I’ve understood that two different AppVMs are perfectly isolated from each other.
My question is whether two qubes inside a single AppVM, say personal, enjoy GUI isolation. For example, is it possible for one app sniff for keystrokes inside the whole AppVM? I’m trying to understand whether it is secure to run KeePass along with some app I don’t 100% trust.
Run KeePass and similiar applications in a vaultVM (a VM without netVM). Use a separate vaultVM for each application.
Interesting question, though. I assume that Xserver is running in dom0… and that’s the reason the Qubes Maker are working for a sys-gui - to isolate the Xserver from dom0.
Huh, if the only Xserver is running in dom0, it is possible that only the app currently in focus receives its keystrokes and nobody else has access to them. However, a separate vault for KeePass seems reasonable. Anyway, I was confused by the fact that KeePass is by default placed in the ‘personal’ qube if i remember well.
Because KeePassXC is installed in the template, the application is
available in all qubes that use that template.
By default the vault , which is offline, is where most people will use
KeePassXC to store secrets. You can strengthen isolation by using
policies in /etc/qubes/policy/30-user.policy to control interactions
with the vault.
I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.
Yeah, my way to Qubes actually started with this post
I’ve checked, it still works the same way in Ubuntu, but in Qubes I wasn’t able to reproduce it even inside a single AppVM.