After Qubes automatically updates the template, it will involve updating specific VMs, such as: sys-net, sys-firewall, sys-whonix, sys-usb, etc. Which VM updates will involve the risk of IP or information exposure? If there is indeed such a risk, do you need to close all browsers and software before updating?
???
VM’s aren’t updated. Because why?
VM’s works on /root partition snapshot of template. When you run VM, snapshot of /root partition of template is created and VM is using that snapshot as it’s own /root partition. When you close that VM snapshot is deleted. When VM is running and you run it’s base template nothing happens to VM. It still runs on snapshot that was created during start.
When you run template it creates snapshot of its own /root partition and works from it. Any changes made to template is saved in snapshot. When you close template then snapshot is merged with template. Only then any changes/updates to template might be propagated to VM’s, but only to those that started after template closure.
And template have no internet access (unless you’ve gave it against the rule).
So… where is simultaneous template and vm’s update and vm ip leakage during update?
1 Like