Compartmentalization is only a part of the solution. Once you have that finished...

fsflover · 2024-11-08T16:23:31 1731083011

Guests don't have to be exposed to the Internet [0] or even run full OSes [1].

[0] https://www.qubes-os.org/doc/how-to-organize-your-qubes/

[1] https://www.qubes-os.org/doc/templates/minimal/

ylk · 2024-11-08T17:35:57 1731087357

In what way are [1] not “full OSes”? They’re minimal templates, but afaik they still run systemd, the kernel, etc. needed to boot the standard Linux systems they are.

When I clicked the link I was expecting something like a unikernel, eg https://roscidus.com/blog/blog/2016/01/01/a-unikernel-firewa...

fsflover · 2024-11-08T17:45:54 1731087954

You certainly can run distros without systemd [0] or something very different like *BSD or Mirage [2].

[0] https://forum.qubes-os.org/t/devuan-or-other-non-systemd-tem...

https://forum.qubes-os.org/t/alpine-linux-template-non-offic...

[1] https://forum.qubes-os.org/t/openbsd-as-a-ubes-os-component/...

[2] https://forum.qubes-os.org/t/mirage-firewall-0-9-0-released/...

ylk · 2024-11-08T18:09:54 1731089394

> You certainly can run distros without systemd

Does it then become not a full OS anymore? Mirage is what I linked to above.

fsflover · 2024-11-08T18:12:00 1731089520

> Does it then become not a full OS anymore?

Probably not. I mentioned it, because you mentioned systemd. And yes, I saw your Mirage link and showed how you can use it on Qubes.