[clug] QubesOS event channels clarification [Was: Re: Canberra Linux Users Group Meeting - 23 July 2015]

Bob Edwards Robert.Edwards at anu.edu.au
Sun Jul 26 13:10:02 UTC 2015

On 25/07/15 00:32, Paul Harvey wrote:
> Thanks everybody for coming to the talk and asking great questions!

Thanks for your excellent talk on Thursday, Paul, and your extensive
follow-up - much appreciated.

One question I had was how QubesOS deals with network time protocol
(NTP) as Dom0 has no network connectivity. As each AppVM has it's
own kernel, I am guessing that there is either an NTP server on each
AppVM, or this Xen message passing system is being used to set time
across the domains somehow?

<going somewhat off-topic...>
The main reason I ask is that I have been inspired to work further
on my LXC compartmentalisation on various boxen I look after. I now
aspire to have the host container have no external network.

Alas, ntpd is tripping me up. It needs to run on the host container
in order to modify the kernel system time, but also needs to be able
to contact externally networked time sources. Usually, I allow the
host container to have limited external network access via SNAT,
specifically for this purpose.

OpenVZ solves this by allowing a specific (guest) container to have
access to the kernel resources required to modify the system time.
I can't find anything that aludes to allowing an LXC container to
have similar access.

Another variation (to SNAT) would be to have a UDP proxy running on
the external internet facing container and proxy the NTP requests
from the host container. Could be a bit "safer" than doing it with
SNAT, but then again, could introduce further vulnerabilities.

Anyone read this far and have any ideas? And I would be interested
to know how QubesOS solves the equivalent problem for Dom0.


Bob Edwards.

More information about the linux mailing list