From 53c88384fee160497a9d622e97b88c8732e8222e Mon Sep 17 00:00:00 2001 From: awokd <34515595+awokd@users.noreply.github.com> Date: Sun, 28 Jan 2018 19:02:24 +0000 Subject: [PATCH 1/5] Dispvm 4.0 updates Sourced primarily from https://github.com/QubesOS/qubes-issues/issues/2253 and https://groups.google.com/forum/?_escaped_fragment_=topic/qubes-devel/UGh8NDdkrXo#!topic/qubes-devel/UGh8NDdkrXo --- common-tasks/dispvm.md | 40 +++++++++++++++++++++++++++++++++++----- 1 file changed, 35 insertions(+), 5 deletions(-) diff --git a/common-tasks/dispvm.md b/common-tasks/dispvm.md index 3dc72eaa..edbd13c9 100644 --- a/common-tasks/dispvm.md +++ b/common-tasks/dispvm.md @@ -20,7 +20,31 @@ Once a DispVM has been created it will appear in Qubes VM Manager with the name See [this article](https://blog.invisiblethings.org/2010/06/01/disposable-vms.html) for more on why one would want to use a Disposable VM. -Disposable VMs and Networking +Disposable VMs and Networking (R4.0 and later) +----------------------------- + + +R4.0 introduces the concept of multiple disposable VM templates (R3.2 was limited to one). +This allows for the creation of multiple differently configured disposable VMs that can be accessed from +the Applications menu (e.g. `fedora-XX-dvm`). Even more types of DispVMs can be created on-the-fly on a per AppVM basis. +As you can see, this is a very flexible and powerful system for managing your Disposable VMs. + +NetVM and firewall rules for Disposable VMs can be set as they can for a normal VM. +By default a DispVM will inherit the NetVM and firewall settings of the DispVM Template from which it is built. +Thus if an AppVM uses sys-net as its NetVM, but the default system DispVM uses sys-whonix, +any DispVM launched from this AppVM will have sys-whonix as its NetVM. +The default system wide DispVM template can be changed with `qubes-prefs default_dispvm`. +You can change this behaviour for individual VMs: in the Application Menu, open Qube Settings +for the VM in question and go to the "Advanced" tab. +Here you can edit the "Default DispVM" setting to specify which DispVM template will be used to launch DispVMs from that VM. +Disposable VMs will temporarily appear with the name `disp####`. + +A Disposable VM launched from the Start Menu inherits the NetVM and firewall settings of the [DVM Template](https://www.qubes-os.org/doc/glossary/#dvm-template) from which it is built. +By default the DVM template is called `fedora-XX-dvm` (where `XX` is the Fedora version of the default TemplateVM). +As an "internal" VM it is hidden in Qubes VM Manager, but can be shown by selecting "Show/Hide internal VMs". +Note that changing the "NetVM" setting for the DVM Template *does* affect the NetVM of DispVMs launched from the Start Menu. + +Disposable VMs and Networking (R3.2 and earlier) ----------------------------- NetVM and firewall rules for Disposable VMs can be set as they can for a normal VM. @@ -49,7 +73,7 @@ Opening a fresh web browser instance in a new Disposable VM ----------------------------------------------------------- Sometimes it is desirable to open an instance of Firefox within a new fresh Disposable VM. -This can be done easily using the Start Menu: just go to Start -\> System Tools -\> DispVM:Firefox web browser. +This can be done easily using the Start Menu: just go to **Application Menu -\> DisposableVM -\> DispVM:Firefox web browser**. Wait a few seconds until a web browser starts. Once you close the viewing application the whole Disposable VM will be destroyed. @@ -75,7 +99,7 @@ Sometimes it can be useful to start an arbitrary program in a DispVM. This can b [user@vault ~]$ qvm-run '$dispvm' xterm ~~~ -The created Disposable VM can be accessed via other tools (such as `qvm-copy-to-vm`) using its "dispX" name as shown in the Qubes Manager or `qvm-ls`. +The created Disposable VM can be accessed via other tools (such as `qvm-copy-to-vm`) using its `disp####` name as shown in the Qubes Manager or `qvm-ls`. Starting an arbitrary application in a Disposable VM via command line (from Dom0) --------------------------------------------------------------------------------- @@ -83,6 +107,12 @@ Starting an arbitrary application in a Disposable VM via command line (from Dom0 The Start Menu has shortcuts for opening a terminal and a web browser in dedicated DispVMs, since these are very common tasks. However, it is possible to start an arbitrary application in a DispVM directly from Dom0 by running +R4.0 (border colour will be inherited from that set in the `dispvm-template`) +~~~ +[joanna@dom0 ~]$ qvm-run --dispvm=dispvm-template --service qubes.StartApp+xterm +~~~ + +R3.2 (border colour can be specified in the command) ~~~ [joanna@dom0 ~]$ echo xterm | /usr/lib/qubes/qfile-daemon-dvm qubes.VMShell dom0 DEFAULT red ~~~ @@ -92,8 +122,8 @@ However, it is possible to start an arbitrary application in a DispVM directly f Customizing Disposable VMs -------------------------- -You can change the template used to generate the Disposable VM, and change settings used in the Disposable VM savefile. -These changes will be reflected in every new Disposable VM. +You can change the template used to generate the Disposable VMs, and change settings used in the Disposable VM savefile. +These changes will be reflected in every new Disposable VM spawned from that template. Full instructions can be found [here](/doc/dispvm-customization/). Disposable VMs and Local Forensics From 59279c22826e4d676952c4f96d10e1ba77c31b86 Mon Sep 17 00:00:00 2001 From: awokd <34515595+awokd@users.noreply.github.com> Date: Mon, 29 Jan 2018 14:52:51 +0000 Subject: [PATCH 2/5] Update dispvm.md --- common-tasks/dispvm.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/common-tasks/dispvm.md b/common-tasks/dispvm.md index edbd13c9..816819d1 100644 --- a/common-tasks/dispvm.md +++ b/common-tasks/dispvm.md @@ -26,7 +26,7 @@ Disposable VMs and Networking (R4.0 and later) R4.0 introduces the concept of multiple disposable VM templates (R3.2 was limited to one). This allows for the creation of multiple differently configured disposable VMs that can be accessed from -the Applications menu (e.g. `fedora-XX-dvm`). Even more types of DispVMs can be created on-the-fly on a per AppVM basis. +the Applications menu. Even more types of DispVMs can be created on-the-fly on a per AppVM basis. As you can see, this is a very flexible and powerful system for managing your Disposable VMs. NetVM and firewall rules for Disposable VMs can be set as they can for a normal VM. @@ -41,7 +41,6 @@ Disposable VMs will temporarily appear with the name `disp####`. A Disposable VM launched from the Start Menu inherits the NetVM and firewall settings of the [DVM Template](https://www.qubes-os.org/doc/glossary/#dvm-template) from which it is built. By default the DVM template is called `fedora-XX-dvm` (where `XX` is the Fedora version of the default TemplateVM). -As an "internal" VM it is hidden in Qubes VM Manager, but can be shown by selecting "Show/Hide internal VMs". Note that changing the "NetVM" setting for the DVM Template *does* affect the NetVM of DispVMs launched from the Start Menu. Disposable VMs and Networking (R3.2 and earlier) From ce15b9d05e97865b0af17eccfb61f54ee84a546b Mon Sep 17 00:00:00 2001 From: awokd <34515595+awokd@users.noreply.github.com> Date: Fri, 9 Feb 2018 12:12:21 +0000 Subject: [PATCH 3/5] reword and reorganize 4.0 content --- common-tasks/dispvm.md | 62 ++++++++++++++++++++++++++---------------- 1 file changed, 39 insertions(+), 23 deletions(-) diff --git a/common-tasks/dispvm.md b/common-tasks/dispvm.md index 816819d1..11c74be5 100644 --- a/common-tasks/dispvm.md +++ b/common-tasks/dispvm.md @@ -11,37 +11,54 @@ redirect_from: Disposable VMs (DispVMs) ======================== -A Disposable VM (DispVM) is a lightweight VM that can be created quickly and will disappear when closed. -Disposable VMs are usually created in order to host a single application, like a viewer, editor, or web browser. -Changes made to a file opened in a Disposable VM are passed back to the originating VM. -This means that you can safely work with untrusted files without risk of compromising your other VMs. -DispVMs can be created either directly from Dom0 or from within AppVMs. -Once a DispVM has been created it will appear in Qubes VM Manager with the name "dispX". +A Disposable VM (DispVM) is a lightweight VM that can be created quickly and will disappear when closed. +Disposable VMs are usually created in order to host a single application, like a viewer, editor, or web browser. + +From inside an AppVM, choosing the `Open in Disposable VM` option on a file will launch a DispVM for just that file. +Changes made to a file opened in a DispVM are passed back to the originating VM. +This means that you can safely work with untrusted files without risk of compromising your other VMs. +DispVMs can be launched either directly from Dom0's Start Menu or terminal window, or from within AppVMs. +While running, DispVMs will appear in Qubes VM Manager with the name `disp####`. See [this article](https://blog.invisiblethings.org/2010/06/01/disposable-vms.html) for more on why one would want to use a Disposable VM. + +DVM Templates +---------- + +Similarly to how AppVMs are based on their underlying [TemplateVM](https://www.qubes-os.org/doc/glossary/#templatevm), DispVMs are based on their underlying [DVM Template](https://www.qubes-os.org/doc/glossary/#dvm-template). + +On a fresh installation of Qubes, the DVM template is called `fedora-XX-dvm` (where `XX` is the Fedora version of the default TemplateVM). + Disposable VMs and Networking (R4.0 and later) ----------------------------- +R4.0 introduces the concept of multiple disposable VM templates, whereas R3.2 was limited to only one. +You can set any AppVM to have the ability to act as a DVM Template with: -R4.0 introduces the concept of multiple disposable VM templates (R3.2 was limited to one). -This allows for the creation of multiple differently configured disposable VMs that can be accessed from -the Applications menu. Even more types of DispVMs can be created on-the-fly on a per AppVM basis. -As you can see, this is a very flexible and powerful system for managing your Disposable VMs. + qvm-prefs template_for_dispvms true -NetVM and firewall rules for Disposable VMs can be set as they can for a normal VM. -By default a DispVM will inherit the NetVM and firewall settings of the DispVM Template from which it is built. -Thus if an AppVM uses sys-net as its NetVM, but the default system DispVM uses sys-whonix, -any DispVM launched from this AppVM will have sys-whonix as its NetVM. -The default system wide DispVM template can be changed with `qubes-prefs default_dispvm`. -You can change this behaviour for individual VMs: in the Application Menu, open Qube Settings -for the VM in question and go to the "Advanced" tab. +The default system wide DVM template can be changed with `qubes-prefs default_dispvm`. +By combining the two, choosing `Open in Disposable VM` from inside an AppVM will open the document in a DispVM based on the default DVM template you specified. + +You can change this behaviour for individual VMs: in the Application Menu, open Qube Settings for the VM in question and go to the "Advanced" tab. Here you can edit the "Default DispVM" setting to specify which DispVM template will be used to launch DispVMs from that VM. -Disposable VMs will temporarily appear with the name `disp####`. +This can also be changed from the command line with: -A Disposable VM launched from the Start Menu inherits the NetVM and firewall settings of the [DVM Template](https://www.qubes-os.org/doc/glossary/#dvm-template) from which it is built. -By default the DVM template is called `fedora-XX-dvm` (where `XX` is the Fedora version of the default TemplateVM). -Note that changing the "NetVM" setting for the DVM Template *does* affect the NetVM of DispVMs launched from the Start Menu. + qvm-prefs default_dispvm + +You can even set an AppVM that has also been configured as a DVM template to use itself, so DispVMs launched from within the AppVM/DVM Template would inherit the same settings. + +NetVM and firewall rules for DVM templates can be set as they can for a normal VM. +By default a DispVM will inherit the NetVM and firewall settings of the DVM Template on which it is based. +Launching a DispVM from an AppVM will result in it using the DispVM's network/firewall settings (which default to the DVM template on which it is based). +Thus if an AppVM uses sys-net as its NetVM, but the default system DispVM uses sys-whonix, any DispVM launched from this AppVM will have sys-whonix as its NetVM. + +**Note** The opposite is also true. This means if the default system DispVM uses sys-net, launching a DispVM from inside anon-whonix will result in the DispVM using sys-net. + +A Disposable VM launched from the Start Menu inherits the NetVM and firewall settings of the DVM Template on which it is based. +Note that changing the "NetVM" setting for the system default DVM Template *does* affect the NetVM of DispVMs launched from the Start Menu. +Different DVM Templates with individual NetVM settings can be added to the Start Menu. Disposable VMs and Networking (R3.2 and earlier) ----------------------------- @@ -52,8 +69,7 @@ Thus if an AppVM uses sys-net as its NetVM, any DispVM launched from this AppVM You can change this behaviour for individual VMs: in Qubes VM Manager open VM Settings for the VM in question and go to the "Advanced" tab. Here you can edit the "NetVM for DispVM" setting to change the NetVM of any DispVM launched from that VM. -A Disposable VM launched from the Start Menu inherits the NetVM of the [DVM Template](https://www.qubes-os.org/doc/glossary/#dvm-template). -By default the DVM template is called `fedora-XX-dvm` (where `XX` is the Fedora version of the default TemplateVM). +A Disposable VM launched from the Start Menu inherits the NetVM of the [DVM Template](https://www.qubes-os.org/doc/glossary/#dvm-template). As an "internal" VM it is hidden in Qubes VM Manager, but can be shown by selecting "Show/Hide internal VMs". Note that changing the "NetVM for DispVM" setting for the DVM Template does *not* affect the NetVM of DispVMs launched from the Start Menu; only changing the DVM Template's own NetVM does. From 82163602b2e253fed479c40b1df7e3fda0625285 Mon Sep 17 00:00:00 2001 From: awokd <34515595+awokd@users.noreply.github.com> Date: Fri, 9 Feb 2018 12:23:01 +0000 Subject: [PATCH 4/5] /doc/glossary/#dvm-template --- common-tasks/dispvm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common-tasks/dispvm.md b/common-tasks/dispvm.md index 11c74be5..601d6168 100644 --- a/common-tasks/dispvm.md +++ b/common-tasks/dispvm.md @@ -69,7 +69,7 @@ Thus if an AppVM uses sys-net as its NetVM, any DispVM launched from this AppVM You can change this behaviour for individual VMs: in Qubes VM Manager open VM Settings for the VM in question and go to the "Advanced" tab. Here you can edit the "NetVM for DispVM" setting to change the NetVM of any DispVM launched from that VM. -A Disposable VM launched from the Start Menu inherits the NetVM of the [DVM Template](https://www.qubes-os.org/doc/glossary/#dvm-template). +A Disposable VM launched from the Start Menu inherits the NetVM of the [DVM Template](/doc/glossary/#dvm-template). As an "internal" VM it is hidden in Qubes VM Manager, but can be shown by selecting "Show/Hide internal VMs". Note that changing the "NetVM for DispVM" setting for the DVM Template does *not* affect the NetVM of DispVMs launched from the Start Menu; only changing the DVM Template's own NetVM does. From 697775fcf823db2f0b33bbe51d8c75d2309da00a Mon Sep 17 00:00:00 2001 From: awokd <34515595+awokd@users.noreply.github.com> Date: Sat, 10 Feb 2018 11:44:43 +0000 Subject: [PATCH 5/5] additional 4.0 revisions --- common-tasks/dispvm.md | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/common-tasks/dispvm.md b/common-tasks/dispvm.md index 601d6168..31e477a6 100644 --- a/common-tasks/dispvm.md +++ b/common-tasks/dispvm.md @@ -23,38 +23,38 @@ While running, DispVMs will appear in Qubes VM Manager with the name `disp####`. See [this article](https://blog.invisiblethings.org/2010/06/01/disposable-vms.html) for more on why one would want to use a Disposable VM. -DVM Templates ----------- - -Similarly to how AppVMs are based on their underlying [TemplateVM](https://www.qubes-os.org/doc/glossary/#templatevm), DispVMs are based on their underlying [DVM Template](https://www.qubes-os.org/doc/glossary/#dvm-template). - -On a fresh installation of Qubes, the DVM template is called `fedora-XX-dvm` (where `XX` is the Fedora version of the default TemplateVM). - Disposable VMs and Networking (R4.0 and later) ----------------------------- -R4.0 introduces the concept of multiple disposable VM templates, whereas R3.2 was limited to only one. +Similarly to how AppVMs are based on their underlying [TemplateVM](https://www.qubes-os.org/doc/glossary/#templatevm), DispVMs are based on their underlying [DVM Template](https://www.qubes-os.org/doc/glossary/#dvm-template). +R4.0 introduces the concept of multiple DVM Templates, whereas R3.2 was limited to only one. + +On a fresh installation of Qubes, the default DVM Template is called `fedora-XX-dvm` (where `XX` is the Fedora version of the default TemplateVM). +If you have included the Whonix option in your install, there will also be a `whonix-ws-dvm` DVM Template available for your use. + You can set any AppVM to have the ability to act as a DVM Template with: qvm-prefs template_for_dispvms true -The default system wide DVM template can be changed with `qubes-prefs default_dispvm`. -By combining the two, choosing `Open in Disposable VM` from inside an AppVM will open the document in a DispVM based on the default DVM template you specified. +The default system wide DVM Template can be changed with `qubes-prefs default_dispvm`. +By combining the two, choosing `Open in Disposable VM` from inside an AppVM will open the document in a DispVM based on the default DVM Template you specified. You can change this behaviour for individual VMs: in the Application Menu, open Qube Settings for the VM in question and go to the "Advanced" tab. -Here you can edit the "Default DispVM" setting to specify which DispVM template will be used to launch DispVMs from that VM. +Here you can edit the "Default DispVM" setting to specify which DVM Template will be used to launch DispVMs from that VM. This can also be changed from the command line with: qvm-prefs default_dispvm -You can even set an AppVM that has also been configured as a DVM template to use itself, so DispVMs launched from within the AppVM/DVM Template would inherit the same settings. +For example, `anon-whonix` has been set to use `whonix-ws-dvm` as its `default_dispvm`, instead of the system default. +You can even set an AppVM that has also been configured as a DVM Template to use itself, so DispVMs launched from within the AppVM/DVM Template would inherit the same settings. -NetVM and firewall rules for DVM templates can be set as they can for a normal VM. +NetVM and firewall rules for DVM Templates can be set as they can for a normal VM. By default a DispVM will inherit the NetVM and firewall settings of the DVM Template on which it is based. -Launching a DispVM from an AppVM will result in it using the DispVM's network/firewall settings (which default to the DVM template on which it is based). -Thus if an AppVM uses sys-net as its NetVM, but the default system DispVM uses sys-whonix, any DispVM launched from this AppVM will have sys-whonix as its NetVM. +This is a change in behaviour from R3.2, where DispVMs would inherit the settings of the AppVM from which they were launched. +Therefore, launching a DispVM from an AppVM will result in it using the network/firewall settings of the DVM Template on which it is based. +For example, if an AppVM uses sys-net as its NetVM, but the default system DispVM uses sys-whonix, any DispVM launched from this AppVM will have sys-whonix as its NetVM. -**Note** The opposite is also true. This means if the default system DispVM uses sys-net, launching a DispVM from inside anon-whonix will result in the DispVM using sys-net. +**Warning:** The opposite is also true. This means if you have changed anon-whonix's `default_dispvm` to use the system default, and the system default DispVM uses sys-net, launching a DispVM from inside anon-whonix will result in the DispVM using sys-net. A Disposable VM launched from the Start Menu inherits the NetVM and firewall settings of the DVM Template on which it is based. Note that changing the "NetVM" setting for the system default DVM Template *does* affect the NetVM of DispVMs launched from the Start Menu. @@ -69,7 +69,8 @@ Thus if an AppVM uses sys-net as its NetVM, any DispVM launched from this AppVM You can change this behaviour for individual VMs: in Qubes VM Manager open VM Settings for the VM in question and go to the "Advanced" tab. Here you can edit the "NetVM for DispVM" setting to change the NetVM of any DispVM launched from that VM. -A Disposable VM launched from the Start Menu inherits the NetVM of the [DVM Template](/doc/glossary/#dvm-template). +A Disposable VM launched from the Start Menu inherits the NetVM of the [DVM Template](/doc/glossary/#dvm-template). +By default the DVM template is called `fedora-XX-dvm` (where `XX` is the Fedora version of the default TemplateVM). As an "internal" VM it is hidden in Qubes VM Manager, but can be shown by selecting "Show/Hide internal VMs". Note that changing the "NetVM for DispVM" setting for the DVM Template does *not* affect the NetVM of DispVMs launched from the Start Menu; only changing the DVM Template's own NetVM does. @@ -138,7 +139,7 @@ Customizing Disposable VMs -------------------------- You can change the template used to generate the Disposable VMs, and change settings used in the Disposable VM savefile. -These changes will be reflected in every new Disposable VM spawned from that template. +These changes will be reflected in every new Disposable VM based on that template. Full instructions can be found [here](/doc/dispvm-customization/). Disposable VMs and Local Forensics