mirror of
https://github.com/QubesOS/qubes-doc.git
synced 2024-12-27 08:19:24 -05:00
Dispvm 4.0 updates
Sourced primarily from https://github.com/QubesOS/qubes-issues/issues/2253 and https://groups.google.com/forum/?_escaped_fragment_=topic/qubes-devel/UGh8NDdkrXo#!topic/qubes-devel/UGh8NDdkrXo
This commit is contained in:
parent
6f8db089e8
commit
53c88384fe
@ -20,7 +20,31 @@ Once a DispVM has been created it will appear in Qubes VM Manager with the name
|
|||||||
|
|
||||||
See [this article](https://blog.invisiblethings.org/2010/06/01/disposable-vms.html) for more on why one would want to use a Disposable VM.
|
See [this article](https://blog.invisiblethings.org/2010/06/01/disposable-vms.html) for more on why one would want to use a Disposable VM.
|
||||||
|
|
||||||
Disposable VMs and Networking
|
Disposable VMs and Networking (R4.0 and later)
|
||||||
|
-----------------------------
|
||||||
|
|
||||||
|
|
||||||
|
R4.0 introduces the concept of multiple disposable VM templates (R3.2 was limited to one).
|
||||||
|
This allows for the creation of multiple differently configured disposable VMs that can be accessed from
|
||||||
|
the Applications menu (e.g. `fedora-XX-dvm`). Even more types of DispVMs can be created on-the-fly on a per AppVM basis.
|
||||||
|
As you can see, this is a very flexible and powerful system for managing your Disposable VMs.
|
||||||
|
|
||||||
|
NetVM and firewall rules for Disposable VMs can be set as they can for a normal VM.
|
||||||
|
By default a DispVM will inherit the NetVM and firewall settings of the DispVM Template from which it is built.
|
||||||
|
Thus if an AppVM uses sys-net as its NetVM, but the default system DispVM uses sys-whonix,
|
||||||
|
any DispVM launched from this AppVM will have sys-whonix as its NetVM.
|
||||||
|
The default system wide DispVM template can be changed with `qubes-prefs default_dispvm`.
|
||||||
|
You can change this behaviour for individual VMs: in the Application Menu, open Qube Settings
|
||||||
|
for the VM in question and go to the "Advanced" tab.
|
||||||
|
Here you can edit the "Default DispVM" setting to specify which DispVM template will be used to launch DispVMs from that VM.
|
||||||
|
Disposable VMs will temporarily appear with the name `disp####`.
|
||||||
|
|
||||||
|
A Disposable VM launched from the Start Menu inherits the NetVM and firewall settings of the [DVM Template](https://www.qubes-os.org/doc/glossary/#dvm-template) from which it is built.
|
||||||
|
By default the DVM template is called `fedora-XX-dvm` (where `XX` is the Fedora version of the default TemplateVM).
|
||||||
|
As an "internal" VM it is hidden in Qubes VM Manager, but can be shown by selecting "Show/Hide internal VMs".
|
||||||
|
Note that changing the "NetVM" setting for the DVM Template *does* affect the NetVM of DispVMs launched from the Start Menu.
|
||||||
|
|
||||||
|
Disposable VMs and Networking (R3.2 and earlier)
|
||||||
-----------------------------
|
-----------------------------
|
||||||
|
|
||||||
NetVM and firewall rules for Disposable VMs can be set as they can for a normal VM.
|
NetVM and firewall rules for Disposable VMs can be set as they can for a normal VM.
|
||||||
@ -49,7 +73,7 @@ Opening a fresh web browser instance in a new Disposable VM
|
|||||||
-----------------------------------------------------------
|
-----------------------------------------------------------
|
||||||
|
|
||||||
Sometimes it is desirable to open an instance of Firefox within a new fresh Disposable VM.
|
Sometimes it is desirable to open an instance of Firefox within a new fresh Disposable VM.
|
||||||
This can be done easily using the Start Menu: just go to Start -\> System Tools -\> DispVM:Firefox web browser.
|
This can be done easily using the Start Menu: just go to **Application Menu -\> DisposableVM -\> DispVM:Firefox web browser**.
|
||||||
Wait a few seconds until a web browser starts.
|
Wait a few seconds until a web browser starts.
|
||||||
Once you close the viewing application the whole Disposable VM will be destroyed.
|
Once you close the viewing application the whole Disposable VM will be destroyed.
|
||||||
|
|
||||||
@ -75,7 +99,7 @@ Sometimes it can be useful to start an arbitrary program in a DispVM. This can b
|
|||||||
[user@vault ~]$ qvm-run '$dispvm' xterm
|
[user@vault ~]$ qvm-run '$dispvm' xterm
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
The created Disposable VM can be accessed via other tools (such as `qvm-copy-to-vm`) using its "dispX" name as shown in the Qubes Manager or `qvm-ls`.
|
The created Disposable VM can be accessed via other tools (such as `qvm-copy-to-vm`) using its `disp####` name as shown in the Qubes Manager or `qvm-ls`.
|
||||||
|
|
||||||
Starting an arbitrary application in a Disposable VM via command line (from Dom0)
|
Starting an arbitrary application in a Disposable VM via command line (from Dom0)
|
||||||
---------------------------------------------------------------------------------
|
---------------------------------------------------------------------------------
|
||||||
@ -83,6 +107,12 @@ Starting an arbitrary application in a Disposable VM via command line (from Dom0
|
|||||||
The Start Menu has shortcuts for opening a terminal and a web browser in dedicated DispVMs, since these are very common tasks.
|
The Start Menu has shortcuts for opening a terminal and a web browser in dedicated DispVMs, since these are very common tasks.
|
||||||
However, it is possible to start an arbitrary application in a DispVM directly from Dom0 by running
|
However, it is possible to start an arbitrary application in a DispVM directly from Dom0 by running
|
||||||
|
|
||||||
|
R4.0 (border colour will be inherited from that set in the `dispvm-template`)
|
||||||
|
~~~
|
||||||
|
[joanna@dom0 ~]$ qvm-run --dispvm=dispvm-template --service qubes.StartApp+xterm
|
||||||
|
~~~
|
||||||
|
|
||||||
|
R3.2 (border colour can be specified in the command)
|
||||||
~~~
|
~~~
|
||||||
[joanna@dom0 ~]$ echo xterm | /usr/lib/qubes/qfile-daemon-dvm qubes.VMShell dom0 DEFAULT red
|
[joanna@dom0 ~]$ echo xterm | /usr/lib/qubes/qfile-daemon-dvm qubes.VMShell dom0 DEFAULT red
|
||||||
~~~
|
~~~
|
||||||
@ -92,8 +122,8 @@ However, it is possible to start an arbitrary application in a DispVM directly f
|
|||||||
Customizing Disposable VMs
|
Customizing Disposable VMs
|
||||||
--------------------------
|
--------------------------
|
||||||
|
|
||||||
You can change the template used to generate the Disposable VM, and change settings used in the Disposable VM savefile.
|
You can change the template used to generate the Disposable VMs, and change settings used in the Disposable VM savefile.
|
||||||
These changes will be reflected in every new Disposable VM.
|
These changes will be reflected in every new Disposable VM spawned from that template.
|
||||||
Full instructions can be found [here](/doc/dispvm-customization/).
|
Full instructions can be found [here](/doc/dispvm-customization/).
|
||||||
|
|
||||||
Disposable VMs and Local Forensics
|
Disposable VMs and Local Forensics
|
||||||
|
Loading…
Reference in New Issue
Block a user