What is Qubes OS

Qubes OS is an operating system based on Linux with security in mind.

Its main goal is to prevent compromising everything by one security vulnerability.
This is done by using compartmentalization through Xen while at the same time providing an easy to use desktop experience which is not far from a regular one.

It uses SaltStack for managing the Dom0 and in the upcoming release 3.2 also for the VMs. There are VM templates for Fedora and Debian.

Possible starting points

  • Try the new release 3.2 RC1 and fix/report issues
  • Create a VM which uses the local NIS server
  • Look into the new SaltStack
  • Try to build VM images with openSUSE Leap as base
  • Create a user directory based gem setup to provide an easy to use Ruby development vm
  • Try to build Qubes OS locally

Results

  • The new release works out of the box on my developer machine. There were no issues besides one X glitch once which I could not reproduce again and an already reported issue.
  • Since Qubes OS uses local users, network vms are separated and there is no login screen direct NIS usage was not possible but a shell server could be used instead to access the user data and NFS mounts for the rest.
  • The new SaltStack for the VMs makes handling of template updates and similar much easier. It should also be possible to setup all new templates by SaltStack, if they were not saved in a backup.
  • The template creation is quite complicated with many scripts. We might be able to use Kiwi but first all the Qubes VM packages need to be packaged for openSUSE which I did not finish in time.
  • I have used rvm to setup a local Ruby environment which needed any additional steps after installation, it just worked.
  • Building Qubes OS is actually much easier than expected. The Qubes builder is easy to setup and automated. I did not build everything but just the templates like described here but building the rest should have only been a mater of time.

Looking for hackers with the skills:

saltstack security salt

This project is part of:

Hack Week 14

Activity

  • over 3 years ago: toe started this project.
  • over 3 years ago: toe liked this project.
  • almost 8 years ago: thardeck left this project.
  • over 8 years ago: mbrugger liked this project.
  • over 8 years ago: dsterba liked this project.
  • over 8 years ago: thardeck added keyword "salt" to this project.
  • over 8 years ago: gsanso liked this project.
  • over 8 years ago: thardeck removed keyword salt from this project.
  • over 8 years ago: thardeck started this project.
  • over 8 years ago: thardeck added keyword "saltstack" to this project.
  • over 8 years ago: thardeck added keyword "security" to this project.
  • over 8 years ago: thardeck added keyword "salt" to this project.
  • over 8 years ago: thardeck originated this project.

  • Comments

    Be the first to comment!

    Similar Projects

    Kanidm: A safe and modern IDM system by firstyear

    Kanidm is an IDM system written in Rust for mod...


    OIDC Loginproxy by toe

    Description

    Reverse proxies can be a useful...


    Model checking the BPF verifier by shunghsiyu

    Project Description

    BPF verifier plays a ...


    Linux Security and Practice by r1chard-lyu

    Description

    This project focuses on discove...


    CVE portal for SUSE Rancher products by gmacedo

    Description

    Currently it's a bit difficul...


    Saline (state deployment control and monitoring tool for SUSE Manager/Uyuni) by vizhestkov

    [comment]: # (Please use the project descriptio...


    Testing and adding GNU/Linux distributions on Uyuni by juliogonzalezgil

    Join the Gitter channel! [https://gitter.im/uy...