Qubes OS is a security-focused Linux operating system. It has an extensive set of online documentation that is incredibly informative. Here is a running list of things that I have found that may be challenging for a user that if familiar with Linux systems, but not necessarily the Qubes OS framework and it’s virtualization. The best example of how the Qubes OS works is the diagram shown below (From the documentation website)
- Copying Files from Dom0
- Copying Text Between Qubes
- Templates based on Unsupported Distributions
- VMs with Firewall
- Taking Screenshots
Copying files out of Top-Level Domain
Copying files out of Dom0 requires a different process than copying files between the Qubes. You must go into the terminal for Dom0 and use the qvm-copy-to-vm command. The command syntax is: qvm-copy-to-vm [dest] [file]. This accomplishes the same thing as the “CopyTo other Qube” dropdown when you right-click on a file in a Qube file manager. The resulting file is copied to the “Incoming Qubes” folder in the home directory of the destination VM specified in the command.
Copying Text Between Qubes
One of the things that I use the most often is the global clipboard feature. As each Qubes is its own self-contained virtual operating system, using the Ctrl+V and Ctrl+C only works within a qube.
The global clipboard allows you to copy the clipboard text (Doesn’t work for images) to another Qube’s clipboard. You use the Ctrl+Shift+C to copy from the clipboard of one Qube to the Global Clipboard, and then use Ctrl+Shift+V to copy from the Global Clipboard to the clipboard of the other Qube.
Therfore, the complete seqence of actions is :
- Select the text that you want to copy.
- press
Ctrl+C - press
Ctrl+Shift+C - Select the qube that you want to copy the text to
- press Ctrl+Shift+V
- Select the field that you want to copy the text to
- press Ctrl+V
If you are copying code, Qubes OS will detect that and aks you if you are sure that you want to copy code. This is a great features to prevent unintentionally copying malicious commands.
Templates based on Unsupported Distributions
Sometimes, the underlying Linux distributions that the VM templates are based on are updated and no longer supported. When this happens, use the Qubes Template manager and the Qubes Template Switcher utilities to upgrade the base templates.
The Qubes Template manager is used to install and uninstall base distributions on the system.
The Qubes Template manager is used to modify the base templates for each of the Qubes VMs
One of the issues when updating unsupported templates is that the template distribution in question may be used as the Global property default_template. If that happens, you simply change the global default template in the Qube Manager
In the Qube Manager, Go to System -> Global Config and change the default Qube template to the desired version.
VMs with Firewall
You can use the firewall feature of the VM settings to create a whitelist of domains that that qube is able to access. You can create a new disposable qube with the “Create Qubes VM” Tool.
Then, you can open the qube in the qube manager and set a firewall rule to limit outgoing connections and create a domain whitelist.
These firewall rules are not accessible from inside the qube itself. if we look at the iptable rules for the quibe, we will not see any changes.
Now, if we look at the firewall rules for the VM through the Dom0 command line with the command qvm-fiewall <qube_name> list --verbose we can see that the whitelist rule is present.
Now, when we try to access our domain, we are let through the firewall, but when we try to access any other site we are blocked. Just be aware that if you must access subdomains on a site, those subdomains must also be added individually to the whitelist.
Taking Screenshots
There are 3 main screenshot options that I use. The first is to take a screenshot of the entire screen as you see it. The second is to take a screenshot of the screen that is just inside the current window. The last is to box out a specific location on the screen to take your screenshot from.
To take a full-screen screenshot simply press the “PrtScr” button.
To take a screenshot of the current window, hold “Alt”, then hit the “PrtScr” button.
To take a screenshot of a specific area, hold the “Shift” button and then press “PrtScr”. This gives you a crosshairs that you can click and drag diagonally to form a rectangle. The tricky part is that it doesn’t show you the selected area with any sort of border indicator like other operating systems do.
All of the screenshots are saved in Dom0 as that is the only virtualization container that has the permissions to be able to view the entire screen. If you want to use the screenshots that you’ve taken, you must move them to another VM using:
qvm-copy-to-vm <dst qube> <file>