What is Qubes OS
Qubes OS is an operating system based on Linux with security in mind.
Its main goal is to prevent compromising everything by one security vulnerability.
This is done by using compartmentalization through Xen while at the same time providing an easy to use desktop experience which is not far from a regular one.
It uses SaltStack for managing the Dom0 and in the upcoming release 3.2 also for the VMs. There are VM templates for Fedora and Debian.
Possible starting points
- Try the new release 3.2 RC1 and fix/report issues
- Create a VM which uses the local NIS server
- Look into the new SaltStack
- Try to build VM images with openSUSE Leap as base
- Create a user directory based gem setup to provide an easy to use Ruby development vm
- Try to build Qubes OS locally
Results
- The new release works out of the box on my developer machine. There were no issues besides one X glitch once which I could not reproduce again and an already reported issue.
- Since Qubes OS uses local users, network vms are separated and there is no login screen direct NIS usage was not possible but a shell server could be used instead to access the user data and NFS mounts for the rest.
- The new SaltStack for the VMs makes handling of template updates and similar much easier. It should also be possible to setup all new templates by SaltStack, if they were not saved in a backup.
- The template creation is quite complicated with many scripts. We might be able to use Kiwi but first all the Qubes VM packages need to be packaged for openSUSE which I did not finish in time.
- I have used rvm to setup a local Ruby environment which needed any additional steps after installation, it just worked.
- Building Qubes OS is actually much easier than expected. The Qubes builder is easy to setup and automated. I did not build everything but just the templates like described here but building the rest should have only been a mater of time.
This project is part of:
Hack Week 14
Activity
Comments
Be the first to comment!
Similar Projects
Kanidm: A safe and modern IDM system by firstyear
Kanidm is an IDM system written in Rust for mod...
OIDC Loginproxy by toe
Description
Reverse proxies can be a useful...
Model checking the BPF verifier by shunghsiyu
Project Description
BPF verifier plays a ...
Linux Security and Practice by r1chard-lyu
Description
This project focuses on discove...
CVE portal for SUSE Rancher products by gmacedo
Description
Currently it's a bit difficul...
Saline (state deployment control and monitoring tool for SUSE Manager/Uyuni) by vizhestkov
[comment]: # (Please use the project descriptio...
Testing and adding GNU/Linux distributions on Uyuni by juliogonzalezgil
Join the Gitter channel! [https://gitter.im/uy...