Just trying to understand how it all works.
If I write
sudo apt install -y chromium
in my Debian template, it installs chromium on all my VMs based on that template. But how does that work, when the template actually does not has internet access? Shouldnt it refuse the command?
Also, what is the correct way to install applications in VMs based on templates? If I install Signal in the template etc, it install on all my Debian VMs. Isn’t there an safer way, to only having applications installed in some VMs and not others? For me, it looks like it just increases attack surface to have all applications in all VMs.
Thanks in advance