Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2025-01-13 08:19:43 -05:00
Code Issues Packages Projects Releases Wiki Activity

GettingStarted changed

Browse Source 
Some cosmetic improvements, part 1.
This commit is contained in:
Joanna Rutkowska 2012-11-26 10:41:27 +00:00
parent 6d586bb74b
commit f264c314ed
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
GettingStarted.md
View File

@ -9,22 +9,23 @@ Getting Started with Qubes OS
So, you just installed a fresh Qubes OS, huh? Let's see what your next steps could be...
What are AppVMs (domains)?
--------------------------
What are AppVMs (domains) and Template VMs?
-------------------------------------------
In Qubes you run all your programs in *domains*, also called *AppVMs*, because those domains are implemented as lightweight Virtual Machines (VMs). It's not true that every app runs in its own VM -- that would be a big waste of resources. Instead the VMs represent security domains, such as: *work*, *personal*, *banking*, *random browsing* (we call it *red*), etc. Each domain is based, by default, on the common Template VM, which means that whenever you create a new domain you don't copy all the files needed for this VM to work (such as all the programs, etc) -- you just share the root filesystem with the template VM (each VM has read-only access to the Template VM's files, so cannot modify them in any way). This means that creating many domains is cheap -- they need disk space only to hold your private files (home folder).
In Qubes you run all your programs in **domains**, also called **AppVMs**, because those domains are implemented as lightweight Virtual Machines (VMs). It's not true that every app runs in its own VM -- that would be a big waste of resources. Instead the VMs represent security domains, such as: *work*, *personal*, *banking*, etc. Each domain is based, by default, on a common **Template VM**, which means that whenever you create a new domain you don't copy the whole root filesystem needed for this AppVM to work (such as all the programs, etc) -- instead each AppVM shares the root filesystem with the template VM. Of course each AppVM has only read-only access to the Template VM's filesystem, so cannot modify it in any way. This means that creating many domains is cheap -- they need disk space only to hold your private files (such as the home folder).
If you have proceeded with the default installation options, Qubes has already pre-created 3 domains for you:
If you have proceeded with the default installation options, Qubes has already pre-created a few domains for you:
- work
- personal
- red (for all the untrusted activity, such as random web browsing)
- banking
- untrusted
Each domain, apart form having a distinct name, is also assigned a **label**, which basically is one of the several per-defined colors. These colors, which are used for drawing window decorations by the trusted Window Manager (color frames), are supposed to be user friendly, easy noticeable, indicators of how trusted a given window is. It's totally up to the user how he or she interprets these colors. For me, it has been somehow obvious to associate the red color with something that is untrusted and dangerous (the “red light” -- stop! danger!), green with something that is safe and trusted, while yellow and orange with something in the middle. I have also extended this scheme, to also include blue, and black, which I interpret as indicating progressively more trusted domains than green, with black being something ultimately trusted.
Each domain, apart from having a distinct name, is also assigned a **label**, which basically is one of the several per-defined colors. These colors, which are used for drawing window decorations by the trusted Window Manager (color frames), are supposed to be user friendly, easy noticeable, indicators of how trusted a given window is. It's totally up to the user how he or she interprets these colors. For me, it has been somehow obvious to associate the red color with something that is untrusted and dangerous (the “red light” -- stop! danger!), green with something that is safe and trusted, while yellow and orange with something in the middle. I have also extended this scheme, to also include blue, and black, which I interpret as indicating progressively more trusted domains than green, with black being something ultimately trusted.
\<screenshot of a window with decoration\>
There is, however, one special domain that is called *Dom0* which is where the Desktop Manager (currently KDE) runs, and this is where you log into. This domain doesn't have any networking connectivity and is essentially only dedicated for running the Window and Desktop Manager, nothing else.
There is, however, one special domain that is called *Dom0* which is where the Desktop Manager (currently KDE) runs, and this is where you log into. This domain doesn't have any networking connectivity and is essentially only dedicated for running the Window and Desktop Manager, nothing else. Specifically all the user applications run in AppVMs, never in Dom0.
Qubes Manager and command line tools
------------------------------------