qubes-doc
qubes-doc copied to clipboard
QubesOS
Update answer to "Is Qubes another Linux distribution?"
At the time of this writing, the answer for Is Qubes just another Linux distribution? is this:
If you really want to call it a distribution, then it's more of a "Xen distribution" than a Linux one. But Qubes is much more than just Xen packaging. It has its own VM management infrastructure, with support for template VMs, centralized VM updating, etc. It also has a very unique GUI virtualization infrastructure.
However that answer was last edited on September 26, 2013 and does not match up with later interpretations of what Qubes is (see below). This is important because current answer downplays the importance of Linux, which conflicts with information stated in an 2014 intererview, about a year later.
(italics mine)
Linux.com: What is Qubes OS? Joanna Rutkowska: Qubes OS is an open-source operating system designed to provide strong security for desktop computing. Qubes OS implements security by a compartmentalization approach. It’s based on Xen and Linux, but also has support for Windows-based AppVMs.
How does it use the Xen hypervisor and Linux? Qubes uses Xen as a “compartmentalization provider.” We believe Xen is very powerful for this role. The Xen hypervisor is (still) relatively bloatware-free and had a decent architecture that allows us to keep it reasonably secure (e.g. it allows to keep qemu outside the TCB). It also offers support for so-called driver domains, which Qubes utilizes to sandbox networking and USB stacks. Having said that, it is important to remember that Qubes is largely independent of the underlying hypervisor. In the next release (R3) we’re even introducing a Hypervisor Abstraction Layer to allow for (relatively) easy swapping of Xen for other VMMs. So, in the future we might see e.g. a KVM-based variant of Qubes OS, for better hardware compatibility. Qubes uses Linux (here I mean both the kernel and the platform) mostly as an… “API provider” for apps and drivers. We don’t utilize the security mechanisms Linux provides, and instead we rely on Xen isolation for that. This statement might sound like downplaying the importance of Linux, which, however is not my intention. There would be no Qubes OS without the flexibility of Linux. Even though we now also have support for Windows-based AppVMs, Linux is still unbeatable when it comes to making lightweight user AppVMs and sophisticated service VMs, or fueling Dom0 — the admin domain of Qubes OS.
This pull request changes the response to make it more clear that Qubes is an Linux and Xen hybrid rather than just an (mainly) Xen one.
