←back to thread

Qubes OS: A reasonably secure operating system

(www.qubes-os.org)
441 points ploggingdev | 3 comments | 19 Nov 17 16:06 UTC | HN request time: 0.001s | source
Show context
Jeaye ◴[19 Nov 17 17:12 UTC] No.15734704[source]
What I'd really love to see is a marriage between NixOS and Qubes, allowing for full-system declarative configuration, including the various systems which will be running under Qubes.

NixOS has containers that show how this could work, but they're only via systemd-nspawn, so not as jailed as Qube's domUs.

replies(3): >>15735026 #>>15735236 #>>15735329 #
hyperfekt ◴[19 Nov 17 18:51 UTC] No.15735236[source]
What a coincidence. I've actually been trying to sketch out how to do this in the past few days.

I've also been looking at how projects like Hypercontainer and Clear Containers achieve minimal VM overhead to expand the model to a per-application-instance VM.

Another interesting enabling technology is VirtFS, which can be used for filesystem-level storage virtualization to gain the many benefits of COW and shared caching.

The principal question then is how to allow interaction between different application instances without the user having to manually ferry files between them, as it currently happens with AppVMs on Qubes.

replies(1): >>15735379 #
hateduser2 ◴[19 Nov 17 19:15 UTC] No.15735379[source]
Could they just copy how iOS does interaction? Different menus like the share menu for example or the password manager menu? I can’t really think of what interaction I need besides maybe ide or terminal stuff.. are both of those systems restrained by qubes? Every bash command is in its own vm? Even so the terminal should still be able to redirect outputs between programs so that can’t really be a problem can it?

Is chromes process per tab model restricted? Forking and piping in general perhaps?

replies(1): >>15735413 #
1. hyperfekt ◴[19 Nov 17 19:21 UTC] No.15735413[source]
That definitely is the first thing that comes to mind, but applications need to be built under that model.

Currently all applications assume they get access to everything by default, so even if one was to be able to implement a confirmation dialog, the user would be victim to a battery of requests.

This is not to mention that isolation excludes discoverability, so users would have to manually make files visible to other applications beforehand.

replies(1): >>15735450 #
2. hateduser2 ◴[19 Nov 17 19:28 UTC] No.15735450[source]
Hmm so I suppose the only problem is that developers are t aware they’re targeting qubes/ aren’t designing around qubes yet? Seems like a non issue really, since if qubes gets any traction it will literally solve itself.. although if it doesn’t get traction I suppose that’s slightly annoying tk deal with
replies(1): >>15735519 #
3. hyperfekt ◴[19 Nov 17 19:40 UTC] No.15735519[source]
Being incompatible with most available software is not a 'non issue'.

The problem won't solve itself by adoption if it never gets to that point, that's almost a perfect catch-22.