Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2024-09-20 16:16:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

GettingStarted changed

Browse Source
This commit is contained in:
Axon 2013-09-28 07:34:57 +00:00
parent 912265fee4
commit 0260fc4e6c
1 changed files with 36 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
GettingStarted.md
View File

@ -7,51 +7,52 @@ permalink: /wiki/GettingStarted/
Getting Started with Qubes OS
=============================
So, you just installed a fresh Qubes OS, huh? Let's see what your next steps could be...
Note: This guide assumes that you've just installed Qubes for the first time. The installation guide for your Qubes release can be found on the [Downloads](/wiki/QubesDownloads) page.
What are AppVMs (domains) and Template VMs?
-------------------------------------------
Now that you've installed Qubes, let's cover some basic concepts.
In Qubes you run all your programs in **domains**, also called **AppVMs**, because those domains are implemented as lightweight Virtual Machines (VMs). It's not true that every app runs in its own VM -- that would be a big waste of resources. Instead the VMs represent security domains, such as: *work*, *personal*, *banking*, etc. Each domain is based, by default, on a common **Template VM**, which means that whenever you create a new domain you don't copy the whole root filesystem needed for this AppVM to work (such as all the programs, etc) -- instead each AppVM shares the root filesystem with the template VM. Of course each AppVM has only read-only access to the Template VM's filesystem, so cannot modify it in any way. This means that creating many domains is cheap -- they need disk space only to hold your private files (such as the home folder).
AppVMs (Domains) and TemplateVMs
--------------------------------
If you have proceeded with the default installation options, Qubes has already pre-created a few domains for you:
In Qubes, you run all your programs in **domains**. Domains are also called **AppVMs** because they're implemented as lightweight virtual machines (VMs). Not every app runs in its own VM. (That would be a big waste of resources!) Instead, each VM represents a *security domain* (e.g., "work," "personal," "banking," etc.). Each domain is based, by default, on a single, common **TemplateVM** (but you can create as many as you'd like). This means that when you create a new AppVM, you don't copy the whole root filesystem needed for this AppVM to work (which would include copying all the programs). Instead, each AppVM *shares* the root filesystem with its respective TemplateVM. An AppVM has read-only access to the filesystem of the Template on which it's based, so an AppVM cannot modify a TemplateVM in any way. This is important, as it means that if an AppVM is ever compromised, the TemplateVM on which it's based (and any other AppVMs based on that TemplateVM) will still be safe. This means that creating a large number of domains is cheap: Each one needs only as much disk space as is necessary to store its private files (e.g., the "home" folder).
If you've installed Qubes using the default options, a few domains have already been created for you:
- work
- personal
- banking
- untrusted
Each domain, apart from having a distinct name, is also assigned a **label**, which basically is one of the several per-defined colors. These colors, which are used for drawing window decorations by the trusted Window Manager (color frames), are supposed to be user friendly, easy noticeable, indicators of how trusted a given window is. It's totally up to the user how he or she interprets these colors. For me, it has been somehow obvious to associate the red color with something that is untrusted and dangerous (the “red light” -- stop! danger!), green with something that is safe and trusted, while yellow and orange with something in the middle. I have also extended this scheme, to also include blue, and black, which I interpret as indicating progressively more trusted domains than green, with black being something ultimately trusted.
Each domain, apart from having a distinct name, is also assigned a **label**, which is one of several pre-defined colors. The trusted window manager uses these colors in order to draw window decorations (color frames) around the windows of applications running in each domain. These allow you to quickly and easily identify the trust level of a given window at a glance. It's totally up to you how you'd like to interpret these colors. Personally, I find it natural to associate red with that which is untrusted and dangerous (the “red light” -- stop! danger!), green with that which is safe and trusted, and yellow and orange with things in the middle. I've also extended this scheme to include blue and black, which I interpret as indicating progressively more trusted domains than green, with black being ultimately trusted.
[![No image "snapshot12.png" attached to GettingStarted](/chrome/common/attachment.png "No image "snapshot12.png" attached to GettingStarted")](/attachment/wiki/GettingStarted/snapshot12.png)
There is, however, one special domain that is called *Dom0* which is where the Desktop Manager (currently KDE) runs, and this is where you log into. This domain doesn't have any networking connectivity and is essentially only dedicated for running the Window and Desktop Manager, nothing else. Specifically all the user applications run in AppVMs, never in Dom0.
In addition to AppVMs and TemplateVMs, there's one special domain called "Dom0," which is where the Desktop Manager runs. This is where you log in to the system. Dom0 is more trusted than any other domain (including TemplateVMs and black-labeled domains). If Dom0 were ever compromised, it would be Game Over<sup>TM</sup>. (The entire system would effectively be compromised.) Due to its overarching importance, Dom0 has no network connectivity and is used only for running the Window and Desktop Managers. Dom0 shouldn't be used for anything else. In particular, you should *never* run user applications in Dom0. (That's what your AppVMs are for!)
Qubes Manager and command line tools
------------------------------------
Qubes VM Manager and Command Line Tools
---------------------------------------
All aspects of the Qubes system can be controlled using the command line tools run under a Dom0 console. To open a console window in Dom0, one can e.g. choose Start-\>System Tools-\>Konsole, or alternatively press Alt-F2 and type in `konsole`.
All aspects of the Qubes system can be controlled using command line tools run under a Dom0 console. To open a console window in Dom0, either go to Start-\>System Tools-\>Konsole or press Alt-F2 and type `konsole`.
Various command-line tools are described as part of this user's guide, and the whole reference can be found [here](/wiki/DomZeroTools).
Various command line tools are described as part of this guide, and the whole reference can be found [here](/wiki/DomZeroTools).
[![No image "r2b1-dom0-konsole.png" attached to GettingStarted](/chrome/common/attachment.png "No image "r2b1-dom0-konsole.png" attached to GettingStarted")](/attachment/wiki/GettingStarted/r2b1-dom0-konsole.png)
Alternatively one can use a rather intuitive GUI tool called Qubes Manager. It supports most of the functionality that command line tools provide. Qubes Manager window can be opened by either clicking on the "Qubes" icon in the tray (right bottom corner of the screen), or by choosing Start-\>System Tools-\>Qubes Manager from the "Start menu".
Alternatively, you can use a rather intuitive GUI tool called **Qubes VM Manager**. It supports most of the functionality that command line tools provide. The Qubes VM Manager starts and opens automatically when Qubes starts up, but you can also start it by going to Start-\>System Tools-\>Qubes Manager. Once the Qubes VM Manager is running, you can open the window at any time by clicking on the Qubes tray icon, which typically resides in the bottom-right corner of the screen.
[![No image "r2b1-qubes-manager-2.png" attached to GettingStarted](/chrome/common/attachment.png "No image "r2b1-qubes-manager-2.png" attached to GettingStarted")](/attachment/wiki/GettingStarted/r2b1-qubes-manager-2.png)
Starting apps in domains
Starting Apps in Domains
------------------------
There are two way to start an app: using the short-cut icons from the Desktop Manager's menu, or from the command line (from console running in Dom).
Apps can be started either by using the shortcuts in the Desktop Manager's menu or by using the command line (i.e., a console running in Dom0).
You can start apps directly from the KDE menu. Each domain has its own menu directory called *Domain: \<name\>*, that is reachable via Start-\>Applications menu. When you enter into this directory, you can select a specific application that you would like to start:
You can start apps directly from the start menu. Each domain has its own menu directory under the scheme **Domain: \<name\>**. After navigating into one of these directories, simply click on the application you'd like to start:
[![No image "r2b1-appsmenu-1.png" attached to GettingStarted](/chrome/common/attachment.png "No image "r2b1-appsmenu-1.png" attached to GettingStarted")](/attachment/wiki/GettingStarted/r2b1-appsmenu-1.png) [![No image "r2b1-appsmenu-3.png" attached to GettingStarted](/chrome/common/attachment.png "No image "r2b1-appsmenu-3.png" attached to GettingStarted")](/attachment/wiki/GettingStarted/r2b1-appsmenu-3.png)
Note that the menus contain only a few short-cuts, if you would like to be able to start more apps via menu (e.g. if you install new app), you would need to add more short-cuts manually. In order to do that you should righ-click on the "Start" button and choose "Menu Editor". Then choose the domain directory where you want the menu to appear, choose "New Item", enter its name as '\<domain name\>: \<app name\>' and provide command line for starting the app (see below). Then choose "Save" and wait some 15 sec for the changes to propagate to the KDE menu.
By default, each domain's menu contains only a few shortcuts. If you'd like to add more, simply click **Add more shortcuts...**, select the desired applictions, and click **OK**. You can also add shortcuts manually. (This is sometimes necessary if the desired application doesn't show up in the Qubes VM Manager window.) To do this in KDE, right-click on the **Start** button and click **Menu Editor**. Click the domain directory in which you'd like the menu to appear, click **New Item**, enter its name as **\<domain name\>: \<app name\>**, and provide the command for starting the app (see below). Then click **Save** and wait approximately 15 seconds for the changes to propagate to the KDE menu.
If you would like to start apps from the console, you just need to type:
To start apps from the console in Dom0, type:
``` {.wiki}
qvm-run -a <domain> "<app name> [arguments]"
@ -63,36 +64,34 @@ e.g.:
qvm-run -a red firefox
```
Adding/Removing/Lising domains
------------------------------
Adding, Removing, and Listing Domains
-------------------------------------
You can easily add/remove domains by clicking buttons in the Qubes Manager.
Domains can easily be added and removed by clicking on the **Add** and **Remove** buttons in the Qubes VM Manager.
You can also create/remove/list domains from command line (console under Dom0) using the following tools:
Domains can also be added, removed, and listed from command line (i.e., a console running in Dom0) using the following tools:
- `qvm-create`
- `qvm-remove`
- `qvm-ls`
The `qvm-create` is a more powerful way of creating domains than the "Add" button in the Qubes Manager, because it allows you to pass a few special options that allow to create special types of domains, such as e.g. a **Standalone VM** (that is not based on a Template) or **NetVMs** or **ProxyVMs** -- you can read more on this in other chapters of this guide.
How many domains do I need?
How Many Domains Do I Need?
---------------------------
So, how many and what domains do I need? That's a great question, but there is no good answer that would fit all. This all depends on how does your digital life look like, what type of job you do, etc.
That's a great question, but there's no one-size-fits-all answer. It depends on the structure of your digital life, and this is at least a little different for everyone. If you plan on using your system for work, then it also depends on what kind of job you do.
For start it's reasonable to try the three domains created automatically by the installer (work, personal, red). Then, when you start feeling that some things/activities just don't fit, you can easily create a new domain for them. You will be able to easily copy files to the newly created domains, as it is covered in one of the [next chapters](/wiki/CopyingFiles) of this guide.
It's a good idea to start out with the three domains created automatically by the installer: work, personal, and untrusted. Then, if and when you start to feel that some activity just doesn't fit into any of your existing domains, you can easily create a new domain for it. You'll also be able to easily copy any files you need to the newly created domain, as explained [here](/wiki/CopyingFiles).
For more paranoid people, it might be worth checking [this article](http://theinvisiblethings.blogspot.com/2011/03/partitioning-my-digital-life-into.html) that describes how one of the Qubes authors partitions her digital life into security domains.
More paranoid people might find it worthwhile to read [this article](http://theinvisiblethings.blogspot.com/2011/03/partitioning-my-digital-life-into.html), which describes how one of the Qubes authors partitions her digital life into security domains.
Allowing domains to enter Full Screen mode
------------------------------------------
Full Screen Domains
-------------------
By default Qubes doesn't allow the applications windows to maximize themselves and to occupy the whole screen. This is a security precaution, because we want that the user could always identify which domain is displaying a given window (so, we want the colourful label and domain name to be always visible). Also we want to avoid a situation when one domain enters full screen mode and since now on it starts to emulate the whole Qubes system.
By default, Qubes doesn't allow any application window to occupy the entire screen such that its window name (which includes the name of the domain to which it belongs) and colored window border are no longer visible. This is a security precaution designed to prevent a situation in which an application which has been allowed to enter full screen mode begins to emulate the entire Qubes system. We want it to be the case that the user is always able to identify which domain is displaying any given window. Otherwise, a compromised domain which is able to occupy the entire screen could trick the user into thinking that she is interacting with a variety of different domains (including Dom0), when in fact she is interacting with only a single, compromised domain pretending to be the whole system.
However, if user makes use of some Expose-like desktop switcher, such as the "Desktop Grid" effect that is enabled by the default under KDE and which is activated by Ctrl-F8 by default, then we can safely allow domains to enter full screen mode, as we have assurance that we can always "preempt" them by hitting the magic key combination (e.g. Ctrl-F8), which will be consumed by the Trusted Window Manager and not passed down to the AppVM that handles the full screen. This means the AppVM has no way of further "faking" the full screen view of the system and can easily be identified as "just one of the apps". Theoretically this could also be achieved even with the primitive Alt-Tab like switching, something that should be available on simpler Window Managers too (such as Xfce4 that we also support as an alternative Dom0 Desktop Environment), but might be less obvious to the user.
However, if the user makes use of an "expose-like" desktop switcher, such as the "Desktop Grid" effect that is enabled by default under KDE (default activation command: Ctrl-F8), then we can safely allow domains to enter full screen mode, as we have assurance that we can always "preempt" them by hitting the magic key combination (e.g., Ctrl-F8), which will be consumed by the trusted window manager and not passed down to the fullscreen AppVM. This means that the AppVM has no way of effectively "faking" the fullscreen view of the system, as the user can easily identify it as "just another AppVM." Theoretically, this could be achieved even with primitive Alt-Tab like switching, which should be available on simpler Window Managers (such as Xfce4, which we also support as an alternative Dom0 Desktop Environment), but this might be less obvious to the user.
So, in order to allow domains to enter full screen mode one should edit the `/etc/qubes/guid.conf` file in Dom0.
To allow domains to enter full screen mode, one should edit the `/etc/qubes/guid.conf` file in Dom0.
E.g. to allow all domains to enter full screen mode, set `allow_fullscreen` flag to `true` in the `global` section:
@ -119,3 +118,7 @@ VM: {
```
In order for the changes to take effect, restart the AppVM(s).
* * * * *
Now that you're familiar with the basics, feel free to have a look at other [Qubes User Guides](/wiki/UserDoc).