quBSD is a FreeBSD jails/bhyve wrapper which implements a Qubes inspired containerization schema. Written in shell, based on zfs, and uses the underlying FreeBSD tools.
↫ quBSD GitHub page
quBSD really seems to build upon the best FreeBSD has to offer. Neat.
Just when I thought things couldn’t get better! Hopefully, we’ll see the same gusto with OpenBSD!
Ehhh, Doesn’t look complete yet. It’s not within ports yet as in the README.
My web-browsing daily driver is a corebooted thinkpad x230 with Qubes (3 years and going strong). It is one of the recommended setups. Considering the age, in most offline tasks I get 4h battery life (the battery is at 70% capacity). Qubes is brutal in gutting everything that can even be considered remotely unsafe:
– no hyperthreading
– no graphics acceleration
I have a Qube for Google-only and any youtube watching goes with tons of frames dropped in any resolution. Then there’s the mandatory banking qube, a vault qube that I use for password managers, a work qube where I keep my work accounting, a personal qube and web browsing goes through a mix of whoonix and standard disposable qubes.
I look forward to trying this, and to seeing how it compares to VM-isolation in terms of security. This corebooted X230 never booted freebsd – the console output was unreadable with coreboot so I never managed to install it.
If it is well-praised security-wise, I consider switching. Qubes works fine but it is very sluggish on the X230.
Nice to see someone doing this again using modern FreeBSD features.
A long time ago I was using a setup based on Shewstring which worked with Jails and VNC to accomplish similar,, before Qubes was around IIRC.
https://github.com/Shew/Shewstring