I like being in the TTY sometimes. I don’t really have a good reason, I guess I just like how there aren’t any distractions. Are there security problems with running virsh console $domU
in one of the dom0 ttys, so I can access an AppVM via the tty?
qvm-console-dispvm was written for that. virsh is considered less safe.
What about xl console
? Are both commands essentialy the same ?
xl is the cli from the native Xen toolstack - virsh is the cli tool from
libvirt, which is a generalised layer for managing many different
virtualisation methods.
As said, the recommended Qubes tool is qvm-console-dispvm
Thanks, but I should have added to my question “security wise”.
I’m trying to understand why consoles can be “not safe” !
I think I incidentally found the answer, just tell me if that sums it up, or is there more ?
(Excerpt from a post on github QubesOS issue #2695 : Automate vm sudo authorization setup)
Yes, essentially your dom0 security suddenly depends on the correct implementation of your dom0 terminal when you do virsh console
or xl console
.
Simply consider it a VM <–> dom0 communication channel with some code in dom0 and you’ll notice that the VM might be able to exploit that dom0 code. If you run that code inside a disposable VM (qvm-console-dispvm), you limit potential exploitation to that VM.
This.
Thanks guys, more to learn then ^^ If you have any recommended readings/links, I’m all hears !