'[qubes-devel] How to get rid of redundant (systemd) services in Debian templates?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-devel
Subject:    [qubes-devel] How to get rid of redundant (systemd) services in Debian templates?
From:       Patrick Schleizer <patrick-mailinglists () whonix ! org>
Date:       2016-03-09 21:11:24
Message-ID: 56E0917C.5050601 () riseup ! net
[Download RAW message or body]

There are three types of (systemd) services that should not start
by default (in every VM):

- those generating some sensitive (=not intended to be shared) data
(tor, ssh server, some database servers?)

- those generating potentially unwanted/unexpected network traffic
(tor, IPv6 tunneling software, VPN services, avahi, ...) It isn't only
about potentially harmful actions (like connecting to tor directly, in
some censored regions), but also about wasting network resources -
especially important on mobile connection.

- generally unneeded services in most VMs - just for saving resources
(RAM, at least) - like bluetoothd, crond, upowerd, smartd, acpid, ...
not all of them are easily removable, because of dependencies

The wider Debian upstream problem here is that Debian enables services
for installed packages by default; and that these packages/services are
not 'Qubes aware', not 'Qubes friendly' or perhaps better more
generically speaking not 'root image sharing friendly'. [open for better
terminology]

Perhaps a drastic solution would be required. Configure somehow that all
installed packages will not start their services by default. Only start
services on a whitelist / opt-in basis. This is not thought through. I
guess this could lead to some issues. And also confusion. But then the
documentation and implementation could be a lot more generic.

As opposed by an opt-in blacklist (using qvm-service). For example let's
say the ssh service was added to such a blacklist. Then the user would
have to do something like the following.

vm settings -> services -> type 'ssh' press enter -> press 'plus'

Which isn't obvious at all. Would require documentation. Would be a
usability issue. And such blacklists would never be complete so it would
only be a partial solution, workaround.

Given the situation that Debian puts us in - enabling not root image
sharing friendly services by default... What is the best, most generic
solution that Qubes can do?

Cheers,
Patrick

Credits. Parts of the above text was written my Marek and modified by me.

Source:
https://github.com/QubesOS/qubes-issues/issues/1625

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-devel" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-devel+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-devel@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-devel/56E0917C.5050601%40riseup.net. For more \
options, visit https://groups.google.com/d/optout.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic