privacyguides/i18n
1
0
Fork 0
mirror of https://github.com/privacyguides/i18n.git synced 2025-06-29 05:42:36 +00:00
Code Activity
Files
7752c4cae46ed997a416b0101da55b4ea1dbb33f
i18n/i18n/zh/os/qubes-overview.md
Crowdin Bot 5d83b3c67b New Crowdin translations by GitHub Action
2023-11-12 11:31:23 +00:00

82 lines
6.8 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: "Qubes概述"
icon: simple/qubesos
description: Qubes is an operating system built around isolating apps within *qubes* (formerly "VMs") for heightened security.
---
[**Qubes OS**](../desktop.md#qubes-os) is an open-source operating system which uses the [Xen](https://en.wikipedia.org/wiki/Xen) hypervisor to provide strong security for desktop computing through isolated *qubes*, (which are Virtual Machines). You can assign each *qube* a level of trust based on its purpose. Qubes OS provides security by using isolation. It only permits actions on a per-case basis and therefore is the opposite of [badness enumeration](https://www.ranum.com/security/computer_security/editorials/dumb/).
## Qubes操作系统是如何工作的
Qubes使用 [分区](https://www.qubes-os.org/intro/) ,以保持系统的安全性。 Qubes是由模板创建的默认的是Fedora、Debian和 [Whonix](../desktop.md#whonix)。 Qubes OS also allows you to create once-use [disposable](https://www.qubes-os.org/doc/how-to-use-disposables/) *qubes*.
??? "The term *qubes* is gradually being updated to avoid referring to them as "virtual machines"."
Some of the information here and on the Qubes OS documentation may contain conflicting language as the "appVM" term is gradually being changed to "qube". Qubes are not entire virtual machines, but maintain similar functionalities to VMs.
![Qubes架构](../assets/img/qubes/qubes-trust-level-architecture.png)
<figcaption>Qubes架构信用什么是Qubes操作系统介绍</figcaption>
Each qube has a [colored border](https://www.qubes-os.org/screenshots/) that can help you keep track of the domain in which it runs. 例如,你可以为你的银行浏览器使用一种特定的颜色,而对一般的不信任的浏览器使用不同的颜色。
![彩色边框](../assets/img/qubes/r4.0-xfce-three-domains-at-work.png)
<figcaption>Qubes窗口边框图片来源 Qubes截图</figcaption>
## 为什么我应该使用Qubes
Qubes OS is useful if your [threat model](../basics/threat-modeling.md) requires strong security and isolation, such as if you think you'll be opening untrusted files from untrusted sources. A typical reason for using Qubes OS is to open documents from unknown sources, but the idea is that if a single qube is compromised it won't affect the rest of the system.
Qubes OS utilizes [dom0](https://wiki.xenproject.org/wiki/Dom0) Xen VM for controlling other *qubes* on the host OS, all of which display individual application windows within dom0's desktop environment. There are many uses for this type of architecture. Here are some tasks you can perform. You can see just how much more secure these processes are made by incorporating multiple steps.
### 复制和粘贴文本
你可以 [,使用 `qvm-copy-to-vm` 或下面的说明复制和粘贴文本](https://www.qubes-os.org/doc/how-to-copy-and-paste-text/)。
1. Press **Ctrl+C** to tell the *qube* you're in that you want to copy something.
2. Press **Ctrl+Shift+C** to tell the *qube* to make this buffer available to the global clipboard.
3. Press **Ctrl+Shift+V** in the destination *qube* to make the global clipboard available.
4. Press **Ctrl+V** in the destination *qube* to paste the contents in the buffer.
### 文件交换
To copy and paste files and directories (folders) from one *qube* to another, you can use the option **Copy to Other AppVM...** or **Move to Other AppVM...**. 不同的是, **Move** 选项将删除原始文件。 Either option will protect your clipboard from being leaked to any other *qubes*. This is more secure than air-gapped file transfer. An air-gapped computer will still be forced to parse partitions or file systems. 这一点在跨区拷贝系统中是不需要的。
??? "Qubes do not have their own filesystems."
You can [copy and move files](https://www.qubes-os.org/doc/how-to-copy-and-move-files/) between *qubes*. 当这样做的时候,改变并不是立即进行的,而且在发生事故的情况下可以很容易地撤消。 When you run a *qube*, it does not have a persistent filesystem. You can create and delete files, but these changes are ephemeral.
### 虚拟机之间的相互作用
The [qrexec framework](https://www.qubes-os.org/doc/qrexec/) is a core part of Qubes which allows communication between domains. 它建立在Xen库 *vchan*的基础上,通过策略</a>,促进了
隔离。</p>
## Connecting to Tor via a VPN
We [recommend](../advanced/tor-overview.md) connecting to the Tor network via a [VPN](../vpn.md) provider, and luckily Qubes makes this easy to do with a combination of ProxyVMs and Whonix.
After [creating a new ProxyVM](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md) which connects to the VPN of your choice, you can chain your Whonix qubes to that ProxyVM **before** they connect to the Tor network, by setting the NetVM of your Whonix **Gateway** (`sys-whonix`) to the newly-created ProxyVM.
Your qubes should be configured in a manner similar to this:
| Qube name | Qube description | NetVM |
| --------------- | ---------------------------------------------------------------------------------------------------------------- | --------------- |
| sys-net | *Your default network qube (pre-installed)* | *n/a* |
| sys-firewall | *Your default firewall qube (pre-installed)* | sys-net |
| ==sys-proxyvm== | The VPN ProxyVM you [created](https://github.com/Qubes-Community/Contents/blob/master/docs/configuration/vpn.md) | sys-firewall |
| sys-whonix | Your Whonix Gateway VM | ==sys-proxyvm== |
| anon-whonix | Your Whonix Workstation VM | sys-whonix |
## 其它资源
关于其他信息,我们鼓励你查阅位于 [Qubes OS网站上的大量Qubes OS文档页面](https://www.qubes-os.org/doc/)。 离线拷贝可以从Qubes OS [文档库中下载](https://github.com/QubesOS/qubes-doc)。
- [Arguably the world's most secure operating system](https://www.opentech.fund/news/qubes-os-arguably-the-worlds-most-secure-operating-system-motherboard/) (Open Technology Fund)
- [Software compartmentalization vs. physical separation](https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf) (J. Rutkowska)
- [Partitioning my digital life into security domains](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html) (J. Rutkowska)
- [Related Articles](https://www.qubes-os.org/news/categories/#articles) (Qubes OS)
View Git Blame Copy Permalink