I was installing Veracrypt on Fedora 41 template, then after installation it shows this error message:
veracrypt: error while loading shared libraries: libfuse.so.2: cannot open shared object file: No such file or directory
I did some searches and installed Fuse lib using this command:
sudo dnf install fuse
Question: Does installing this package expose my Qubes to some kind of vulnerability?
Also I noticed running the Generic Intaller GUI version didn’t pop up a GUI window like I found in a video guide [for regular linux install] but it printed everything in console when doing this in Qubes. I know this is not directly related to Qubes but just wondering if anyone else experienced this.
1 Like
Fuse itself has nothing to do with Qubes OS.
Fuse is a mechanism that allows filesystem drivers to run in userland (while most filesystem drivers run in the kernel). Programs like SSHFS or AppImage need it. KDE and GNOME depend on it to provide remote file access for third-party programs.
1 Like
That’s the info I found from some searches. I don’t have the background knowledge to determine if this is recommended or not. What I want to find out for sure is if installing fuse would add some unintended vulnerability.
1 Like
Short answer: no.
FUSE is not a hole that allows viruses to get through. However, it can enable privilege escalation in some cases. Mounting a filesystem is a privileged operation, so a normal user without permission needs a SUID helper to mount a FUSE filesystem. This is expected behavior. To be honest, the default templates of Qubes OS have a password-less sudo configuration (sudo is also a SUID helper), so that’s not a problem.
Basically, as I said, FUSE itself has nothing to do with Qubes OS. It will not interfere with parts of Qubes OS. Since you are using VeraCrypt, which means you trust it, you should also trust its dependencies. It makes no sense to trust a software but not its dependencies.
2 Likes
I see. Thank you for info!
1 Like