mirror of
https://github.com/QubesOS/qubes-doc.git
synced 2025-08-05 21:24:15 -04:00
Merge 19f4685ae6 into ba609d123e
This commit is contained in:
parulin
GitHub
commit
d1daf79a04
13 changed files with 114 additions and 172 deletions
|
|
@ -7,7 +7,7 @@ Qubes implements a security-by-compartmentalization approach. To do this, Qubes
|
|||
|
||||
|qubes-schema-v2.png|
|
||||
|
||||
Qubes lets the user define many secure compartments known as :ref:`qubes <user/reference/glossary:qube>`, which are implemented as lightweight :ref:`virtual machines (VMs) <user/reference/glossary:vm>`. For example, the user can have “personal,” “work,” “shopping,” “bank,” and “random” app qubes and can use the applications within those qubes just as if they were executing on the local machine. At the same time, however, these applications are well isolated from each other. Qubes also supports secure copy-and-paste and file sharing between qubes, of course.
|
||||
Qubes lets the user define many secure compartments known as :term:`qubes <qube>`, which are implemented as lightweight :term:`virtual machines (VMs) <vm>`. For example, the user can have “personal,” “work,” “shopping,” “bank,” and “random” app qubes and can use the applications within those qubes just as if they were executing on the local machine. At the same time, however, these applications are well isolated from each other. Qubes also supports secure copy-and-paste and file sharing between qubes, of course.
|
||||
|
||||
Key architecture features
|
||||
-------------------------
|
||||
|
|
|
|||
|
|
@ -9,13 +9,13 @@ The Basics
|
|||
----------
|
||||
|
||||
|
||||
Qubes OS is an operating system built out of securely-isolated compartments, or :ref:`qubes <user/reference/glossary:qube>`. You can have a work qube, a personal qube, a banking qube, a web browsing qube, a standalone Windows qube and so on. You can have as many qubes as you want! Most of the time, you’ll be using an :ref:`app qube <user/reference/glossary:app qube>`, a qube for running software programs like web browsers, email clients, and word processors. Each app qube is based on another type of qube called a :ref:`template <user/reference/glossary:template>`. The same template can be a base for various qubes. Importantly, a qube cannot modify its template in any way. This means that, if a qube is ever compromised, its template and any other qubes based on that template will remain safe. This is what makes Qubes OS so secure. Even if an attack is successful, the damage is limited to a single qube.
|
||||
Qubes OS is an operating system built out of securely-isolated compartments, or :term:`qubes <qube>`. You can have a work qube, a personal qube, a banking qube, a web browsing qube, a standalone Windows qube and so on. You can have as many qubes as you want! Most of the time, you’ll be using an :term:`app qube`, a qube for running software programs like web browsers, email clients, and word processors. Each app qube is based on another type of qube called a :term:`template`. The same template can be a base for various qubes. Importantly, a qube cannot modify its template in any way. This means that, if a qube is ever compromised, its template and any other qubes based on that template will remain safe. This is what makes Qubes OS so secure. Even if an attack is successful, the damage is limited to a single qube.
|
||||
|
||||
Suppose you want to use your favorite web browser in several different qubes. You’d install the web browser in a template, then every qube based on that template would be able to run the web browser software (while still being forbidden from modifying the template and any other qubes). This way, you only have to install the web browser a single time, and updating the template updates all the qubes based on it. This elegant design saves time and space while enhancing security.
|
||||
|
||||
There are also some “helper” qubes in your system. Each qube that connects to the Internet does so through a network-providing :ref:`service qube <user/reference/glossary:service qube>`. If you need to access USB devices, another service qube will do that. There’s also a :ref:`management qube <user/reference/glossary:management qube>` that automatically handles a lot of background housekeeping. For the most part, you won’t have to worry about it, but it’s nice to know that it’s there. As with app qubes, service qubes and management qubes are also based on templates. Templates are usually named after their operating system (often a `Linux distribution <https://en.wikipedia.org/wiki/Linux_distribution>`__) and corresponding version number. There are many ready-to-use :doc:`templates </user/templates/templates>` to choose from, and you can download and have as many as you like.
|
||||
There are also some “helper” qubes in your system. Each qube that connects to the Internet does so through a network-providing :term:`service qube`. If you need to access USB devices, another service qube will do that. There’s also a :term:`management qube` that automatically handles a lot of background housekeeping. For the most part, you won’t have to worry about it, but it’s nice to know that it’s there. As with app qubes, service qubes and management qubes are also based on templates. Templates are usually named after their operating system (often a `Linux distribution <https://en.wikipedia.org/wiki/Linux_distribution>`__) and corresponding version number. There are many ready-to-use :doc:`templates </user/templates/templates>` to choose from, and you can download and have as many as you like.
|
||||
|
||||
Last but not least, there’s a very special :ref:`admin qube <user/reference/glossary:admin qube>` used to administer your entire system. There’s only one admin qube, and it’s called :ref:`dom0 <user/reference/glossary:dom0>`. You can think of it as the master qube, holding ultimate power over everything that happens in Qubes OS. Dom0 is the most trusted one of all qubes. If dom0 were ever to be compromised, it would be “game over”- an effective compromise of the entire system. That’s why everything in Qubes OS is specifically designed to protect dom0 and ensure that doesn’t happen. Due to its overarching importance, dom0 has no network connectivity and is used only for running the `desktop environment <https://en.wikipedia.org/wiki/Desktop_environment>`__ and `window manager <https://en.wikipedia.org/wiki/Window_manager>`__. Dom0 should never be used for anything else. In particular, you should never run user applications in dom0. (That’s what your app qubes are for!) In short, be very careful when interacting with dom0.
|
||||
Last but not least, there’s a very special :term:`admin qube` used to administer your entire system. There’s only one admin qube, and it’s called :term:`dom0`. You can think of it as the master qube, holding ultimate power over everything that happens in Qubes OS. Dom0 is the most trusted one of all qubes. If dom0 were ever to be compromised, it would be “game over”- an effective compromise of the entire system. That’s why everything in Qubes OS is specifically designed to protect dom0 and ensure that doesn’t happen. Due to its overarching importance, dom0 has no network connectivity and is used only for running the `desktop environment <https://en.wikipedia.org/wiki/Desktop_environment>`__ and `window manager <https://en.wikipedia.org/wiki/Window_manager>`__. Dom0 should never be used for anything else. In particular, you should never run user applications in dom0. (That’s what your app qubes are for!) In short, be very careful when interacting with dom0.
|
||||
|
||||
Color & Security
|
||||
^^^^^^^^^^^^^^^^
|
||||
|
|
|
|||
|
|
@ -6,10 +6,10 @@ What is Qubes OS?
|
|||
-----------------
|
||||
|
||||
Qubes OS is a free and open-source, security-oriented operating system for
|
||||
single-user desktop computing. Qubes OS `leverages Xen-based virtualization <https://wiki.xen.org/wiki/Xen_Project_Software_Overview>`__ to allow for the creation and management of isolated compartments called :ref:`qubes <user/reference/glossary:qube>`.
|
||||
single-user desktop computing. Qubes OS `leverages Xen-based virtualization <https://wiki.xen.org/wiki/Xen_Project_Software_Overview>`__ to allow for the creation and management of isolated compartments called :term:`qubes <qube>`.
|
||||
|
||||
|
||||
These qubes, which are implemented as :ref:`virtual machines (VMs)<user/reference/glossary:vm>`, have specific:
|
||||
These qubes, which are implemented as :term:`virtual machines (VMs) <vm>`, have specific:
|
||||
|
||||
- **Purposes:** with a predefined set of one or many isolated
|
||||
applications, for personal or professional projects, to manage the
|
||||
|
|
@ -39,7 +39,7 @@ Features
|
|||
- **Strong isolation** Isolate different pieces of software as if they were installed on separate
|
||||
physical machines using advanced virtualization techniques.
|
||||
|
||||
- **Template system** Use :ref:`app qubes <user/reference/glossary:app qube>` to
|
||||
- **Template system** Use :term:`app qubes <app qube>` to
|
||||
share a root file system without sacrificing security using the innovative
|
||||
:doc:`Template system </user/templates/templates>`.
|
||||
|
||||
|
|
@ -189,7 +189,7 @@ presentation.
|
|||
|
||||
|
||||
- If you’re a current or potential Qubes user, you may want to check out the :doc:`documentation </index>` and the :ref:`user FAQ <introduction/faq:users>`.
|
||||
- If you’re a developer, there’s dedicated :ref:`developer documentation <index:developer documentation>` and a :ref:`developer FAQ <introduction/faq:developers>` just for you.
|
||||
- Ready to give Qubes a try? Head on over to the `downloads page <https://www.qubes-os.org/downloads/>`__, and read the :doc:`installation guide </user/downloading-installing-upgrading/installation-guide>`.
|
||||
- If you’re a developer, there’s dedicated :ref:`index:Developer Documentation` and a :ref:`developer FAQ <introduction/faq:developers>` just for you.
|
||||
- Ready to give Qubes a try? Head on over to the `downloads page <https://www.qubes-os.org/downloads/>`__, and read the :ref:`Installation guide`.
|
||||
- Need help, or just want to join the conversation? Learn more about :doc:`help, support, the mailing lists, and the forum </introduction/support>`.
|
||||
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ Introduction
|
|||
------------
|
||||
|
||||
|
||||
A :doc:`disposable </user/how-to-guides/how-to-use-disposables>` can be based on any :ref:`app qube <user/reference/glossary:app qube>`. You can also choose to use different :ref:`disposable templates <user/reference/glossary:disposable template>` for different disposables. To prepare an app qube to be a disposable template, you need to set the ``template_for_dispvms`` property:
|
||||
A :doc:`disposable </user/how-to-guides/how-to-use-disposables>` can be based on any :term:`app qube`. You can also choose to use different :term:`disposable templates <disposable template>` for different disposables. To prepare an app qube to be a disposable template, you need to set the ``template_for_dispvms`` property:
|
||||
|
||||
.. code:: bash
|
||||
|
||||
|
|
@ -89,7 +89,7 @@ Using named disposables for service qubes
|
|||
-----------------------------------------
|
||||
|
||||
|
||||
You can use a :ref:`named disposable <user/reference/glossary:named disposable>` for service qubes (such as those with the ``sys-*`` naming scheme) as long as they are stateless. For example, a ``sys-net`` using DHCP or ``sys-usb`` will work. In most cases ``sys-firewall`` will also work, even if you have configured app qube firewall rules. The only exception is if you require something like VM to VM communication and have manually edited ``iptables`` or other items directly inside the firewall app qube.
|
||||
You can use a :term:`named disposable` for service qubes (such as those with the ``sys-*`` naming scheme) as long as they are stateless. For example, a ``sys-net`` using DHCP or ``sys-usb`` will work. In most cases ``sys-firewall`` will also work, even if you have configured app qube firewall rules. The only exception is if you require something like VM to VM communication and have manually edited ``iptables`` or other items directly inside the firewall app qube.
|
||||
|
||||
To create one that has no PCI devices attached, such as for ``sys-firewall``:
|
||||
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ Standalones and HVMs
|
|||
|
||||
This page is intended for advanced users.
|
||||
|
||||
A :ref:`standalone <user/reference/glossary:standalone>` is a type of qube that is created by cloning a :ref:`template <user/reference/glossary:template>`. Unlike templates, however, standalones do not supply their root filesystems to other qubes. Examples of situations in which standalones can be useful include:
|
||||
A :term:`standalone` is a type of qube that is created by cloning a :term:`template`. Unlike templates, however, standalones do not supply their root filesystems to other qubes. Examples of situations in which standalones can be useful include:
|
||||
|
||||
- Qubes used for development (dev environments often require a lot of specific packages and tools)
|
||||
|
||||
|
|
@ -14,7 +14,7 @@ A :ref:`standalone <user/reference/glossary:standalone>` is a type of qube that
|
|||
|
||||
|
||||
|
||||
Meanwhile, a :ref:`Hardware-assisted Virtual Machine (HVM) <user/reference/glossary:hvm>`, also known as a “Fully-Virtualized Virtual Machine,” utilizes the virtualization extensions of the host CPU. These are typically contrasted with Paravirtualized (PV) VMs.
|
||||
Meanwhile, a :term:`Hardware-assisted Virtual Machine (HVM) <hvm>`, also known as a “Fully-Virtualized Virtual Machine,” utilizes the virtualization extensions of the host CPU. These are typically contrasted with Paravirtualized (PV) VMs.
|
||||
|
||||
HVMs allow you to create qubes based on any OS for which you have an installation ISO, so you can easily have qubes running Windows, ``*BSD``, or any Linux distribution. You can also use HVMs to run “live” distros.
|
||||
|
||||
|
|
@ -86,7 +86,7 @@ Command line
|
|||
^^^^^^^^^^^^
|
||||
|
||||
|
||||
Qubes are template-based (i.e., :ref:`app qubes <user/reference/glossary:app qube>` by default, so you must set the ``--class StandaloneVM`` option to create a standalone. The name and label color used below are for illustration purposes.
|
||||
Qubes are template-based (i.e., :term:`app qubes <app qube>` by default, so you must set the ``--class StandaloneVM`` option to create a standalone. The name and label color used below are for illustration purposes.
|
||||
|
||||
.. code:: bash
|
||||
|
||||
|
|
@ -148,7 +148,7 @@ Just like standard app qubes, an HVM gets a fixed IP addresses centrally assigne
|
|||
|
||||
A generic HVM such as a standard Windows or Ubuntu installation, however, has no Qubes agent scripts running inside it initially and thus requires manual configuration of networking so that it matches the values assigned by Qubes.
|
||||
|
||||
Even though we do have a small DHCP server that runs inside the HVM’s untrusted stub domain to make the manual network configuration unnecessary for many qubes, this won’t work for most modern Linux distributions, which contain Xen networking PV drivers (but not Qubes tools), which bypass the stub-domain networking. (Their net frontends connect directly to the net backend in the :ref:`net qube <user/reference/glossary:net qube>`.) In this instance, our DHCP server is not useful.
|
||||
Even though we do have a small DHCP server that runs inside the HVM’s untrusted stub domain to make the manual network configuration unnecessary for many qubes, this won’t work for most modern Linux distributions, which contain Xen networking PV drivers (but not Qubes tools), which bypass the stub-domain networking. (Their net frontends connect directly to the net backend in the :term:`net qube <net qube>`.) In this instance, our DHCP server is not useful.
|
||||
|
||||
In order to manually configure networking in a qube, one should first find out the IP/netmask/gateway assigned to the particular qube by Qubes. This can be seen, e.g., in the Qube Manager in the qube’s properties:
|
||||
|
||||
|
|
|
|||
|
|
@ -262,7 +262,7 @@ Let’s briefly go over the options:
|
|||
|
||||
- **Templates Configuration:** Here you can decide which :doc:`templates </user/templates/templates>` you want to have installed, and which will be the default template.
|
||||
|
||||
- **Create default system qubes:** These are the core components of the system, required for things like internet access. You can opt to have some created as :ref:`disposables <user/reference/glossary:disposable>`.
|
||||
- **Create default system qubes:** These are the core components of the system, required for things like internet access. You can opt to have some created as :term:`disposables <disposable>`.
|
||||
|
||||
- **Create default application qubes:** These are how you compartmentalize your digital life. There’s nothing special about the ones the installer creates. They’re just suggestions that apply to most people. If you decide you don’t want them, you can always delete them later, and you can always create your own.
|
||||
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@ Restore from your backup
|
|||
|
||||
4. Go to **Qubes menu -> System Tools -> Qubes Manager** to start it.
|
||||
|
||||
5. Follow the **Restoring from a Backup** section in the :doc:`Backup, Restoration, and Migration </user/how-to-guides/how-to-back-up-restore-and-migrate>` guide. We recommend that you restore only your :ref:`app qubes <user/reference/glossary:app qube>` and :ref:`standalones <user/reference/glossary:standalone>` from R3.2. Using :doc:`templates </user/templates/templates>` and :ref:`service qubes <user/reference/glossary:service qube>` from R3.2 is not fully supported (see `#3514 <https://github.com/QubesOS/qubes-issues/issues/3514>`__). Instead, we recommend using the templates that were created specifically for R4.0, which you can :doc:`customize </user/how-to-guides/how-to-install-software>` according to your needs. For the template OS versions supported in R4.0, see :ref:`supported releases <user/downloading-installing-upgrading/supported-releases:templates>`. If the restore tool complains about missing templates, you can select the option to restore the app qubes anyway, then change them afterward to use one of the default R4.0 templates.
|
||||
5. Follow the **Restoring from a Backup** section in the :doc:`Backup, Restoration, and Migration </user/how-to-guides/how-to-back-up-restore-and-migrate>` guide. We recommend that you restore only your :term:`app qubes <app qube>` and :term:`standalones <standalone>` from R3.2. Using :doc:`templates </user/templates/templates>` and :term:`service qubes <service qube>` from R3.2 is not fully supported (see `#3514 <https://github.com/QubesOS/qubes-issues/issues/3514>`__). Instead, we recommend using the templates that were created specifically for R4.0, which you can :doc:`customize </user/how-to-guides/how-to-install-software>` according to your needs. For the template OS versions supported in R4.0, see :ref:`supported releases <user/downloading-installing-upgrading/supported-releases:templates>`. If the restore tool complains about missing templates, you can select the option to restore the app qubes anyway, then change them afterward to use one of the default R4.0 templates.
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ How to copy from dom0
|
|||
=====================
|
||||
|
||||
|
||||
This page covers copying files and clipboard text between :ref:`dom0 <user/reference/glossary:dom0>` and :ref:`domUs <user/reference/glossary:domu>`. Since dom0 is special, the processes are different from :doc:`copying and pasting text between qubes </user/how-to-guides/how-to-copy-and-paste-text>` and :doc:`copying and moving files between qubes </user/how-to-guides/how-to-copy-and-move-files>`.
|
||||
This page covers copying files and clipboard text between :term:`dom0` and :term:`domUs <domu>`. Since dom0 is special, the processes are different from :doc:`copying and pasting text between qubes </user/how-to-guides/how-to-copy-and-paste-text>` and :doc:`copying and moving files between qubes </user/how-to-guides/how-to-copy-and-move-files>`.
|
||||
|
||||
Copying *from* dom0
|
||||
-------------------
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ How to install software
|
|||
=======================
|
||||
|
||||
|
||||
When you wish to install software in Qubes OS, you should generally install it in a :ref:`template <user/reference/glossary:template>`. For installing templates themselves, see :ref:`how to install a template <user/templates/templates:installing>`. Advanced users may also be interested in learning how to install software in :doc:`standalones </user/advanced-topics/standalones-and-hvms>` and :doc:`dom0 </user/advanced-topics/how-to-install-software-in-dom0>`.
|
||||
When you wish to install software in Qubes OS, you should generally install it in a :term:`template`. For installing templates themselves, see :ref:`how to install a template <user/templates/templates:installing>`. Advanced users may also be interested in learning how to install software in :doc:`standalones </user/advanced-topics/standalones-and-hvms>` and :doc:`dom0 </user/advanced-topics/how-to-install-software-in-dom0>`.
|
||||
|
||||
Qubes OS is effectively a “meta” operating system (OS) that can run almost any arbitrary OS inside of itself. For example, the way software is normally installed in a Linux distribution (“distro”) is quite different from the way software is normally installed in Windows. This isn’t up to Qubes. Qubes is just the framework in which you’re running these other OSes. Therefore, if you want to install software in a Linux template, for example, you should do so in whatever way is normal for that Linux distro. Most Linux software is distributed via `packages <https://en.wikipedia.org/wiki/Package_format>`__, which are stored in `software repositories <https://en.wikipedia.org/wiki/Software_repository>`__ (“repos”). `Package managers <https://en.wikipedia.org/wiki/Package_manager>`__ handle downloading, installing, updating, and removing packages. (Again, none of this is Qubes-specific.) If you’re not familiar with how software is normally installed in Linux distros via package managers or the software you want doesn’t seem to be available in your distro’s repos (or you’re in another situation not covered on this page), please read this `community guide to installing software in Qubes <https://forum.qubes-os.org/t/9991/>`__.
|
||||
|
||||
|
|
@ -185,7 +185,7 @@ Standalones
|
|||
^^^^^^^^^^^
|
||||
|
||||
|
||||
The process for installing and updating software in :ref:`standalones <user/reference/glossary:standalone>` is the same as described above for templates, except no qubes are based on standalones, so there are no other qubes to restart.
|
||||
The process for installing and updating software in :term:`standalones <standalone>` is the same as described above for templates, except no qubes are based on standalones, so there are no other qubes to restart.
|
||||
|
||||
RPMFusion for Fedora templates
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
|
|
|||
|
|
@ -9,13 +9,13 @@ It is important to keep your Qubes OS system up-to-date to ensure you have the l
|
|||
|
||||
Fully updating your Qubes OS system means updating:
|
||||
|
||||
- :ref:`dom0 <user/reference/glossary:dom0>`
|
||||
- :term:`dom0`
|
||||
|
||||
- :ref:`templates <user/reference/glossary:template>`
|
||||
- :term:`templates <template>`
|
||||
|
||||
- :ref:`standalones <user/reference/glossary:standalone>` (if you have any)
|
||||
- :term:`standalones <standalone>` (if you have any)
|
||||
|
||||
- :ref:`firmware <user/reference/glossary:firmware>`
|
||||
- :term:`firmware`
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@ How to use disposables
|
|||
======================
|
||||
|
||||
|
||||
A :ref:`disposable <user/reference/glossary:disposable>` is a lightweight :ref:`qube <user/reference/glossary:qube>` that can be created quickly and will self-destruct when closed. Disposables are usually created in order to host a single application, like a viewer, editor, or web browser.
|
||||
A :term:`disposable` is a lightweight :term:`qube` that can be created quickly and will self-destruct when closed. Disposables are usually created in order to host a single application, like a viewer, editor, or web browser.
|
||||
|
||||
From inside an app qube, choosing the ``Open in disposable`` option on a file will launch a disposable for just that file. Changes made to a file opened in a disposable are passed back to the originating qube. This means that you can safely work with untrusted files without risk of compromising your other qubes. Disposables can be launched either directly from dom0’s app menu or terminal window, or from within app qubes. Disposables are generated with names like ``disp####``, where ``####`` is random number.
|
||||
|
||||
|
|
@ -15,7 +15,7 @@ Named disposables and disposable templates
|
|||
------------------------------------------
|
||||
|
||||
|
||||
There is a difference between :ref:`named disposable qubes <user/reference/glossary:named disposable>` and :ref:`disposable templates <user/reference/glossary:disposable template>`.
|
||||
There is a difference between :term:`named disposable qubes <named disposable>` and :term:`disposable templates <disposable template>`.
|
||||
|
||||
In a default QubesOS Installation, you would probably use the ‘whonix-ws-16-dvm’ disposable template to, for example, browse the Tor network with an disposable qube. Every time you start an application using this disposable template, a new disposable qube - named ``dispX`` (where X is a random number) starts. If you close the application window, the ``dispX`` qube shuts down and vanishes from your system. That is how disposable templates are used.
|
||||
|
||||
|
|
@ -43,7 +43,7 @@ Security
|
|||
--------
|
||||
|
||||
|
||||
If a :ref:`disposable template <user/reference/glossary:disposable template>` becomes compromised, then any disposable based on that disposable template could be compromised. In particular, the *default* disposable template is important because it is used by the “Open in disposable” feature. This means that it will have access to everything that you open with this feature. For this reason, it is strongly recommended that you base the default disposable template on a trusted template.
|
||||
If a :term:`disposable template` becomes compromised, then any disposable based on that disposable template could be compromised. In particular, the *default* disposable template is important because it is used by the “Open in disposable” feature. This means that it will have access to everything that you open with this feature. For this reason, it is strongly recommended that you base the default disposable template on a trusted template.
|
||||
|
||||
Disposables and Local Forensics
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
|
@ -57,7 +57,7 @@ Disposables and Networking
|
|||
--------------------------
|
||||
|
||||
|
||||
Similarly to how app qubes are based on their underlying :ref:`template <user/reference/glossary:template>`, disposables are based on their underlying :ref:`disposable template <user/reference/glossary:disposable template>`. R4.0 introduces the concept of multiple disposable templates, whereas R3.2 was limited to only one.
|
||||
Similarly to how app qubes are based on their underlying :term:`template`, disposables are based on their underlying :term:`disposable template`. R4.0 introduces the concept of multiple disposable templates, whereas R3.2 was limited to only one.
|
||||
|
||||
On a fresh installation of Qubes, the default disposable template is called ``fedora-X-dvm`` or ``debian-X-dvm`` (where ``X`` is a release number). If you have included the Whonix option in your install, there will also be a ``whonix-ws-dvm`` disposable template available for your use.
|
||||
|
||||
|
|
|
|||
|
|
@ -2,220 +2,162 @@
|
|||
Glossary
|
||||
========
|
||||
|
||||
.. glossary::
|
||||
|
||||
admin qube
|
||||
----------
|
||||
admin qube
|
||||
A type of :term:`qube` used for administering Qubes OS.
|
||||
|
||||
- Currently, the only admin qube is :term:`dom0`.
|
||||
|
||||
A type of `qube <#qube>`__ used for administering Qubes OS.
|
||||
|
||||
- Currently, the only admin qube is `dom0 <#dom0>`__.
|
||||
|
||||
app qube
|
||||
Any :term:`qube` that does not have a root filesystem of its own. Every app qube is based on a :term:`template` from which it borrows the root filesystem.
|
||||
|
||||
- Previously known as: ``AppVM``, ``TemplateBasedVM``.
|
||||
|
||||
app qube
|
||||
--------
|
||||
- Historical note: This term originally meant “a qube intended for running user software applications” (hence the name “app”).
|
||||
|
||||
|
||||
Any `qube <#qube>`__ that does not have a root filesystem of its own. Every app qube is based on a `template <#template>`__ from which it borrows the root filesystem.
|
||||
|
||||
- Previously known as: ``AppVM``, ``TemplateBasedVM``.
|
||||
disposable
|
||||
A type of temporary :term:`app qube` that self-destructs when its originating window closes. Each disposable is based on a :term:`disposable template`.
|
||||
|
||||
- Historical note: This term originally meant “a qube intended for running user software applications” (hence the name “app”).
|
||||
See :doc:`/user/how-to-guides/how-to-use-disposables`.
|
||||
|
||||
- Previously known as: ``DisposableVM``, ``DispVM``.
|
||||
|
||||
|
||||
disposable
|
||||
----------
|
||||
|
||||
disposable template
|
||||
Any :term:`app qube` on which :term:`disposable` are based. A disposable template shares its user directories (and, indirectly, the root filesystem of the regular :term:`template` on which it is based) with all :term:`disposable` based on it.
|
||||
|
||||
A type of temporary `app qube <#app-qube>`__ that self-destructs when its originating window closes. Each disposable is based on a `disposable template <#disposable-template>`__.
|
||||
- Not to be confused with the concept of a regular :term:`template` that is itself disposable, which does not exist in Qubes OS.
|
||||
|
||||
See :doc:`How to Use Dispoables </user/how-to-guides/how-to-use-disposables>`.
|
||||
- Disposable templates must be app qubes. They cannot be regular :term:`template`.
|
||||
|
||||
- Previously known as: ``DisposableVM``, ``DispVM``.
|
||||
- Every :term:`disposable` is based on a disposable template, which is in turn based on a regular :term:`template`.
|
||||
|
||||
- Unlike :term:`disposable`, disposable templates have the persistence properties of normal :term:`app qube`.
|
||||
|
||||
- Previously known as: ``DisposableVM Template``, ``DVM Template``, ``DVM``.
|
||||
|
||||
disposable template
|
||||
-------------------
|
||||
|
||||
|
||||
Any `app qube <#app-qube>`__ on which `disposables <#disposable>`__ are based. A disposable template shares its user directories (and, indirectly, the root filesystem of the regular `template <#template>`__ on which it is based) with all `disposables <#disposable>`__ based on it.
|
||||
dom0
|
||||
:term:`domain` zero. A type of :term:`admin qube`. Also known as the **host** domain, dom0 is the initial qube started by the Xen hypervisor on boot. Dom0 runs the Xen management toolstack and has special privileges relative to other domains, such as direct access to most hardware.
|
||||
|
||||
- Not to be confused with the concept of a regular `template <#template>`__ that is itself disposable, which does not exist in Qubes OS.
|
||||
- The term “dom0” is a common noun and should follow the capitalization rules of common nouns.
|
||||
|
||||
- Disposable templates must be app qubes. They cannot be regular `templates <#template>`__.
|
||||
|
||||
- Every `disposable <#disposable>`__ is based on a disposable template, which is in turn based on a regular `template <#template>`__.
|
||||
|
||||
- Unlike `disposables <#disposable>`__, disposable templates have the persistence properties of normal `app qubes <#app-qube>`__.
|
||||
domain
|
||||
In Xen, a synonym for :term:`vm`.
|
||||
|
||||
- Previously known as: ``DisposableVM Template``, ``DVM Template``, ``DVM``.
|
||||
See `“domain” on the Xen Wiki <https://wiki.xenproject.org/wiki/Domain>`__.
|
||||
|
||||
- This term has no official meaning in Qubes OS.
|
||||
|
||||
|
||||
dom0
|
||||
----
|
||||
|
||||
domU
|
||||
Unprivileged :term:`domain`. Also known as **guest** domains, domUs are the counterparts to dom0. In Xen, all VMs except dom0 are domUs. By default, most domUs lack direct hardware access.
|
||||
|
||||
`Domain <#domain>`__ zero. A type of `admin qube <#admin-qube>`__. Also known as the **host** domain, dom0 is the initial qube started by the Xen hypervisor on boot. Dom0 runs the Xen management toolstack and has special privileges relative to other domains, such as direct access to most hardware.
|
||||
- The term “domU” is a common noun and should follow the capitalization rules of common nouns.
|
||||
|
||||
- The term “dom0” is a common noun and should follow the capitalization rules of common nouns.
|
||||
- Sometimes the term :term:`vm` is used as a synonym for domU. This is technically inaccurate, as :term:`dom0` is also a VM in Xen.
|
||||
|
||||
|
||||
|
||||
domain
|
||||
------
|
||||
firmware
|
||||
Software that runs outside the control of the operating system. Some firmware executes on the same CPU cores as Qubes OS does, but all computers have many additional processors that the operating system does not run on, and these computers also run firmware.
|
||||
|
||||
HVM
|
||||
Hardware-assisted Virtual Machine. Any fully virtualized, or hardware-assisted, :term:`vm` utilizing the virtualization extensions of the host CPU. Although HVMs are typically slower than paravirtualized qubes due to the required emulation, HVMs allow the user to create domains based on any operating system.
|
||||
|
||||
In Xen, a synonym for `VM <#vm>`__.
|
||||
See :doc:`/user/advanced-topics/standalones-and-hvms`.
|
||||
|
||||
See `“domain” on the Xen Wiki <https://wiki.xenproject.org/wiki/Domain>`__.
|
||||
management qube
|
||||
A :term:`qube` used for automated management of a Qubes OS installation via :doc:`/user/advanced-topics/salt`.
|
||||
|
||||
- This term has no official meaning in Qubes OS.
|
||||
named disposable
|
||||
A type of :term:`disposable` given a permanent name that continues to exist even after it is shut down and can be restarted again. Like a regular :term:`disposable`, a named disposable has no persistent state: Any changes made are lost when it is shut down.
|
||||
|
||||
- Only one instance of a named disposable can run at a time.
|
||||
|
||||
- Like a regular :term:`disposable`, a named disposable always has the same state when it starts, namely that of the :term:`disposable template` on which it is based.
|
||||
|
||||
domU
|
||||
----
|
||||
- Technical note: Named disposables are useful for certain :term:`service qube`, where the combination of persistent device assignment and ephemeral qube state is desirable.
|
||||
|
||||
|
||||
Unprivileged `domain <#domain>`__. Also known as **guest** domains, domUs are the counterparts to dom0. In Xen, all VMs except dom0 are domUs. By default, most domUs lack direct hardware access.
|
||||
|
||||
- The term “domU” is a common noun and should follow the capitalization rules of common nouns.
|
||||
net qube
|
||||
Internally known as :term:`qube` that specifies from which qube, if any, it receives network access. Despite the name, “net qube” (or :term:`app qube` to be the :term:`service qube` ``sys-firewall``, which in turn uses ``sys-net`` as its net qube.
|
||||
|
||||
- Sometimes the term `VM <#vm>`__ is used as a synonym for domU. This is technically inaccurate, as `dom0 <#dom0>`__ is also a VM in Xen.
|
||||
- If a qube does not have a net qube (i.e., its ``netvm`` is set to ``None``), then that qube is offline. It is disconnected from all networking.
|
||||
|
||||
- The name :term:`service qube` called a “NetVM.” The name of the ``netvm`` property is a holdover from that era.
|
||||
|
||||
|
||||
firmware
|
||||
--------
|
||||
|
||||
policies
|
||||
In Qubes OS, “policies” govern interactions between qubes, powered by :doc:`Qubes’ qrexec system </developer/services/qrexec>`. A single policy is a rule applied to a qube or set of qubes, that governs how and when information or assets may be shared with other qubes.
|
||||
An example is the rules governing how files can be copied between qubes.
|
||||
Policy rules are grouped together in files under ``/etc/qubes/policy.d``
|
||||
Policies are an important part of what makes Qubes OS special.
|
||||
|
||||
Software that runs outside the control of the operating system. Some firmware executes on the same CPU cores as Qubes OS does, but all computers have many additional processors that the operating system does not run on, and these computers also run firmware.
|
||||
|
||||
HVM
|
||||
---
|
||||
qube
|
||||
A secure compartment in Qubes OS. Currently, qubes are implemented as Xen :term:`vm`, but Qubes OS is independent of its underlying compartmentalization technology. VMs could be replaced with a different technology, and qubes would still be called “qubes.”
|
||||
|
||||
- **Important:** The term “qube” is a common noun and should follow the capitalization rules of common nouns. For example, “I have three qubes” is correct, while “I have three Qubes” is incorrect.
|
||||
|
||||
Hardware-assisted Virtual Machine. Any fully virtualized, or hardware-assisted, `VM <#vm>`__ utilizing the virtualization extensions of the host CPU. Although HVMs are typically slower than paravirtualized qubes due to the required emulation, HVMs allow the user to create domains based on any operating system.
|
||||
- Note that starting a sentence with the plural of “qube” (i.e., “Qubes…”) can be ambiguous, since it may not be clear whether the referent is a plurality of qubes or :term:`Qubes OS`.
|
||||
|
||||
See :doc:`Standalones and HVM </user/advanced-topics/standalones-and-hvms>`.
|
||||
- Example usage: “In Qubes OS, you do your banking in your ‘banking’ qube and your web surfing in your ‘untrusted’ qube. That way, if your ‘untrusted’ qube is compromised, your banking activities will remain secure.”
|
||||
|
||||
management qube
|
||||
---------------
|
||||
- Historical note: The term “qube” was originally invented as an alternative to “VM” intended to make it easier for less technical users to understand Qubes OS and learn how to use it.
|
||||
|
||||
|
||||
A `qube <#qube>`__ used for automated management of a Qubes OS installation via :doc:`Salt </user/advanced-topics/salt>`.
|
||||
|
||||
named disposable
|
||||
----------------
|
||||
Qubes OS
|
||||
A security-oriented operating system (OS). The main principle of Qubes OS is security by compartmentalization (or isolation), in which activities are compartmentalized (or isolated) in separate :term:`qube`.
|
||||
|
||||
- **Important:** The official name is “Qubes OS” (note the capitalization and the space between “Qubes” and “OS”). In casual conversation, this is often shortened to “Qubes.” Only in technical contexts where spaces are not permitted (e.g., in usernames) may the space be omitted, as in ``@QubesOS``.
|
||||
|
||||
A type of `disposable <#disposable>`__ given a permanent name that continues to exist even after it is shut down and can be restarted again. Like a regular `disposable <#disposable>`__, a named disposable has no persistent state: Any changes made are lost when it is shut down.
|
||||
|
||||
- Only one instance of a named disposable can run at a time.
|
||||
|
||||
- Like a regular `disposable <#disposable>`__, a named disposable always has the same state when it starts, namely that of the `disposable template <#disposable-template>`__ on which it is based.
|
||||
Qubes Windows Tools (QWT)
|
||||
A set of programs and drivers that provide integration of Windows qubes with the rest of the Qubes OS system.
|
||||
|
||||
- Technical note: Named disposables are useful for certain `service qubes <#service-qube>`__, where the combination of persistent device assignment and ephemeral qube state is desirable.
|
||||
See :doc:`/user/templates/windows/qubes-windows-tools-4-0` and :doc:`/user/templates/windows/windows`.
|
||||
|
||||
service qube
|
||||
Any :term:`app qube` the primary purpose of which is to provide services to other qubes. ``sys-net`` and ``sys-firewall`` are examples of service qubes.
|
||||
|
||||
standalone
|
||||
Any :term:`qube` that has its own root filesystem and does not share it with another qube. Distinct from both :term:`template` and :term:`app qube`.
|
||||
|
||||
net qube
|
||||
--------
|
||||
See :doc:`/user/advanced-topics/standalones-and-hvms`.
|
||||
|
||||
- Previously known as: ``StandaloneVM``.
|
||||
|
||||
Internally known as ``netvm``. The property of a `qube <#qube>`__ that specifies from which qube, if any, it receives network access. Despite the name, “net qube” (or ``netvm``) is a *property* of a qube, not a *type* of qube. For example, it is common for the net qube of an `app qube <#app-qube>`__ to be the `service qube <#service-qube>`__ ``sys-firewall``, which in turn uses ``sys-net`` as its net qube.
|
||||
|
||||
- If a qube does not have a net qube (i.e., its ``netvm`` is set to ``None``), then that qube is offline. It is disconnected from all networking.
|
||||
|
||||
- The name ``netvm`` derives from “Networking Virtual Machine.” Before Qubes 4.0, there was a type of `service qube <#service-qube>`__ called a “NetVM.” The name of the ``netvm`` property is a holdover from that era.
|
||||
template
|
||||
Any :term:`qube` that shares its root filesystem with another qube. A qube that is borrowing a template’s root filesystem is known as an :term:`app qube` and is said to be “based on” the template. Templates are intended for installing and updating software applications, but not for running them.
|
||||
|
||||
See :doc:`/user/templates/templates`.
|
||||
|
||||
- No template is an :term:`app qube`.
|
||||
|
||||
policies
|
||||
--------
|
||||
- A template cannot be based on another template.
|
||||
|
||||
| In Qubes OS, “policies” govern interactions between qubes, powered by :doc:`Qubes’ qrexec system </developer/services/qrexec>`. A single policy is a rule applied to a qube or set of qubes, that governs how and when information or assets may be shared with other qubes.
|
||||
| An example is the rules governing how files can be copied between qubes.
|
||||
| Policy rules are grouped together in files under ``/etc/qubes/policy.d``
|
||||
| Policies are an important part of what makes Qubes OS special.
|
||||
- Regular templates cannot function as :term:`disposable template`. (Disposable templates must be app qubes.)
|
||||
|
||||
- Previously known as: ``TemplateVM``.
|
||||
|
||||
qube
|
||||
----
|
||||
|
||||
|
||||
A secure compartment in Qubes OS. Currently, qubes are implemented as Xen `VMs <#vm>`__, but Qubes OS is independent of its underlying compartmentalization technology. VMs could be replaced with a different technology, and qubes would still be called “qubes.”
|
||||
|
||||
- **Important:** The term “qube” is a common noun and should follow the capitalization rules of common nouns. For example, “I have three qubes” is correct, while “I have three Qubes” is incorrect.
|
||||
|
||||
- Note that starting a sentence with the plural of “qube” (i.e., “Qubes…”) can be ambiguous, since it may not be clear whether the referent is a plurality of qubes or `Qubes OS <#qubes-os>`__.
|
||||
|
||||
- Example usage: “In Qubes OS, you do your banking in your ‘banking’ qube and your web surfing in your ‘untrusted’ qube. That way, if your ‘untrusted’ qube is compromised, your banking activities will remain secure.”
|
||||
|
||||
- Historical note: The term “qube” was originally invented as an alternative to “VM” intended to make it easier for less technical users to understand Qubes OS and learn how to use it.
|
||||
|
||||
|
||||
|
||||
Qubes OS
|
||||
--------
|
||||
|
||||
|
||||
A security-oriented operating system (OS). The main principle of Qubes OS is security by compartmentalization (or isolation), in which activities are compartmentalized (or isolated) in separate `qubes <#qube>`__.
|
||||
|
||||
- **Important:** The official name is “Qubes OS” (note the capitalization and the space between “Qubes” and “OS”). In casual conversation, this is often shortened to “Qubes.” Only in technical contexts where spaces are not permitted (e.g., in usernames) may the space be omitted, as in ``@QubesOS``.
|
||||
|
||||
|
||||
|
||||
Qubes Windows Tools (QWT)
|
||||
-------------------------
|
||||
|
||||
|
||||
A set of programs and drivers that provide integration of Windows qubes with the rest of the Qubes OS system.
|
||||
|
||||
See :doc:`Qubes Windows Tools </user/templates/windows/qubes-windows-tools-4-0>` and :doc:`Windows </user/templates/windows/windows>`.
|
||||
|
||||
service qube
|
||||
------------
|
||||
|
||||
|
||||
Any `app qube <#app-qube>`__ the primary purpose of which is to provide services to other qubes. ``sys-net`` and ``sys-firewall`` are examples of service qubes.
|
||||
|
||||
standalone
|
||||
----------
|
||||
|
||||
|
||||
Any `qube <#qube>`__ that has its own root filesystem and does not share it with another qube. Distinct from both `templates <#template>`__ and `app qubes <#app-qube>`__.
|
||||
|
||||
See :doc:`Standalones and HVMs </user/advanced-topics/standalones-and-hvms>`.
|
||||
|
||||
- Previously known as: ``StandaloneVM``.
|
||||
|
||||
|
||||
|
||||
template
|
||||
--------
|
||||
|
||||
|
||||
Any `qube <#qube>`__ that shares its root filesystem with another qube. A qube that is borrowing a template’s root filesystem is known as an `app qube <#app-qube>`__ and is said to be “based on” the template. Templates are intended for installing and updating software applications, but not for running them.
|
||||
|
||||
See :doc:`Templates </user/templates/templates>`.
|
||||
|
||||
- No template is an `app qube <#app-qube>`__.
|
||||
|
||||
- A template cannot be based on another template.
|
||||
|
||||
- Regular templates cannot function as `disposable templates <#disposable-template>`__. (Disposable templates must be app qubes.)
|
||||
|
||||
- Previously known as: ``TemplateVM``.
|
||||
|
||||
|
||||
|
||||
VM
|
||||
--
|
||||
|
||||
|
||||
An abbreviation for “virtual machine.” A software implementation of a computer that provides the functionality of a physical machine.
|
||||
VM
|
||||
An abbreviation for “virtual machine.” A software implementation of a computer that provides the functionality of a physical machine.
|
||||
|
|
|
|||
|
|
@ -3,9 +3,9 @@ Templates
|
|||
=========
|
||||
|
||||
|
||||
In :doc:`Getting Started </introduction/getting-started>`, we covered the distinction in Qubes OS between where you *install* your software and where you *run* your software. Software that you use in most everyday tasks, is installed within :ref:`templates <user/reference/glossary:template>`. When using Qubes OS, you normally work in :ref:`app qubes <user/reference/glossary:app qube>`. App qubes are based on a *template* qube (or more simply, just *a template*). They inherit most of the `“root filesystem” <https://opensource.com/life/16/10/introduction-linux-filesystems>`__, from the template. Changes you make to the root filesystem are not written back to the template: if you install an application in an app qube it will disappear when you shut down the qube. (You may be able to work round this by using Flatpak or snap packages, which install to the user’s home directory.) The user home directory *is* specific to the app qube, and changes there are kept. There is a full explanation of this `below <#inheritance-and-persistence>`__.
|
||||
In :doc:`Getting Started </introduction/getting-started>`, we covered the distinction in Qubes OS between where you *install* your software and where you *run* your software. Software that you use in most everyday tasks, is installed within :term:`templates <template>`. When using Qubes OS, you normally work in :term:`app qubes <app qube>`. App qubes are based on a *template* qube (or more simply, just *a template*). They inherit most of the `“root filesystem” <https://opensource.com/life/16/10/introduction-linux-filesystems>`__, from the template. Changes you make to the root filesystem are not written back to the template: if you install an application in an app qube it will disappear when you shut down the qube. (You may be able to work round this by using Flatpak or snap packages, which install to the user’s home directory.) The user home directory *is* specific to the app qube, and changes there are kept. There is a full explanation of this `below <#inheritance-and-persistence>`__.
|
||||
|
||||
If you use a :ref:`Standalone <user/reference/glossary:standalone>`, the **whole filesystem** is specific to the standalone, and every change you make will be kept after shutdown.
|
||||
If you use a :term:`Standalone <standalone>`, the **whole filesystem** is specific to the standalone, and every change you make will be kept after shutdown.
|
||||
|
||||
The template system has significant benefits:
|
||||
|
||||
|
|
@ -196,7 +196,7 @@ When you install a new template or :ref:`upgrade <user/how-to-guides/how-to-upda
|
|||
|
||||
1. **Make the new template the default template.** In the App Menu, go to Qubes Tools, then click on Qubes Global Settings. In the Qube Defaults section, next to Template, select the new template from the drop-down list. Press OK.
|
||||
|
||||
2. **Base your** :ref:`disposable templates <user/reference/glossary:disposable template>` **on the new template.**
|
||||
2. **Base your** :term:`disposable templates <disposable template>` **on the new template.**
|
||||
|
||||
- If your only keyboard and mouse are *not* connected through a :doc:`USB qube </user/advanced-topics/usb-qubes>`, or that USB qube is *not* a disposable, then shut down all disposables. In the App Menu, go to Qubes Tools, then click on Qube Manager. In the Qube Manager, find your disposable template(s). (By default, they end in ``-dvm``.) Right click, hover over Template, then click on the new template. Repeat for each disposable template.
|
||||
|
||||
|
|
@ -246,20 +246,20 @@ Once an app qube has been created, any changes in its ``/home``, ``/usr/local``,
|
|||
* - Qube Type
|
||||
- Inheritance :superscript:`1`
|
||||
- Persistence :superscript:`2`
|
||||
* - :ref:`template <user/reference/glossary:template>`
|
||||
* - :term:`template`
|
||||
- N/A (templates cannot be based on templates)
|
||||
- everything
|
||||
* - :ref:`app qubes <user/reference/glossary:app qube>`:superscript:`3`
|
||||
* - :term:`app qubes <app qube>`:superscript:`3`
|
||||
- ``/etc/skel`` to ``/home``; ``/usr/local.orig`` to ``/usr/local``
|
||||
- ``/rw`` (includes ``/home``, ``/usr/local``, and ``bind-dirs``)
|
||||
* - :ref:`disposable <user/reference/glossary:disposable>`
|
||||
* - :term:`disposable`
|
||||
- ``/rw`` (includes ``/home``, ``/usr/local``, and ``bind-dirs``)
|
||||
- nothing
|
||||
|
||||
|
||||
| :superscript:`1` Upon creation
|
||||
| :superscript:`2` Following shutdown
|
||||
| :superscript:`3` Includes :ref:`disposable templates <user/reference/glossary:disposable template>`
|
||||
| :superscript:`3` Includes :term:`disposable templates <disposable template>`
|
||||
|
||||
|
||||
Trusting your templates
|
||||
|
|
@ -272,7 +272,7 @@ There are several ways to deal with this problem:
|
|||
|
||||
- Only install packages from trusted sources – e.g. from the pre-configured Fedora repositories. All those packages are signed by Fedora, and we expect that at least the package’s installation scripts are not malicious. This is enforced by default (at the :doc:`firewall qube level </user/security-in-qubes/firewall>`), by not allowing any networking connectivity in the default template, except for access to the Fedora repos.
|
||||
|
||||
- Use :ref:`standalones <user/reference/glossary:standalone>` (see below) for installation of untrusted software packages.
|
||||
- Use :term:`standalones <standalone>` (see below) for installation of untrusted software packages.
|
||||
|
||||
- Use multiple templates (see below) for different classes of domains, e.g. a less trusted template, used for creation of less trusted app qubes, would get various packages from less trusted vendors, while the template used for more trusted app qubes will only get packages from the standard Fedora repos.
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue