Something that could solve the issue would be to create a apparmor profile to deny access to machine-id , proc version and some other things to every apps
Even if you create apparmor profiles there are too many ways to exploit it crackarmor, Unconfined Child Processes, Information Leaks via System Calls, etc.
Instead harden the template vm by hardening overall vm.
??? What are you talking about ? which gui tool you are referring to ? As far i’m aware you shouldn’t start a software in the template VM. Did i missunderstand something here?
I had checked the source code, where Python Tk (a GUI tool) is used. The code copies all AppArmor profiles to /etc/apparmor.d/ . To make this persistent across VM restarts, you run this on template vm.
Maybe we should only use SElinux ?
selinux is powerful but you need to have good understanding of linux and need to invest huge time in selinux to master it. Also there are not many good source out there to learn it so its may take years mastering it.
This is normal
security has a cost but i think some parameters can be removed but i don’t know which one should i remove in favor of performance maybe you could help me with that ?
-
mitigations=auto,nosmt (dom0 already does this no need to use this here). disabling SMT impacts huge performance half your cpu cores will be gone by disabling SMT.
-
kvm_amd.sev=1, kvm_amd.sev_es=1, kvm_amd.sev_snp=1, kvm-intel.vmentry_l1d_flush=always, kvm.mitigate_smt_rsb=1 (unncessary kvm parameters for Qubes VM. Qubes OS uses xen not kvm).
-
iommu=force,intel_iommu=on,iommu.passthrough=0,iommu.strict=1— Controlled by Xen in dom0, not guest VMs. -
l1d_flush=on,l1tf=full,force,pti=on,spectre_v2=on,ssbd=force-onAlready enforced at Xen/hypervisor level. -
init_on_alloc=1,init_on_free=1,page_alloc.shuffle=1,slab_nomerge,slab_debug=FZ— Redundant due to VM isolation provides only little benefit. -
module.sig_enforce=1,lockdown=confidentiality,vdso32=0,vsyscall=none— Strong but often overkill; Qubes already isolates