Qubes OS release 2 available

[Posted October 27, 2014 by corbet]

Release 2 of the Qubes OS secure desktop system is available. The biggest change, perhaps, is support for "fully virtualized AppVMs"; these allow running any operating system in a fully virtualized mode under Qubes. Other additions include secure audio input to AppVMs (allowing Skype to be run in a sandbox, evidently), policy control over the clipboard, an improved secure backup infrastructure, improved hardware support, and more.

to post comments

Qubes OS release 2 available

Posted Oct 28, 2014 5:09 UTC (Tue) by brugolsky (guest, #28) [Link] (1 responses)

Interesting stuff, though I constantly get the nagging feeling that security concerns are pushing us collectively toward a library OS design (perhaps like OSv), but through a series of baroque layers (especially once the browser "OS" is taken into consideration). Does the unit of encapsulation really need to be an OS instance?

The *nix syscall interface has gotten too wide to reason about effectively. I'm interested in seeing approaches that experiment with seccomp or KVM to introduce a simplified process model for the vast majority of apps, while still leveraging the performance and hardware compatibility of the Linux kernel.

Qubes will IMHO get more interesting when R3 is released with support for libvirt and KVM. Hardware compatibility, power-aware scheduling, etc., are difficult enough without introducing Xen into the mix, especially on laptops.

Qubes OS release 2 available

Posted Oct 28, 2014 7:16 UTC (Tue) by danc (subscriber, #74798) [Link]

> I'm interested in seeing approaches that experiment with seccomp or KVM

How about ZeroVM? Too simplified/minimal perhaps? Certainly stdin/stdout/stderr is not enough to run a graphical application...