Hello! We are running our annual fundraising. Please consider making a donation if you value this freely available service or want to support people around the world working towards liberatory social change - https://riseup.net/donate
- To fully compromise the host, one would have to find a way to exploit the running VM, perform a sandbox escape from libvirt, find a way to exploit some running process or create a reverse shell from the unprivileged user, then break credentials for the admin account, which requires the use of doas for privilege escalation. We have stringent apparmor profile on libvirt (kvm). We also have developed a bwrap sandbox for libvirt, however process execution of the VMs took a substantial performance hit.
- To fully compromise the host, one would have to find a way to exploit the running VM, perform a sandbox escape from libvirt, find a way to exploit some running process or create a reverse shell from the unprivileged user, then break credentials for the admin account, which requires the use of doas for privilege escalation. We have stringent apparmor profile on libvirt (kvm). We also have developed a bwrap sandbox for libvirt, however process execution of the VMs took a substantial performance hit.
- Can regular GNU/Linux applications be installed?
- Can regular GNU/Linux applications be installed?
- Applications are heavily restricted with this build and must be installed with `doas` privilege escalation with the `admin` account. The security of this OS follows a strict hypervisor usage model; installing applications breaks the [usage model](https://0xacab.org/optout/plagueOS/wiki/Home#proper-usage) and should be conducted at the user's own risk.
- Applications are heavily restricted with this build and must be installed with `doas` privilege escalation with the `admin` account. The security of this OS follows a strict hypervisor usage model; installing applications breaks the [usage model](https://0xacab.org/optout/plagueOS/wiki/Home#proper-usage) and should be conducted at the user's own risk.
- Is there an offline installation?
- Is there an offline installation?
- An offline installer is a planned feature; however this will not be available in the immediate future. For best use, an installation via ethernet is advised.
- An offline installer is a planned feature; however this will not be available in the immediate future. For best use, an installation via ethernet is advised.
- Are there hardware limitations?
- Are there hardware limitations?
- There is not specific hardware that is required to run PlagueOS. As a whole, we recommend having at least 8GB of RAM for the guests (VMs), however this is not required. Old hardware can run the base install in an efficient manner. We should note that ARM architectures are not currently supported.
- There is not specific hardware that is required to run PlagueOS. As a whole, we recommend having at least 8GB of RAM for the guests (VMs), however this is not required. Old hardware can run the base install in an efficient manner. We should note that ARM architectures are not currently supported.
\ No newline at end of file
- Certain vendors have unique requirements with UEFI. Void Linux stages the grub binary under the directory `/boot/efi/EFI/Void/grubx64.efi`. For non-compliant vendors that require GRUB to be staged in a standard directory without additional checks, run the following command: `cp /boot/efi/EFI/Void/grubx64.efi /boot/efi/EFI/boot/bootx64.efi`
- See [Void Documentation](https://docs.voidlinux.org/installation/guides/chroot.html#installing-on-removable-media-or-non-compliant-uefi-systems)
