Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2024-10-01 01:25:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

Dispvm 4.0 updates

Browse Source 
Sourced primarily from https://github.com/QubesOS/qubes-issues/issues/2253 and https://groups.google.com/forum/?_escaped_fragment_=topic/qubes-devel/UGh8NDdkrXo#!topic/qubes-devel/UGh8NDdkrXo
This commit is contained in:
awokd 2018-01-28 19:02:24 +00:00 committed by GitHub
parent 6f8db089e8
commit 53c88384fe
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 35 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
common-tasks/dispvm.md
View File

@ -20,7 +20,31 @@ Once a DispVM has been created it will appear in Qubes VM Manager with the name
See [this article](https://blog.invisiblethings.org/2010/06/01/disposable-vms.html) for more on why one would want to use a Disposable VM.
Disposable VMs and Networking
Disposable VMs and Networking (R4.0 and later)
-----------------------------
R4.0 introduces the concept of multiple disposable VM templates (R3.2 was limited to one).
This allows for the creation of multiple differently configured disposable VMs that can be accessed from
the Applications menu (e.g. `fedora-XX-dvm`). Even more types of DispVMs can be created on-the-fly on a per AppVM basis.
As you can see, this is a very flexible and powerful system for managing your Disposable VMs.
NetVM and firewall rules for Disposable VMs can be set as they can for a normal VM.
By default a DispVM will inherit the NetVM and firewall settings of the DispVM Template from which it is built.
Thus if an AppVM uses sys-net as its NetVM, but the default system DispVM uses sys-whonix,
any DispVM launched from this AppVM will have sys-whonix as its NetVM.
The default system wide DispVM template can be changed with `qubes-prefs default_dispvm`.
You can change this behaviour for individual VMs: in the Application Menu, open Qube Settings
for the VM in question and go to the "Advanced" tab.
Here you can edit the "Default DispVM" setting to specify which DispVM template will be used to launch DispVMs from that VM.
Disposable VMs will temporarily appear with the name `disp####`.
A Disposable VM launched from the Start Menu inherits the NetVM and firewall settings of the [DVM Template](https://www.qubes-os.org/doc/glossary/#dvm-template) from which it is built.
By default the DVM template is called `fedora-XX-dvm` (where `XX` is the Fedora version of the default TemplateVM).
As an "internal" VM it is hidden in Qubes VM Manager, but can be shown by selecting "Show/Hide internal VMs".
Note that changing the "NetVM" setting for the DVM Template *does* affect the NetVM of DispVMs launched from the Start Menu.
Disposable VMs and Networking (R3.2 and earlier)
-----------------------------
NetVM and firewall rules for Disposable VMs can be set as they can for a normal VM.
@ -49,7 +73,7 @@ Opening a fresh web browser instance in a new Disposable VM
-----------------------------------------------------------
Sometimes it is desirable to open an instance of Firefox within a new fresh Disposable VM.
This can be done easily using the Start Menu: just go to Start -\> System Tools -\> DispVM:Firefox web browser.
This can be done easily using the Start Menu: just go to **Application Menu -\> DisposableVM -\> DispVM:Firefox web browser**.
Wait a few seconds until a web browser starts.
Once you close the viewing application the whole Disposable VM will be destroyed.
@ -75,7 +99,7 @@ Sometimes it can be useful to start an arbitrary program in a DispVM. This can b
[user@vault ~]$ qvm-run '$dispvm' xterm
~~~
The created Disposable VM can be accessed via other tools (such as `qvm-copy-to-vm`) using its "dispX" name as shown in the Qubes Manager or `qvm-ls`.
The created Disposable VM can be accessed via other tools (such as `qvm-copy-to-vm`) using its `disp####` name as shown in the Qubes Manager or `qvm-ls`.
Starting an arbitrary application in a Disposable VM via command line (from Dom0)
---------------------------------------------------------------------------------
@ -83,6 +107,12 @@ Starting an arbitrary application in a Disposable VM via command line (from Dom0
The Start Menu has shortcuts for opening a terminal and a web browser in dedicated DispVMs, since these are very common tasks.
However, it is possible to start an arbitrary application in a DispVM directly from Dom0 by running
R4.0 (border colour will be inherited from that set in the `dispvm-template`)
~~~
[joanna@dom0 ~]$ qvm-run --dispvm=dispvm-template --service qubes.StartApp+xterm
~~~
R3.2 (border colour can be specified in the command)
~~~
[joanna@dom0 ~]$ echo xterm | /usr/lib/qubes/qfile-daemon-dvm qubes.VMShell dom0 DEFAULT red
~~~
@ -92,8 +122,8 @@ However, it is possible to start an arbitrary application in a DispVM directly f
Customizing Disposable VMs
--------------------------
You can change the template used to generate the Disposable VM, and change settings used in the Disposable VM savefile.
These changes will be reflected in every new Disposable VM.
You can change the template used to generate the Disposable VMs, and change settings used in the Disposable VM savefile.
These changes will be reflected in every new Disposable VM spawned from that template.
Full instructions can be found [here](/doc/dispvm-customization/).
Disposable VMs and Local Forensics