Given that the underlaying Xen code and structure works as it should (We do so or we wouldn’t use Qubes-OS!), the security of the whole system is based on what happens here.
So if anyone wants to contribute without risking to smash the security of the system, he will need this knowledge. I can’t believe, that there aren’t any organisational charts to help for an overview, as it doesn’t make sense, that all who want to help, have to reinvent the wheel.
I’m willing to read scripts, configs and code to understand this all, but to save time I’ll need help where to start.
It’s taking the right direction, but my question goes deeper:
For example: The moment sys-firewall gets started, there has to be some synchronizing between this and sys-net for setting routes for example. Something similar must happen when other VMs start and get connected to sys-firewall.
What are the envolved scripts? - Is all communication started from a script in dom0, what starts sys-firewall and tells sys-net what has to be done or is there a script started in sys-firewall on startup, what communicates with sys-net?
I want to understand this workflow. The general conception is mostly clear.
If an AppVM’s (e.g. my-app-vm) NetVM is sys-firewall and if sys-firewall’s NetVM is sys-net, when all three are shutdown, the following command will start all three of them:
I’m afraid I don’t have useful direct pointers, but I’d start reading through the qvm-start code to see what happens from there. Surely everything that has to happen (identifying VMs, starting them, configuring networks, etc.) does happen from there.
I looked into the sources belonging to qvm-start in dom0, but that’s not really what I’m looking for.
There’s “/usr/bin/qvm-start” what imports “/usr/lib/python3.11/site-packages/qubesadmin/tools/qvm_start.py”.
As I understand both are responsible for preparing the boot devices of the VMs to start and for the starting of the VMs. But I can’t see anything responsible for the network devices and related things.