Merge pull request #13 from talex5/update-readme

Add more detailed installation instructions
This commit is contained in:
Thomas Leonard 2017-04-07 17:05:51 +01:00 committed by GitHub
commit d8eb7ff387

View File

@ -26,10 +26,24 @@ see [the Mirage installation instructions](https://mirage.io/wiki/install) for d
If you want to deploy manually, unpack `mirage-firewall.tar.bz2` in dom0, inside `/var/lib/qubes/vm-kernels/`. e.g. (if `dev` is the AppVM where you built it):
[tal@dom0 ~]$ cd /var/lib/qubes/vm-kernels/
[tal@dom0 vm-kernels]$ qvm-run -p dev 'cat qubes-mirage-firewall/mirage-firewall.tar.bz2' | tar xjf -
[tal@dom0 ~]$ cd /var/lib/qubes/vm-kernels/
[tal@dom0 vm-kernels]$ qvm-run -p dev 'cat qubes-mirage-firewall/mirage-firewall.tar.bz2' | tar xjf -
The tarball contains `vmlinuz`, which is the unikernel itself, plus a couple of dummy files that Qubes requires.
To configure your new firewall using the Qubes Manager GUI:
- Create a new ProxyVM named `mirage-firewall` to run the unikernel.
- You can use any template, and make it standalone or not. It doesnt matter, since we dont use the hard disk.
- Set the type to `ProxyVM`.
- Select `sys-net` for networking (not `sys-firewall`).
- Click `OK` to create the VM.
- Go to the VM settings, and look in the `Advanced` tab:
- Set the kernel to `mirage-firewall`.
- Turn off memory balancing and set the memory to 20 MB or so (you might have to fight a bit with the Qubes GUI to get it this low).
- Set VCPUs (number of virtual CPUs) to 1.
You can run `mirage-firewall` alongside your existing `sys-firewall` and you can choose which AppVMs use which firewall using the GUI.
To configure an AppVM to use it, go to the app VM's settings in the GUI and change its `NetVM` from `default (sys-firewall)` to `mirage-firewall`. Alternatively, you can configure `mirage-firewall` to be your default firewall VM.
For development, use the [test-mirage][] scripts to deploy the unikernel (`mir-qubes-firewall.xen`) from your development AppVM. e.g.