Docker vs. QubesOS

I’m going to be a bit of an annoying noob, I read this article about how QubesOS stacks up against VM, however it does not address Docker containers (though it does address older types of containers). If we are to disregard the insecurity of the underlying OS, docker containers do seem to have some advantages over traditional VMs: they are lighter weight, and they seem more secure. It is built into docker that it is suppose to be very difficult to “escape” a docker container. In addition you can get hardware accelerated containers with nvidia-docker. Docker containers are quite disposable as well.

Ignoring the insecurity of the underlying OS (or at least, discarding the principle that the container is only as secure as the OS it runs on), what are the advantages of Qubes OS over Docker, or the advantages of Docker of Qubes OS?

Docker is not security boundary IMO. It’s basically just a kind of chroot or jail. It shares the running host kernel.

On a related note, there was something resembling Qubes OS running Docker containers, called RancherOS.

I’d love to see more competition in this field, for example utilizing KVM. Qubes seems to be lonely giant dominating this OS approach.

3 Likes
2 Likes

Hi @TheFloatingBrain - it’s a good question. I dont have time for
anything but a quick comment atm.

Of course, the way you have framed it, deliberately ignores
one of the key advantages of Qubes, not using OS virtualisation.

Otherwise, Qubes offers a unified framework for working with the qubes,
and for passing data between them within a security framework.
Compare “qvm-copy” with “docker cp”.

Qubes is also fundamentally aimed at the desktop, and provides tools to
make that experience as workable as possible, again within a security
framework.
Docker can run graphical programs, but they (generally) work by mounting
the Xserver socket in the container - so the container has direct access
to the Xserver. This means that the container has access to all of the
screen, and access to clipboard and input devices. Your GUI enabled
container can log all keystrokes, wherever they originate.
Qubes deliberately aims to isolate qubes so this is not possible.

I use docker - it’s good. But it aims at something different from Qubes,
and has a different place.

I never presume to speak for the Qubes team.
When I comment here or in the mailing list I speak for myself.

5 Likes

SpectrumOS seems to be serious attempt, with thought out design and some sort of funding. Very interesting stuff, thanks for pointing this out!

1 Like

I remember Spectrum - the online docs read like a pitch aimed at people
not well versed in Security/virtualisation.
And, of course, it worked in gaining funding.

I’ve not seen anything like a workable system as yet, so it’s difficult
to know where it will be going, and what it will be like once it
arrives.(If it does.)

2 Likes

Wow so many responses!

I looked at everything you all sent me, it all looks really interesting, and sent some of what you all sent me to others. I will respond to things individually.

I am looking into rancher now, it looks really interesting. I would love to see more options as well, nix seems to have some similar benefits, spectrum building on it will have some as well. Spectrum seems to have more shared resources though? So I wonder if it will be less secure? Honestly I think containerization/modularity should be the future on desktop (and mobile)

This article is excellent I actually sent it too a few people.

In my search for a linux distro I have thought about installing Nix OS (right now I am thinking of nix, pop!, chimera, manjaro, qubes, and maybe elementary… cuz its pretty + rancher now).

I really want to separate gaming, dev, work, school, and personal while maintaining privacy, and to keep things containerized. The way linux spreads packages all over the system has always killed me. As a C++ developer, I think containers would be best with working with multiple tool chains, build systems, and sets of libraries.

You are correct about docker, it is possibly a little too granular for some cases, but I can see a potential ability to make a container have multiple applications.

I am somewhat curious about the security concerns of accessing a mouse or screen (though I can definitely see it for clipboard). Unless there was some hardcore hacking going on, I’m not sure how concerned I would be about someone accessing my screen or mouse, could you explain please? The best case I can see is modifying, say, a md5 confirmation hash, to verify something that was downloaded, but it could have been compromised in a lot of other ways that would be much easier.

I think it will be the future. Qubes OS is a pioneer in this field.

Not only this approach offers the obvious security benefits, but to me it is much wider concept. Immutable environments, clean data management, hardware layer abstraction etc.

1 Like

Oh I can agree with all that

Imagine one of your containers were compromised by an attacker. Every information that you view in any other container (e.g., some medical records sent to you by your doctor, a password stored in KeePass, some kind of API key shown on a web page, …) could now be acquired by an attacker. Often, merely looking at your screen is enough to learn about secrets (which is why some people use privacy screen films on their laptops when travelling).

Concerning the abuse of your mouse, think of what you could achieve on your system by only using the mouse. Navigate to the main menu, activate the on-screen keyboard and you basically have full code execution in any other container. Access to (trusted) input devices is game over for your security.

1 Like

I suppose it is possible to run separate X servers for containers (Xephyr or similar), but still there’s the fundamental problem: containers are interfacing the same Linux kernel “dom0” is running. I’d never ever trust such system.