Hello Qubes-Users,
I have already discussed the topic of this thread in the whonix-forum with the developer and we have come to the conclusion that part of the problem needs to be discussed further in the Qubes forum, as everything possible has been tested on the whonix side.
The phenomenon is as follows:
If one clones the components of the whonix system (i.e. gw-16, ws-16 and sys-whonix) and thus creates a parallel whonix system (I call it gw16-TEST, ws-16-TEST and sys-whonix-TEST), then under certain conditions (e.g. in the Qubes manager) when gw-16-TEST and ws-16-TEST are started, not sys-whonix-TEST but sys-whonix activates.
I have gone through the solutions suggested by the developer in the corresponding thread and the problem is not solvable so far.
Since I consider it a security risk to have two sys-whonix VMs running at the same time and there can be overlap correlations of traffic along with possible analysis, I am asking for opinions and suggested solutions.
The whole discussion can be read at the following link:
The questions to be discussed in the Qubes forum are:
-
when updating in the Qubes updater from whonix and their clones, how can I tell if the updates of the clones are actually done via sys-whonix-TEST and not in the background via the original?
-
What role do the new policy guidelines play? Logical changes have not had the desired effect and are not feasible. There could also be contradictions between files like 80-whonix-policy, which should be in Qubes 4.1.1. but isn’t, and the old, still existing system.
There are also some other anomalies: If you clone the same system again (“sys-whonix-TEST2”), then delete the original and change the designation “sys-whonix-TEST2” back to “sys-whonix”, then in all whonix VMs the NetVM links also change back to sys-whonix, without having to make a change in every virtual whonix VM under “Settings”.
This does not make sense from a security point of view and cannot be intended.
Many thanks for opinions!