hi everyone, somehow i’ve noticed that dom0 file manager have direct acess to all disks and it’s automount any disk i put on, first of all, i’ve installed qubesOS on an external SSD disk, made a partitient of about 100GB with 1GB for boot and 100mb at least of efi, the other 300GB was kept for courses and programs, the internal nvme disk was kipped for windows11, somehow, i thought this can be so dangerous that i could explore all the directories of both my internal disk and also the lefted part from this, why actually qubes don’t have this option while the qubesOS system automount it to dom0, isn’t this an issue?
beside that i tried to mount it ( the lefted part of my external disk) into an AppVM based of fedora-41-xfce, and somehow gives some wrong values as i had 900GB or somthing…
The issue is you installed qubes os on external drive and dual boot with windows.
dom0 have access to every hardware. That’s how Xen works. So every internal drive is available there.
USB was delegated to sys-usb but since you installed on external usb drive you need to permanently attach usb controller to dom0 instead of syd-usb. So now every usb drive are mounted in dom0 too.
It’s user fault that don’t listen to developers what’s dangerous and unrecommended.
My windows didnt give me the ability to shrink volume, even I had free 200Gb but it’s only gave 6Gb , I hate win really but I have important things on it
Every internal will mount.
Check /etc/fstab if there is windows partitions there. Then you might block them there.
USB with external drive system installed, you can try to make UDEV rules that block any block device except system drive. But you might cut yourself out of booting system.
