Qubes is an Operating system that runs containers to isolate processes and data into different domains for increased security.
Virtually every modern digital system already implements the separation of data and processes into 'domains'. They are called user accounts.
Qubes allows one user to access multiple domains with safeguards. Probably need to list the safeguards here for proper analysis.
What would a system look like that allows one user to access multiple user accounts with safeguards?
If I use Run-As in windows or su in *nix does this accomplish the same security goals? When I use su to become another user I can run programs. If they are X (gui) programs I have to allow the other user access to my x session. Since I am controlling both users this is secure. I login as user1 then grant access to user2
/home/user1$ whoami
user1
/home/user1$ xhost +SI:localuser:user2
/home/user1$ xhost
SI:localuser:user1
SI:localuser:user2
/home/user1$ su user2
Password:
/home/user2$ whoami
user2
/home/user2$ kate
.... This works BTW. Closing gui kate program
/home/user2$ firefox
2022/05/13 08:18:01.210602 cmd_run.go:1053: WARNING: cannot start document portal: dial unix /run/user/1000/bus: connect: permission denied
/user.slice/user-1000.slice/user@1000.service/app.slice/app-org.kde.konsole-2e8bc48f5cec45f2a2aa7e8a652f804a.scope is not a snap cgroup
/home/user2$ code
A system error occurred (listen EACCES: permission denied /run/user/1000/vscode-49f26da9-1.67.1-main.sock)
Please make sure the following directories are writeable:
~/.config/Code
~/.vscode/extensions
/run/user/1000
Looks like firefox is running as a snap and has some limitations. Snaps are a newer development on *nix. VSCode has similar issues. Both of these are related to the virtual ram disk in /run/user. maybe there is a way around this with the right environment variables to tell the programs to write to the correct folders. I manually change the Environment Vars but this does not solve the problems.
/home/user2$ declare -x DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/1003/bus"
/home/user2$ declare -x GPG_AGENT_INFO="/run/user/1003/gnupg/S.gpg-agent:0:1"
/home/user2$ declare -x XDG_RUNTIME_DIR="/run/user/1003"
/home/user2$ firefox
2022/05/13 08:18:01.210602 cmd_run.go:1053: WARNING: cannot start document portal: dial unix /run/user/1000/bus: connect: permission denied
/user.slice/user-1000.slice/user@1000.service/app.slice/app-org.kde.konsole-2e8bc48f5cec45f2a2aa7e8a652f804a.scope is not a snap cgroup
Looks like I need to login as user2 so that it will create the folder in /run/user. for now I do that with Switch User feature of KDE. I'll try to integrate that into this code later. Now I run firefox again and see output but and a window in the X session for user1 that i can tell is the user2 firefox. (it comes up in the background).
/home/user2$ firefox
Gtk-Message: 08:40:04.466: Failed to load module "colorreload-gtk-module"
ATTENTION: default value of option mesa_glthread overridden by environment.
ATTENTION: default value of option mesa_glthread overridden by environment.
ATTENTION: default value of option mesa_glthread overridden by environment.
Next I run VSCode and it also works. This seems like a viable approach.
Because Qubes uses containers to implement this which seems like a lot of overhead. Each container has to be individually maintained. install, update, etc.