I hear you, but it’s not like installing “an entire OS per app.” Qubes runs on a single Xen hypervisor and uses shared templates—AppVMs borrow their root filesystem from them—so you’re not installing 20 separate full OSs. You can use minimal templates and dedicate a lightweight AppVM to a single app if you want. It’s about isolated trust domains, not full installs everywhere. :)
Replies (3)
AppVMs don't share resources other than the filesystem on disk.
You're not installing 20 chromes, but you are **running** 20 chromes.
(Still, Qubes is gold standard for linux sandboxing IMO)
Yes but can I run crisis on it?
There are different ways to create your QubesOS stack. If you run standalone templates you have really fully separated systems. The normal way is to build an templates which have your apps installed and you can share those apps to different AppVMs. The goal here is to separate user profile and data from other ApoVMs for security and privacy reasons. Each AppVM can have another network or is offline.
