| 1 |
I didn't implement it but i would like to say something about this |
| 2 |
interesting question. |
| 3 |
|
| 4 |
Until my knowledge qubes only gets you isolation and nothing more. It |
| 5 |
creates "domains" (that is nothing more than a named xen guest VM to |
| 6 |
one special use like "shopping virtual machine"). It does not make |
| 7 |
nothing new at the moment. |
| 8 |
|
| 9 |
In my opinion it gives only a high overhead to the system since each |
| 10 |
VM gets (if I'm not wrong) 400 Mb of RAM. |
| 11 |
|
| 12 |
The same isolation you get without this overhead using grsecurity's |
| 13 |
chroot, rsbac_jail etc and if you want to sleep better in the night |
| 14 |
you have to only create one separate user like a shopping user |
| 15 |
isolating it with MAC. |
| 16 |
|
| 17 |
Second, I would like to know how does make the communication between |
| 18 |
the guest VM application and the host system, I suppose that with |
| 19 |
xnest or displaying in the required IP, I don't know. Xorg is a high |
| 20 |
risky software when using in a network environment approach. So |
| 21 |
isolation could be broken from here. |
| 22 |
|
| 23 |
Hardened gentoo (I believe) supports VM's like Virtual Box, User Mode |
| 24 |
Linux, Xen and a lot of more you could try to install them and make a |
| 25 |
installation in one of them (I make use of VM's to virtual servers). |
| 26 |
This is what qubes do. |
| 27 |
|
| 28 |
|
| 29 |
2010/4/17 7v5w7go9ub0o <7v5w7go9ub0o@×××××.com>: |
| 30 |
> Has anyone implemented Qubes on hardened gentoo? |
| 31 |
> |
| 32 |
> If so, your thoughts please. |
| 33 |
> |
| 34 |
> TIA |
| 35 |
> |
| 36 |
> |
Archives