Commit 8da02979 authored by T(A)ILS developers's avatar T(A)ILS developers
Browse files

Some thoughts about Qubes for the VM isolation idea.

parent 60ffd9e8
......@@ -99,4 +99,17 @@ nightmare. The alternative would be to fall back to something like
the way things work now, with Tor running inside the virtual machine...
but to warn the user that she was operating with degraded security.
##A promising, alternative solution: Qubes
Qubes is Fedora spin off which takes [security by isolation to the extreme](http://qubes-os.org/Architecture.html): a Xen hypervizor manages user defined "lightweight virtual machines" or "AppVMs" that isolate user processes, and even certain system-components like the network stack, from each other. Appropriate IPC, file and clip-board sharing supposedly works between programs in different AppVMs.
One fine thing with this approach is that it most likely would be easy to fallback to starting processes without these AppVMs in case it's detected that T(A)ILS itself runs inside a VM.
The two key questions that remain to answer is:
1. if these AppVMs can be "NAT:ed" or similarly made oblivious to the system interfaces' IP addresses.
2. if all this can be incorporated into Debian without too much trouble.
Read more at their [homepage](http://qubes-os.org/) and [wiki](http://www.qubes-os.org/trac/wiki).
[[wishlist]]
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment