Install Cinnamon on dom0?

tinfoil-hat · September 20, 2025, 9:53pm

Hi, I saw that one can install software in dom0 via something like dom0-qubes-update <package>
I know you’re not supposed to do that in general. But I really would like cinnamon as my main DE and above command was recommended, if you want to install a window manager. I saw that there’s an experimental way to setup a sys-gui VM, but I red that it’s very buggy.

Now I’m confused, should I:

dom0-qubes-update <cinnamon-package>
install a GUI VM
or just go with system default and stay on a DE I don’t like?

greetings tinfoil-hat

catacombs · September 21, 2025, 1:02am

There are a lot of Acronyms with computers, please try to be a specific as possible. My memory does not keep up with all of them.

What is there, -inside dom0- that you want to do? at all? that makes you think what is there is not sufficient?

tinfoil-hat · September 21, 2025, 1:12am

Hi, thank you for your reply, I saw this in the documentation:

and thought if I can install Cinnamon the same way:
sudo qubes-dom0-update <cinnamon-metapackage>

I’d like to use QubesOS with Cinnamon, but i red, installing software on dom0 is highly discouraged and Cinnamon has tons of packages that would be pulled

shantyspruce · September 21, 2025, 7:03am

Cinnamon is not supported in Qubes as of now. Sadly, Qubes requires changes to the desktop environment for security contexts (window border colors), amongst probably other things.

IIRC, these modifications are done on a per-environment basis and Cinnamon just isn’t one that’s been done. If you have the requisite programming knowledge, you’d be able to do this yourself by reading the code that Qubes made and adapting this to Cinnamon, but I have no clue how hard or involved this would be.

On installing packages to dom0

Think of dom0 like a control room in a secure facility. It doesn’t do much for running the facility, but it has full control in regards to security. There are employees in this control room, and they would be correlated to packages. No matter what, you need to have at least some employees, and they should be vetted. Qubes provides all you really need in dom0 for it to function, and the packages are trusted.

What you want is to change or add to the trusted employee with another one you feel does the job more to your liking (in this case the desktop environment). Is this employee (package) trusted? This is the question you must find the answer to yourself, as trust is a relative thing. In other words, do you trust the developers of Cinnamon not to maliciously use or negligently leave vulnerabilities in the software? And do the threats you are trying to defend against have the capability to use this software against you? Keep in mind that just because you don’t know how one can, doesn’t mean they can’t.