1 |
I didn't implement it but i would like to say something about this |
2 |
interesting question. |
3 |
|
4 |
Until my knowledge qubes only gets you isolation and nothing more. It |
5 |
creates "domains" (that is nothing more than a named xen guest VM to |
6 |
one special use like "shopping virtual machine"). It does not make |
7 |
nothing new at the moment. |
8 |
|
9 |
In my opinion it gives only a high overhead to the system since each |
10 |
VM gets (if I'm not wrong) 400 Mb of RAM. |
11 |
|
12 |
The same isolation you get without this overhead using grsecurity's |
13 |
chroot, rsbac_jail etc and if you want to sleep better in the night |
14 |
you have to only create one separate user like a shopping user |
15 |
isolating it with MAC. |
16 |
|
17 |
Second, I would like to know how does make the communication between |
18 |
the guest VM application and the host system, I suppose that with |
19 |
xnest or displaying in the required IP, I don't know. Xorg is a high |
20 |
risky software when using in a network environment approach. So |
21 |
isolation could be broken from here. |
22 |
|
23 |
Hardened gentoo (I believe) supports VM's like Virtual Box, User Mode |
24 |
Linux, Xen and a lot of more you could try to install them and make a |
25 |
installation in one of them (I make use of VM's to virtual servers). |
26 |
This is what qubes do. |
27 |
|
28 |
|
29 |
2010/4/17 7v5w7go9ub0o <7v5w7go9ub0o@×××××.com>: |
30 |
> Has anyone implemented Qubes on hardened gentoo? |
31 |
> |
32 |
> If so, your thoughts please. |
33 |
> |
34 |
> TIA |
35 |
> |
36 |
> |