How to install app to vault

B_ryr · July 4, 2021, 9:11pm

Good afternoon everyone,

So i need to install “libreoffice” to my vault vm. I know it doesn’t have network access which i like but i need libreoffice suite installed to it for docs,xls,pdf…etc.

Do i have to get vault network access and how would i install it? I know how to do it for debian,arch and alike.

Thank you for helping in this matter

fsflover · July 4, 2021, 10:00pm

AppVMs get their root filesystem from template qubes. This is how Qubes OS isolation works. So you install software in TemplateVMs (which btw also don’t have the Internet access). You can find instructions how to install software here: How to Install Software | Qubes OS.

Sven · July 4, 2021, 10:14pm

Besides @fsflovers pointer to the documentation I would also recommend
to NOT run libreoffice in your ‘vault’ and instead use qvm-open-in-dvm
to open the respective file in a disposable offline qube. Your edits
will propagate back to the file stored in ‘vault’.

Your ‘vault’ is meant to be a place of highest trust. It doesn’t make a
lot of sense opening complex office documents here that may contain all
kinds of nasty.

/Sven

B_ryr · July 4, 2021, 11:03pm

Thanks guys. I will just use the text editor in vault and (type in / save as) txt. Thats fine enough for me.

adw · July 5, 2021, 10:14am

In addition to the above, also see:

B_ryr · July 5, 2021, 3:13pm

Thank all of you. Yes i know that appvm get their stuff from templates they are built from. I just dont know if it is worth it as vaultvm comes from fedora and fedora updates so much from version to version…32,33,34 and I would have to reinstall libreoffice again and agin

B_ryr · July 5, 2021, 4:32pm

I have came up with anither way to address what i want to do.
Thank you all for your time

capsizebacklog · February 26, 2025, 12:44am

I just searched for why it’s bad to open docs in vault and found this topic. I think it’s worth bumping even though it’s a few years old.

What has changed since topic started is that now vault has libreoffice by default because the template it’s based on has it by default.

When you say complex docs, I guess you mean they have a high attack surface compared to just a normal text file which you can create and edit with any text editor like nano or vim or some other gui text editor? But what about if the libreoffice documents are created in the vault by yourself? Would it still be a bad idea to have a directory of docs that were created in the vault and you can therefore open without a disposable?

It saves memory to not have to open lots of disposables and you have to be memory efficient if you have 16GB RAM.

And even if there was an attack vector, I guess the only attack vector is if libre office became compromised by an update when the template is updated and then vault restarted. Then it still shouldn’t be that big problem because Vault is an offline qube. They can’t steal the data in the vault. The worst thing they can do is delete it all but regular backups should protect against that very rare and unlikely attack.

Maybe I’ve answered my own question but when there are so many experienced users on this forum saying to not open files inside vault then I have to ask in case there’s something I don’t know about.

unman · February 27, 2025, 1:35pm

I strongly recommend use of a minimal template based qube for vault, for
just this reason.

Sven:

I would also recommend
to NOT run libreoffice in your ???vault??? and instead use qvm-open-in-dvm
to open the respective file in a disposable offline qube. Your edits
will propagate back to the file stored in ???vault???.

Your ???vault??? is meant to be a place of highest trust. It doesn???t make a
lot of sense opening complex office documents here that may contain all
kinds of nasty.

I wouldn’t be doing this at all, but I favour plain text in any case.
When I need to store anything but, I use a storage qube to do this. That
is only used for storage and has a lower trust level than the vault: I
use different storage qubes for different security domains.

I generally run with 16GB and have never hit memory constraints, but I
do tune the system somewhat.

The worst they could do is exfiltrate the data through an inter qube
transfer, and could certainly steal the data in the vault. (We are
talking hypotheticals here.) It makes sense imo to limit the attack
surface as far as possible: opinions do differ on this, and it comes up
often in discussion.

I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.

capsizebacklog · March 3, 2025, 1:52pm

I didn’t think of that even though it’s so obvious now that you said it. NSA just have to backdoor libreoffice with a supply chain attack and gag order to compromise the vault of all qubes os users. If they are exposed they can pretend it wasn’t them, it was just some hackers who found a vulnerability, not a backdoor.

After that NSA also needs to compromise one of the qubes that have a netvm. When both these qubes are compromised they can just do qvm-copy to the other qube which isn’t offline then send the data home.

I have created a minimal template now with no additional installs for the vault. I also started writing/editing documents in a disposable using nano in xterm for the smallest attack surface. Everyone walking by me is thinking “???” but they don’t know how good my security is.