMeWWpqYnSM8JIiLmDNM0JZcDQFOzoOEjZoI6n20x/uYlwVrdjeNHGetiO ytPUJS1frJp2147mKz1SCIk169Rw9Aa1w6EK3OHDU6KvzVx05nZmjGs8BBnB3NQE kUcYWCEvl/nDXExT5L4/8dkSiE3NJ2ENNaEhA8ZORyitzo4GqiDPM01FLssFgFzB vkIkiBmDN+9dIzplHwLaYPIYIXyWFp16JT2g1pasmONJXo9FrxATgNzUnjsmfCap muYORrnTiYMI2qbXDvkj =VwNN -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/575455A1.3090501%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Template VM Hierachy?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Jun 05, 2016 at 09:26:14AM -0700, 981'0932481'029438'0194328'0913284'0913284'09182'3 wrote: > Hello, > > Can I build a Template VM hierarchy? > > i) If I install all apps in the same TVM, that it looks pretty the same mess > like in a monolithic system > ii) If I install any app in a new HVM, than I waste lots of space. > > If I take the working hypothesis, that I can define more safe and mess safe > apps, I could build N TVM's for different topics and additional some > dependent Template Sub-VM's, which contains more risky apps. > > E.g. TVM-Hierarchy for text processing > > TVM1 contains only a secure and simple text editor > TVM1-1 is based on TVM1 and contains also a simple painting tool > TVM1-1-1 is based on TVM1-1 and enables the more risky JAVA stack and > OpenOffice > > So only AppVM's based on TVM1-1-1 like > > AVM1-1-1-1 > AVM1-1-1-2 > AVM1-1-1-3 > AVM1-1-1-4... take the JAVA risk > but you will save the space, because TVM1-1 don't get duplicated only to > build up TVM1-1-1. > > Even you can update the full T-Hierarchy in the best case with one click. > > Will be this possible? > And how can I reach it? > > The benefit will be, that any app-code get stored and updated only once, but > the risk can be limited (if a good app black- and white list exists). No, it isn't possible. Template VMs are done at block device level, not filesystem level (to limit attack surface), so it isn't possible to merge different levels. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXVFSsAAoJENuP0xzK19css0sH/0aRgjpLT7o8E5XXZZ984BnI PTQ2iWtRErd3YhYxY8eq9tZKpT74t2YZp/HIZ8HMGnzUdgPmCUozvImGJUkcYEnl z6LbVMtWfHh8Uk6iWdwPJgyE4qgWuHirfA0ZFNgKMSap8mUJbcmvW5xWO2KSVe5Y ALKw/SlIdmbctmV66+Lx0LfEgTz5+Ug9HhOuSfcBqaNSyRWUepZn/VXoPWz/gI9W 0Y2nRTC24bgpv6LEEBTqgwPZDMszUEkfiq/l0n57eLPDwvcCHmqHUg2oD7ogjoEI FWgfm0wj9UTBHGRovatwprTyLkP4+S2u1ZE2Kt0sSTBsv9i1ksDKworW3wT7oIY= =smF3 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160605163451.GK1593%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Template VM Hierachy?
Hello, Can I build a Template VM hierarchy? i) If I install all apps in the same TVM, that it looks pretty the same mess like in a monolithic system ii) If I install any app in a new HVM, than I waste lots of space. If I take the working hypothesis, that I can define more safe and mess safe apps, I could build N TVM's for different topics and additional some dependent Template Sub-VM's, which contains more risky apps. E.g. TVM-Hierarchy for text processing TVM1 contains only a secure and simple text editor TVM1-1 is based on TVM1 and contains also a simple painting tool TVM1-1-1 is based on TVM1-1 and enables the more risky JAVA stack and OpenOffice So only AppVM's based on TVM1-1-1 like AVM1-1-1-1 AVM1-1-1-2 AVM1-1-1-3 AVM1-1-1-4... take the JAVA risk but you will save the space, because TVM1-1 don't get duplicated only to build up TVM1-1-1. Even you can update the full T-Hierarchy in the best case with one click. Will be this possible? And how can I reach it? The benefit will be, that any app-code get stored and updated only once, but the risk can be limited (if a good app black- and white list exists). Kind Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9e587e50-c16b-40f9-83d1-578e3cd49485%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.