I like being in the TTY sometimes. I don’t really have a good reason, I guess I just like how there aren’t any distractions. Are there security problems with running virsh console $domU in one of the dom0 ttys, so I can access an AppVM via the tty?
qvm-console-dispvm was written for that. virsh is considered less safe.
What about xl console ? Are both commands essentialy the same ?
xl is the cli from the native Xen toolstack - virsh is the cli tool from
libvirt, which is a generalised layer for managing many different
virtualisation methods.
As said, the recommended Qubes tool is qvm-console-dispvm
Thanks, but I should have added to my question “security wise”.
I’m trying to understand why consoles can be “not safe” !
I think I incidentally found the answer, just tell me if that sums it up, or is there more ?
(Excerpt from a post on github QubesOS issue #2695 : Automate vm sudo authorization setup)
Yes, essentially your dom0 security suddenly depends on the correct implementation of your dom0 terminal when you do virsh console or xl console.
Simply consider it a VM <–> dom0 communication channel with some code in dom0 and you’ll notice that the VM might be able to exploit that dom0 code. If you run that code inside a disposable VM (qvm-console-dispvm), you limit potential exploitation to that VM.
This.
Thanks guys, more to learn then ^^ If you have any recommended readings/links, I’m all hears !