2019-04-08 21:05:39 +00:00
|
|
|
Mirage Firewall
|
|
|
|
===============
|
|
|
|
|
|
|
|
A unikernel firewall for Qubes OS.
|
|
|
|
This site will help collecting information about the mirage firewall, an interesting project from "talex5".
|
|
|
|
|
|
|
|
To learn more about the Mirage Firewall, please make sure to read
|
|
|
|
|
|
|
|
- https://github.com/mirage/qubes-mirage-firewall
|
|
|
|
- https://github.com/mirage/qubes-mirage-firewall/blob/master/README.md
|
|
|
|
|
|
|
|
The Mirage Firewall for Qubes OS is a low ressource firewall, which uses a much smaller footprint
|
|
|
|
compared to the default ("fat") sys-firewall.
|
|
|
|
|
|
|
|
This page is only to write down how to build the mirage firewall for Qubes OS.
|
|
|
|
Please make sure to read the above links to understand more about it.
|
|
|
|
|
|
|
|
Build process on Qubes 4
|
|
|
|
========================
|
|
|
|
```
|
|
|
|
# create a new template VM
|
|
|
|
qvm-clone fedora-29-minimal t-fedora-29-mirage
|
|
|
|
|
|
|
|
# Resize private disk to 10 GB
|
|
|
|
qvm-volume extend t-fedora-29-mirage:private 10GB
|
|
|
|
|
|
|
|
# Create a symbolic link to safe docker into the home directory
|
|
|
|
qvm-run --auto --user root --pass-io --no-gui \
|
|
|
|
'ln -s /var/lib/docker /home/user/docker'
|
|
|
|
|
|
|
|
# Install docker and git
|
|
|
|
qvm-run --user root --pass-io --no-gui \
|
|
|
|
'dnf -y install docker git'
|
|
|
|
|
|
|
|
# To get networking in the template VM
|
|
|
|
qvm-run --auto --user root --pass-io --no-gui \
|
|
|
|
'dnf install qubes-core-agent-networking'
|
|
|
|
qvm-shutdown --wait t-fedora-29-mirage
|
|
|
|
qvm-prefs t-fedora-29-mirage sys-firewall
|
|
|
|
qvm-start t-fedora-29-mirage
|
|
|
|
|
|
|
|
# Launch docker
|
|
|
|
qvm-run --user root --pass-io --no-gui \
|
|
|
|
'systemctl start docker'
|
|
|
|
|
|
|
|
# Download and build mirage for qubes
|
|
|
|
qvm-run --user root --pass-io --no-gui \
|
|
|
|
'cd /home/user && \
|
|
|
|
git clone https://github.com/mirage/qubes-mirage-firewall.git && \'
|
|
|
|
cd qubes-mirage-firewall && \
|
|
|
|
./build-with-docker.sh'
|
2019-04-08 21:26:02 +00:00
|
|
|
```
|
|
|
|
|
|
|
|
Unfortunately the build process ends with:
|
|
|
|
```
|
|
|
|
Building Firewall...
|
|
|
|
error while executing ocamlbuild -use-ocamlfind -classic-display -tags
|
|
|
|
bin_annot -quiet -Xs _build-solo5-hvt,_build-ukvm
|
|
|
|
-pkgs mirage config.cmxs
|
|
|
|
+ mkdir /home/opam/qubes-mirage-firewall/_build
|
|
|
|
mkdir: cannot create directory '/home/opam/qubes-mirage-firewall/_build': Permission denied
|
|
|
|
Command exited with code 1.
|
|
|
|
Failure:
|
|
|
|
Error during command "mkdir /home/opam/qubes-mirage-firewall/_build": Ocamlbuild_pack.My_std.Exit_with_code(10)
|
|
|
|
```
|
|
|
|
|
|
|
|
... to be continued ... one7two99 @ 08.april.2019
|