@Javs Good post. I’ve wondered about this since I started using Qubes a year ago.
What I’m hearing in this thread is, the end result of updating with Qubes Update vs. with dnf in the template is effectively the same in terms of security/system integrity. Is that a fair summary?
Before we accept that, I think everyone should be reminded just how scary the warning in the documentation looks (as seen here: How to update | Qubes OS ). Look:
Warning: Updating with direct commands such as qubes-dom0-update, dnf update, and apt update is not recommended, since these bypass built-in Qubes OS update security measures. Instead, we strongly recommend using the Qubes Update tool or its command-line equivalents, as described below. (By contrast, installing packages using direct package manager commands is fine.)
Clearly there is a stark unresolved dissonance between the documentation and the advice proffered in this thread. So I feel like there has to be more to this question. What are the security measures it’s talking about? What justification must there have been to give it a spooky caution symbol and red text? Could the documentation be wrong?
Well, here’s something I read yesterday in the latest @alimirjamali 's always-appreciated Weekly Review:
A Major part of SELinux relabling for the existing templates (via updater) to make memory ballooning work again. This one is education and one of the example cases where updating via the distro’s native updating tool (dnf in this case) is not enough and user has to use the Qubes Update GUI or qubes-vm-update to make it work.
I don’t entirely understand it, but how this reads to me is that there are cases in which SELinux labels are not set as intended if updating solely with dnf inside the template. SELinux is a security enhancement technology, and if things are mislabeled that could reduce its coverage. So does this actually happen? I don’t know. But if nothing else, this Weekly Update note has me thinking Qubes Update really does sprinkle in at least a little magic, and it’s right to wonder about the security implications of that.