It is needed for VM clone operation: we have volume.Import, but not
volume.Export - at least not yet. And doing export+import would be very
inefficient, especially on smart storage pools (like LVM).
Partial rewrite of the page, mainly the last Kali TemplateVM section to:
- add missing steps in TemplateVM creation (ex: trimming to optimize disk space usage)
- correct inconsistent file names across subsections, which made the instruction nonfunctional "as-it"
- match shell commands with textual instructions
- remove unused, duplicate or wrongly formatted links /references
- enhance consistency in commands and style used within the same section
- enhance consistency in commands and style with other pages (ex: Qubes' Basics and Common Tasks, Fedora 23 to Fedora 24 upgrade, etc.)
- better follow Qubes Glossary and Documentation Guidelines
- have a hierarchical succession of headers / section titles
1. Drop separate admin.vm.microphone.* calls - lets use
admin.vm.device.mic.* for this. Yes, this means microphone cannot
be attached to multiple VMs at the same time (which is regression vs
Qubes 3.2). But this is a good thing from security point of view.
2. Drop admin.backup.Restore - use standard Admin API methods
(admin.vm.Create, admin.vm.volume.Import etc)
Cc: @kalkin
Did some prosaic editing:
* Removed unnecessary parentheses
* Shortened long sentences
* Wording changes.
* Removed restatements of earlier sentences
Also, this document made the following error about cooperative covert leaking channels in Qubes OS:
> It is likely that the only way to **fully protect against leaks of type 1** and 2 is to either pause or shut down all other VMs while performing sensitive operations in the target VM(s) (such as key generation).
This is wrong. Closing the other VMs while performing such important activities does nothing to stop leaks in type 1, assuming you turn the other VMs back on at some point. The (presumably compromised) AppVM in question can easily write the information it needs to leak down until the other Qubes come back online. Inserted a new sentence clarifying this.
