Hello! We are running our annual fundraising. Please consider making a donation if you value this freely available service or want to support people around the world working towards liberatory social change - https://riseup.net/donate
- To fully compromise the host, one would have to find a way to exploit the running VM, perform a sandbox escape from libvirt, find a way to exploit some running process or create a reverse shell from the unprivileged user, then break credentials for the admin account, which requires the use of doas for privilege escalation. We have stringent apparmor profile on libvirt (kvm). We also have developed a bwrap sandbox for libvirt, however process execution of the VMs took a substantial performance hit.
- Can regular GNU/Linux applications be installed?
- Applications are heavily restricted with this build and must be installed with `doas` privilege escalation with the `admin` account. The security of this OS follows a strict hypervisor usage model; installing applications breaks the [usage model](https://git.arrr.cloud/WhichDoc/plagueOS/wiki/Home#proper-usage) and should be conducted at the user's own risk.
- Applications are heavily restricted with this build and must be installed with `doas` privilege escalation with the `admin` account. The security of this OS follows a strict hypervisor usage model; installing applications breaks the [usage model](https://0xacab.org/optout/plagueOS/wiki/Home#proper-usage) and should be conducted at the user's own risk.
- Is there an offline installation?
- An offline installer is a planned feature; however this will not be available in the immediate future. For best use, an installation via ethernet is advised.
