Docker vs. QubesOS

Sven · December 20, 2021, 7:00pm

Seems Qubes is to a standard distribution as OOP is to K&R C.

I hope not! shudder

1of7 · December 20, 2021, 7:39pm

What? … I like python …

BBro · December 21, 2021, 1:47am

It’s really interesting topic!

Look at that: GitHub - mviereck/x11docker: Run GUI applications and desktops in docker and podman containers. Focus on security.

It runs separated x server with additional configuration so that you can control if you want clipboard, audio devices etc.

Imagine OS that:

has Xen linux based dom0 (distro of your choice, e.g I like Void and Alpine)
Uses DE of your choice
Hypervisor is used by default to isolate network and usb devices (also uses similar, handy qubes-like tools to e.g. copy files)
You have choice to isolate apps with docker/podman or true rock-solid qubes-like templateVM & appVM based.

I’d go for it

naqvx · January 20, 2022, 4:07pm

See also gvisor which looks promising for running containers securely

HPOA909 · January 21, 2022, 1:00am

trust-un-trust:

|= = = = = = = = = = = = = = = = = = = = = = = = = = = = =| cloned ±----+ ±----+ from____| def | | def | / | tpl | / | tpl | v ±----+ v ±----+ instance ±----+ ±----+ ±-------+ of| dvm | | dvm | | not | ±—+ / | tpl | / | tpl | | expose | | | eth v ±----+ v ±----+ | to | | vl | ±–+ ±------------+ ±-----------+ | web | | 10 |-|[0]|-| sys-net |-| sys-fw |-| appvms | | | ±–+ ±------------+ ±-----------+ ±-------+ ±-+ | == | =============================================== | | | s | cloned ±----+ ±----+ | |-| w | from_| def | | def | |f |-| i | / | tpl | / | tpl | | w|-| t | v ±----+ v ±----+ | |-| c | instance ±----+ ±----+ ±-------+ | | | h | of| dvm | ___| dvm | | expose | ±-+ | == | / | tpl | / | tpl | | to | | | eth v ±----+ v ±----+ | web | | vl | ±–+ ±------------+ ±-----------+ | docker | | 20 |-|[1]|-| svcs-net |-| svcs-fw |-| hvm | | | ±–+ ±------------+ ±-----------+ ±-------+ ±—+ |= = = = = = = = = = = = = = = = = = = = = = = = = = = = =|

I liked the ASCII art of this.

Scumbag · March 10, 2022, 12:54pm

I just found out about Plague OS, sounds a bit similar to Spectrum OS regarding being lighter and more hardware compatible than Qubes OS:

xn0px90 · January 3, 2023, 10:47pm

Hey!
RancherOS → https://rancher.com
is a fun project to test docker with qubes-os combo (Very nice!)

Step one:
Build ubuntu template

Step two:
Build latest rancher from git!

Step three:
edit iptables

Let me know how it goes!

Cheers!
~X

Szewcu · January 4, 2023, 10:29am

There is also EasyOs, concept similar to Qubes but based on containers. Fun thing is that this is a new project from creator of Puppy so it not using docker but some new containers engine created specially for that project. It is also extremely light like puppy.