[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-devel
Subject:    Re: [qubes-devel] DispVM design decisions for Qubes 4.0
From:       Marek =?utf-8?Q?Marczykowski-G=C3=B3recki?= <marmarek () invisiblethingslab ! com>
Date:       2016-05-17 12:41:18
Message-ID: 20160517124118.GK25975 () mail-itl
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Tue, May 17, 2016 at 02:20:07PM +0200, Joanna Rutkowska wrote:
> On Tue, May 17, 2016 at 01:57:47PM +0200, Marek Marczykowski wrote:
> > Selecting srcvm as the DispVM template will have undesired effect: that
> > DispVM will have (read-only) access to srcvm private image. Not
> > something we want...
> > 
> 
> Right, good point. Anyway, I still think we should go for the "inherit only from
> the DispVM template" option.

Ok.

So, I think this will be enough for new DispVM implementation. To
summarize:

1. Modify qrexec policy to allow express "DispVM based on X", not only
"DispVM" by adding "$dispvm:vmname" option. Have "$dispvm" mean "default
DispVM", not "any DispVM".

2. Move target VM choice from calling VM to dom0, based on qrexec policy
and user choice (https://github.com/QubesOS/qubes-issues/issues/910)

2a. (optional for 4.0?) Add ability to specify default target VM for
given service and source VM.

3. Inherit all the VM settings from DispVM base VM, instead of calling
VM (including label and netvm)

Related:

4. Implement qubes.OpenURL service
(https://github.com/QubesOS/qubes-issues/issues/1487)

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJXOxFvAAoJENuP0xzK19cswGQH/2X3b8/oo6sRW1iZDRXNq6uf
beHhMe9NsxLMMPaFQyKzHpjYZIg+2Cx3rsZ/wf/RjA58APQETDaux/eEvCMhqPic
EobbU8e7dfnm5gNYc0H52DFXJf2kQaM99LSjIbX99fsivtrjkj1Q0Wgrkiq1Mwth
q/jdBflQ9GI6IkmMj0joL6SeEi47lB5hG3BKgtn2nyRv/fHmgNSBr18lU6hjd7j9
1bvxOn3zuzyPDn0ZqqAF3Ktkv7NwE5+MdEHY6os9Bykeet49QwHYeecS+WZ26GzY
G1cWmrUSVmz8zssdzRRsfR5gDeXrTgBsrwVj462cyYnjxoHETcuSkkT2FJQ+ubU=
=gdup
-----END PGP SIGNATURE-----

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-devel" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-devel+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-devel@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-devel/20160517124118.GK25975%40mail-itl. For \
more options, visit https://groups.google.com/d/optout.


[prev in list] [next in list] [prev in thread] [next in thread]