Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2025-05-02 06:46:11 -04:00
Code Issues Projects Releases Packages Wiki Activity

Update attachment paths

Browse source
This commit is contained in:
Andrew David Wong 2021-06-18 05:02:02 -07:00
parent ba376404e0
commit e5a21f7488
No known key found for this signature in database
GPG key ID: 8CE137352A019A17
30 changed files with 107 additions and 107 deletions
Download patch file Download diff file Expand all files Collapse all files

6
developer/system/architecture.md
View file

@ -14,7 +14,7 @@ title: Architecture
Qubes implements a Security by Isolation approach. To do this, Qubes utilizes virtualization technology in order to isolate various programs from each other and even to sandbox many system-level components, such as networking and storage subsystems, so that the compromise of any of these programs or components does not affect the integrity of the rest of the system.
[![qubes-schema-v2.png](/attachment/wiki/QubesArchitecture/qubes-schema-v2.png)](/attachment/wiki/QubesArchitecture/qubes-schema-v2.png)
[![qubes-schema-v2.png](/attachment/doc/qubes-schema-v2.png)
Qubes lets the user define many security domains, which are implemented as lightweight Virtual Machines (VMs), or “AppVMs.” For example, the user can have “personal,” “work,” “shopping,” “bank,” and “random” AppVMs and can use the applications within those VMs just as if they were executing on the local machine. At the same time, however, these applications are well isolated from each other. Qubes also supports secure copy-and-paste and file sharing between the AppVMs, of course.
@ -31,7 +31,7 @@ Key Architecture features
- Qubes GUI provides isolation between apps sharing the same desktop
- Secure system boot based (optional)
(For those interested in the history of the project, [Architecture Spec v0.3 [PDF]](/attachment/wiki/QubesArchitecture/arch-spec-0.3.pdf) is the original 2009 document that started this all.
(For those interested in the history of the project, [Architecture Spec v0.3 [PDF]](/attachment/doc/arch-spec-0.3.pdf) is the original 2009 document that started this all.
Please note that this document is for historical interest only.
For the latest information, please see the rest of the [System Documentation](/doc/#system).)
@ -66,7 +66,7 @@ the Qubes system include:
And all these components are "glued together" by the Qubes Core Stack.
[![Qubes system components](/attachment/wiki/QubesArchitecture/qubes-components.png)](/attachment/wiki/QubesArchitecture/qubes-components.png)
[![Qubes system components](/attachment/doc/qubes-components.png)
This diagram illustrates the location of all these components in the overall
system architecture. Unlike the other Qubes architecture diagram above, this one

2
developer/system/gui.md
View file

@ -65,7 +65,7 @@ To sum up, this solution has the following benefits:
- no changes to Xorg code
- minimal size of the supporting code
![gui.png](/attachment/wiki/GUIdocs/gui.png)
![gui.png](/attachment/doc/gui.png)
Security markers on dom0 windows
--------------------------------

4
developer/system/networking.md
View file

@ -56,12 +56,12 @@ qvm-features ipv4-only-qube ipv6 ''
This configuration is presented below - green qubes have IPv6 access, red one does not.
![ipv6-1](/attachment/wiki/IPv6/ipv6-1.png)
![ipv6-1](/attachment/doc/ipv6-1.png)
In that case, system uplink connection have native IPv6. But in some cases it may not be true. Then some tunneling solution can be used (for example teredo). The same will apply when the user is connected to VPN service providing IPv6 support, regardless of user's internet connection.
Such configuration can be expressed by enabling `ipv6` feature only on some subset of Qubes networking, for example by creating separate qube to encapsulate IPv6 traffic and setting `ipv6` to `1` only there. See diagram below
![ipv6-2](/attachment/wiki/IPv6/ipv6-2.png)
![ipv6-2](/attachment/doc/ipv6-2.png)
Besides enabling IPv6 forwarding, standard Qubes firewall can be used to limit what network resources are available to each qube. Currently only `qvm-firewall` command support adding IPv6 rules, GUI firewall editor will have this ability later.

2
developer/system/template-implementation.md
View file

@ -49,7 +49,7 @@ TemplateVM has a shared root.img across all AppVMs that are based on it. This me
There are two layers of the device-mapper snapshot device; the first one enables modifying root.img without stopping the AppVMs and the second one, which is contained in the AppVM, enables temporal modifications to its filesystem. These modifications will be discarded after a restart of the AppVM.
![TemplateSharing2.png](/attachment/wiki/TemplateImplementation/TemplateSharing2.png)
![TemplateSharing2.png](/attachment/doc/TemplateSharing2.png)
## Snapshot device in Dom0