From fa6a61415062b3c09791bce1f8a2234d0b84dfe7 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 1 Aug 2015 13:55:18 -0300 Subject: Virtual: a quick summary --- virtual.mdwn | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 56 insertions(+), 5 deletions(-) (limited to 'virtual.mdwn') diff --git a/virtual.mdwn b/virtual.mdwn index 13f5d0e..70055e8 100644 --- a/virtual.mdwn +++ b/virtual.mdwn @@ -4,16 +4,67 @@ Can't or don't want to use [Qubes OS](https://www.qubes-os.org/)? Here comes a s that, while not offering the same level of security, is practical enough to be implemented in the confort of your current FOSS OS! -Desktop -------- +A picture +--------- - apt-get install lightdm ratpoison +Could you spot the difference between the Tor Browser running in the host for the one inside the virtual machine? That's what we want to achieve! -* [plymouth - Debian Wiki](https://wiki.debian.org/plymouth) -* Additional package: [virtualbox-guest-x11](https://packages.debian.org/stable/virtualbox-guest-x11). +![Screenshot](screenshot.png) + +First things first +------------------ + +What you can do: + +1. Create a virtual machine image of the operating system of your choice like [this example](https://padrao.sarava.org/boxes/). +2. Setup basic X11 environment with automatic login and startup programs. +3. Configure your hypervisor to hide icons and additional decorations around the virtual machine. +4. Setup key bindings on your window manager to start/resume and stop/suspend the virtual machine. + +Debian desktop +-------------- + +When using a debian virtual machine as a virtual desktop, consider the following: + + apt-get install lightdm ratpoison plymouth + +Make sure to configure `/etc/lightdm/lightdm.conf` with something like + + autologin-user=vagrant + autologin-user-timeout=0 + +If using VirtualBox, you might also want to try [virtualbox-guest-x11](https://packages.debian.org/stable/virtualbox-guest-x11). + +Features +-------- + +* Good security through isolation. +* Improved start/stop of your application by using virtual machine suspend/resume. +* Minor performance penalties while running the virtual machine. + +Limitations +----------- + +* Memory and disk consumption. +* Clipboard might still be available to the virtual environment, see [this discussion](http://theinvisiblethings.blogspot.com.br/2011/04/linux-security-circus-on-gui-isolation.html). + +Future +------ + +* Automated expendable snapshots for one-time-use virtual machines. +* Automated recipes (puppet/ansible). +* Vagrant integration for fast provisioning of golden images. +* Alternatives to the VirtualBox hypervisor. References ---------- +Applications: + +* [vbox script](https://git.sarava.org/?p=vbox.git;a=summary). +* [plymouth - Debian Wiki](https://wiki.debian.org/plymouth). + +Other implementations: + * [Marco Carnut: Ambiente "Auto-Limpante" via Virtualização Ultra-Leve Descartável - Tempest Blog](http://blog.tempest.com.br/marco-carnut/ambiente-auto-limpante-via-virtualizacao-ultra-leve-descartavel.html). * [Subgraph OS and Mail](https://subgraph.com/sgos/index.en.html). -- cgit v1.2.3