mirror of
https://github.com/QubesOS/qubes-doc.git
synced 2024-12-19 20:54:33 -05:00
296 lines
8.7 KiB
ReStructuredText
296 lines
8.7 KiB
ReStructuredText
========
|
||
Glossary
|
||
========
|
||
|
||
|
||
admin qube
|
||
----------
|
||
|
||
|
||
A type of `qube <#qube>`__ used for administering Qubes OS.
|
||
|
||
- Currently, the only admin qube is `dom0 <#dom0>`__.
|
||
|
||
|
||
|
||
app qube
|
||
--------
|
||
|
||
|
||
Any `qube <#qube>`__ that does not have a root filesystem of its own.
|
||
Every app qube is based on a `template <#template>`__ from which it
|
||
borrows the root filesystem.
|
||
|
||
- Previously known as: ``AppVM``, ``TemplateBasedVM``.
|
||
|
||
- Historical note: This term originally meant “a qube intended for
|
||
running user software applications” (hence the name “app”).
|
||
|
||
|
||
|
||
disposable
|
||
----------
|
||
|
||
|
||
A type of temporary `app qube <#app-qube>`__ that self-destructs when
|
||
its originating window closes. Each disposable is based on a `disposable template <#disposable-template>`__.
|
||
|
||
See :doc:`How to Use Dispoables </user/how-to-guides/how-to-use-disposables>`.
|
||
|
||
- Previously known as: ``DisposableVM``, ``DispVM``.
|
||
|
||
|
||
|
||
disposable template
|
||
-------------------
|
||
|
||
|
||
Any `app qube <#app-qube>`__ on which `disposables <#disposable>`__ are
|
||
based. A disposable template shares its user directories (and,
|
||
indirectly, the root filesystem of the regular `template <#template>`__
|
||
on which it is based) with all `disposables <#disposable>`__ based on
|
||
it.
|
||
|
||
- Not to be confused with the concept of a regular
|
||
`template <#template>`__ that is itself disposable, which does not
|
||
exist in Qubes OS.
|
||
|
||
- Disposable templates must be app qubes. They cannot be regular
|
||
`templates <#template>`__.
|
||
|
||
- Every `disposable <#disposable>`__ is based on a disposable template,
|
||
which is in turn based on a regular `template <#template>`__.
|
||
|
||
- Unlike `disposables <#disposable>`__, disposable templates have the
|
||
persistence properties of normal `app qubes <#app-qube>`__.
|
||
|
||
- Previously known as: ``DisposableVM Template``, ``DVM Template``,
|
||
``DVM``.
|
||
|
||
|
||
|
||
dom0
|
||
----
|
||
|
||
|
||
`Domain <#domain>`__ zero. A type of `admin qube <#admin-qube>`__. Also
|
||
known as the **host** domain, dom0 is the initial qube started by the
|
||
Xen hypervisor on boot. Dom0 runs the Xen management toolstack and has
|
||
special privileges relative to other domains, such as direct access to
|
||
most hardware.
|
||
|
||
- The term “dom0” is a common noun and should follow the capitalization
|
||
rules of common nouns.
|
||
|
||
|
||
|
||
domain
|
||
------
|
||
|
||
|
||
In Xen, a synonym for `VM <#vm>`__.
|
||
|
||
See `“domain” on the Xen Wiki <https://wiki.xenproject.org/wiki/Domain>`__.
|
||
|
||
- This term has no official meaning in Qubes OS.
|
||
|
||
|
||
|
||
domU
|
||
----
|
||
|
||
|
||
Unprivileged `domain <#domain>`__. Also known as **guest** domains,
|
||
domUs are the counterparts to dom0. In Xen, all VMs except dom0 are
|
||
domUs. By default, most domUs lack direct hardware access.
|
||
|
||
- The term “domU” is a common noun and should follow the capitalization
|
||
rules of common nouns.
|
||
|
||
- Sometimes the term `VM <#vm>`__ is used as a synonym for domU. This
|
||
is technically inaccurate, as `dom0 <#dom0>`__ is also a VM in Xen.
|
||
|
||
|
||
|
||
HVM
|
||
---
|
||
|
||
|
||
Hardware-assisted Virtual Machine. Any fully virtualized, or
|
||
hardware-assisted, `VM <#vm>`__ utilizing the virtualization extensions
|
||
of the host CPU. Although HVMs are typically slower than paravirtualized
|
||
qubes due to the required emulation, HVMs allow the user to create
|
||
domains based on any operating system.
|
||
|
||
See :doc:`Standalones and HVM </user/advanced-topics/standalones-and-hvms>`.
|
||
|
||
management qube
|
||
---------------
|
||
|
||
|
||
A `qube <#qube>`__ used for automated management of a Qubes OS
|
||
installation via :doc:`Salt </user/advanced-topics/salt>`.
|
||
|
||
named disposable
|
||
----------------
|
||
|
||
|
||
A type of `disposable <#disposable>`__ given a permanent name that
|
||
continues to exist even after it is shut down and can be restarted
|
||
again. Like a regular `disposable <#disposable>`__, a named disposable
|
||
has no persistent state: Any changes made are lost when it is shut down.
|
||
|
||
- Only one instance of a named disposable can run at a time.
|
||
|
||
- Like a regular `disposable <#disposable>`__, a named disposable
|
||
always has the same state when it starts, namely that of the
|
||
`disposable template <#disposable-template>`__ on which it is based.
|
||
|
||
- Technical note: Named disposables are useful for certain `service qubes <#service-qube>`__, where the combination of persistent device
|
||
assignment and ephemeral qube state is desirable.
|
||
|
||
|
||
|
||
net qube
|
||
--------
|
||
|
||
|
||
Internally known as ``netvm``. The property of a `qube <#qube>`__ that
|
||
specifies from which qube, if any, it receives network access. Despite
|
||
the name, “net qube” (or ``netvm``) is a *property* of a qube, not a
|
||
*type* of qube. For example, it is common for the net qube of an `app qube <#app-qube>`__ to be the `service qube <#service-qube>`__
|
||
``sys-firewall``, which in turn uses ``sys-net`` as its net qube.
|
||
|
||
- If a qube does not have a net qube (i.e., its ``netvm`` is set to
|
||
``None``), then that qube is offline. It is disconnected from all
|
||
networking.
|
||
|
||
- The name ``netvm`` derives from “Networking Virtual Machine.” Before
|
||
Qubes 4.0, there was a type of `service qube <#service-qube>`__
|
||
called a “NetVM.” The name of the ``netvm`` property is a holdover
|
||
from that era.
|
||
|
||
|
||
|
||
policies
|
||
--------
|
||
|
||
| In Qubes OS, “policies” govern interactions between qubes, powered by
|
||
`Qubes’ qrexec system <https://www.qubes-os.org/doc/qrexec/>`__. A
|
||
single policy is a rule applied to a qube or set of qubes, that
|
||
governs how and when information or assets may be shared with other
|
||
qubes.
|
||
| An example is the rules governing how files can be copied between
|
||
qubes.
|
||
| Policy rules are grouped together in files under
|
||
``/etc/qubes/policy.d``
|
||
| Policies are an important part of what makes Qubes OS special.
|
||
|
||
|
||
qube
|
||
----
|
||
|
||
|
||
A secure compartment in Qubes OS. Currently, qubes are implemented as
|
||
Xen `VMs <#vm>`__, but Qubes OS is independent of its underlying
|
||
compartmentalization technology. VMs could be replaced with a different
|
||
technology, and qubes would still be called “qubes.”
|
||
|
||
- **Important:** The term “qube” is a common noun and should follow the
|
||
capitalization rules of common nouns. For example, “I have three
|
||
qubes” is correct, while “I have three Qubes” is incorrect.
|
||
|
||
- Note that starting a sentence with the plural of “qube” (i.e.,
|
||
“Qubes…”) can be ambiguous, since it may not be clear whether the
|
||
referent is a plurality of qubes or `Qubes OS <#qubes-os>`__.
|
||
|
||
- Example usage: “In Qubes OS, you do your banking in your ‘banking’
|
||
qube and your web surfing in your ‘untrusted’ qube. That way, if your
|
||
‘untrusted’ qube is compromised, your banking activities will remain
|
||
secure.”
|
||
|
||
- Historical note: The term “qube” was originally invented as an
|
||
alternative to “VM” intended to make it easier for less technical
|
||
users to understand Qubes OS and learn how to use it.
|
||
|
||
|
||
|
||
Qubes OS
|
||
--------
|
||
|
||
|
||
A security-oriented operating system (OS). The main principle of Qubes
|
||
OS is security by compartmentalization (or isolation), in which
|
||
activities are compartmentalized (or isolated) in separate
|
||
`qubes <#qube>`__.
|
||
|
||
- **Important:** The official name is “Qubes OS” (note the
|
||
capitalization and the space between “Qubes” and “OS”). In casual
|
||
conversation, this is often shortened to “Qubes.” Only in technical
|
||
contexts where spaces are not permitted (e.g., in usernames) may the
|
||
space be omitted, as in ``@QubesOS``.
|
||
|
||
|
||
|
||
Qubes Windows Tools (QWT)
|
||
-------------------------
|
||
|
||
|
||
A set of programs and drivers that provide integration of Windows qubes
|
||
with the rest of the Qubes OS system.
|
||
|
||
See :doc:`Qubes Windows Tools </user/templates/windows/qubes-windows-tools-4-0>` and
|
||
:doc:`Windows </user/templates/windows/windows>`.
|
||
|
||
service qube
|
||
------------
|
||
|
||
|
||
Any `app qube <#app-qube>`__ the primary purpose of which is to provide
|
||
services to other qubes. ``sys-net`` and ``sys-firewall`` are examples
|
||
of service qubes.
|
||
|
||
standalone
|
||
----------
|
||
|
||
|
||
Any `qube <#qube>`__ that has its own root filesystem and does not share
|
||
it with another qube. Distinct from both `templates <#template>`__ and
|
||
`app qubes <#app-qube>`__.
|
||
|
||
See :doc:`Standalones and HVMs </user/advanced-topics/standalones-and-hvms>`.
|
||
|
||
- Previously known as: ``StandaloneVM``.
|
||
|
||
|
||
|
||
template
|
||
--------
|
||
|
||
|
||
Any `qube <#qube>`__ that shares its root filesystem with another qube.
|
||
A qube that is borrowing a template’s root filesystem is known as an
|
||
`app qube <#app-qube>`__ and is said to be “based on” the template.
|
||
Templates are intended for installing and updating software
|
||
applications, but not for running them.
|
||
|
||
See :doc:`Templates </user/templates/templates>`.
|
||
|
||
- No template is an `app qube <#app-qube>`__.
|
||
|
||
- A template cannot be based on another template.
|
||
|
||
- Regular templates cannot function as `disposable templates <#disposable-template>`__. (Disposable templates must be
|
||
app qubes.)
|
||
|
||
- Previously known as: ``TemplateVM``.
|
||
|
||
|
||
|
||
VM
|
||
--
|
||
|
||
|
||
An abbreviation for “virtual machine.” A software implementation of a
|
||
computer that provides the functionality of a physical machine.
|