{{Title|title=
Qubes Disposables
}}
{{Header}}
{{#seo:
|description=How to use Disposables in {{q_project_name_long}}.
|image=Qubesdisposable123123123.png
}}
[[image:Qubesdisposable123123123.png|190px|thumb]]
{{intro|
How to use Disposables in {{q_project_name_short}}.
}}
{{mbox
| image = [[File:Ambox_warning_pn.svg.png|40px]]
| text =
A [[#Warnings|few usability issues]] in Disposables affect anonymity. If the risks are unknown to the user, then first carefully read this page.
}}
= What are Disposables? =
In the Qubes Template model, [[https://www.qubes-os.org/doc/getting-started/ App Qubes and Templates].] any changes made to a [https://github.com/QubesOS/qubes-issues/issues/2489 root filesystem of an App Qube] are lost upon reboot. This is advantageous for several reasons: it saves time and disk space, and allows faster, centralized updates for applications that are usually found inside the root filesystem. However, certain directories are designed to persist between reboots in order to store files and settings. These directories are stored in /rw, including /home/user and /usr/local as well as additional directories defined by "bind directory" settings. [[https://www.qubes-os.org/doc/bind-dirs/ How to make any file persistent (bind-dirs)].]
Qubes does not have a built-in snapshot capability like VirtualBox that can completely revert all changes back to a previous VM state. [
Apart from [https://www.qubes-os.org/doc/volume-backup-revert/ Volume backup and revert using ]qvm-volume] which is {{Cli}} and "intended for advanced users".
[
[https://forums.whonix.org/t/qubes-vm-snapshots-using-git-svn Qubes VM snapshots using git / SVN].
] In other words, no method exists within App Qubes to reverse changes made to the persistent file system without implementing some type of custom solution. To ensure that ''all'' filesystem changes are discarded after a session, Qubes offers Disposables. When a Disposable is shutdown, the VM is removed from Qubes and all related VM images are deleted from the host filesystem. This method is [[#Warnings|not yet amnesic]] and should not be relied upon for anti-forensics!
While Disposables ensure that files do not persist without user intervention, the downside is the user can no longer decide whether or not the current VM state should be kept or destroyed; users must choose beforehand to use a standard App Qube or a Disposable.
{{Qubes_persistence}}
== The Layered Disposable System ==
Qubes uses a two-layered approach to Disposables. At the core of the system is a [https://www.qubes-os.org/doc/glossary/#template ''Template''] upon which a ''[https://www.qubes-os.org/doc/glossary/#disposable-template Disposable Template]'' is based. Every time a new Disposable is launched it is based on the ''Disposable Template'' - hence, two layers. In a standard [[Qubes|{{q_project_name_short}}]] installation:
* The {{project_name_workstation_long}} default Template is {{project_name_workstation_template}}.
* The {{project_name_workstation_short}} default Disposable Template is called {{whonix-ws-dvm}}.
* Each {{project_name_workstation_short}} default Disposable (disp1, disp2, ...) is based on {{whonix-ws-dvm}}.
Once a Disposable Template is created, its /home/user/ directory can be customized [https://www.qubes-os.org/doc/disposable-customization/] independently of the Template. In this special case, the Disposable Template will continue to inherit changes from the base Template's root filesystem (like package updates), but user files in /home/user/ will persist independently.
It is possible to have multiple Disposable Templates and Disposables at the same time. Any App Qube can be enabled for use as a template for Disposables, by setting its [https://www.qubes-os.org/doc/disposable-customization/ template_for_dispvms] property.
In Qubes R4, [[Qubes|{{q_project_name_short}}]] {{VersionShort}}'s default Disposable Template ({{whonix-ws-dvm}}) can be easily created [[#Setup|using salt]] and will have this property set.
== Disposable Traffic Stream Isolation ==
Disposables work especially well with {{project_name_gateway_long}}. [Because each VM is assigned a unique, internal IP address.] All Disposable traffic is [[Stream_Isolation|stream-isolated]] from the traffic of other VMs running in parallel.
= Warnings =
'''Table:''' ''Disposable Warnings''
{| class="wikitable"
|-
! scope="col"| '''Category'''
! scope="col"| '''Warning'''
|-
! scope="row"| Amnesic Capability
|
* All changes to a Qubes Disposable's file system are discarded upon shutdown. However, Disposables are similar to snapshots insofar as they can leave traces of their activity on storage and in memory. These traces may be later recoverable through data forensics.
** This is Qubes issue. The feature requests exist since year 2013. The issue is [[unspecific|unspecific to {{project_name_short}}]].
** See footnote for a list of references and open, unresolved (and mostly stalled) Qubes development tickets. [
Qubes user documentation confirming the non-existence of an anti-forensics feature: [https://www.qubes-os.org/doc/how-to-use-disposables/#disposables-and-local-forensics Qubes Disposables and Local Forensics]
Tickets related to a selective (for Disposables) Anti-Forensics Feature:
* [https://github.com/QubesOS/qubes-issues/issues/904 Disposables: support for in-RAM execution only (for anti-forensics) #904 - GitHub Issue]
* [https://github.com/QubesOS/qubes-issues/issues/1819 Forensics-proof DisposableVMs #1819 (closed duplicate)]
* [https://github.com/QubesOS/qubes-issues/issues/3037 4.0rc1 dirty shutdown causes disposables to remain persistent #3037 - GitHub Issue]
* [https://github.com/QubesOS/qubes-issues/issues/8569 Opt-out logs cleanup on qube removal #8569]
Ticket related to booting into [[Live Mode]]:
* [https://github.com/QubesOS/qubes-issues/issues/4982 implement live boot by porting grub-live to Qubes - amnesia / non-persistent boot / anti-forensics]
Common issues:
* [https://github.com/QubesOS/qubes-issues/issues/1563 Wipe Video RAM on Shutdown #1563]
* [https://github.com/QubesOS/qubes-issues/issues/1562 Wipe RAM of VMs synchronously when shut down and killed #1562]
Information on Qubes Disposable technical implementation:
* [https://www.qubes-os.org/doc/disposablevm-customization/ Disposable customization | Qubes OS]
* [https://www.qubes-os.org/doc/disposablevm-implementation/ Disposable implementation | Qubes OS]
* [https://groups.google.com/g/qubes-devel/c/QwL5PjqPs-4 Disposables do not run entirely in RAM - Google Groups]
* Ticket explaining, that [https://github.com/QubesOS/qubes-issues/issues/2024 Tails in a Qubes VM would not make Qubes amnesic].
Live ISO:
* [https://github.com/QubesOS/qubes-issues/issues/1018 Live USB/DVD #1018]
* [https://github.com/QubesOS/qubes-issues/issues/1965 enable installation of Qubes from live USB/CD/DVD #1965]
* [https://github.com/QubesOS/qubes-issues/issues/1970 document (for developers) how to create Qubes Live USB #1970]
]
** At time of writing, there is no shortcut, substitute or workaround available that users can easily use to get Qubes Anti-Forensics capabilities. This is elaborated in developers chapter [[Dev/Technical_Introduction#Forensics|Forensic Considerations and Anti-forensics Claims]].
* This is further justification for using [[Full_Disk_Encryption|full disk encryption]] on the Qubes host and completely shutting down the system when it is not in use. Laptop users may wish to remove batteries to ensure that power to the RAM is definitely disconnected.
|-
! scope="row"| Ephemeral {{project_name_gateway_short}} ProxyVMs
| Using Disposables for both the {{project_name_short}} Gateway and Workstation in Qubes does not increase security without any corresponding privacy downside, for the following reasons: [[[#Warnings|Disposables are not Amnesic]].] [https://github.com/QubesOS/qubes-issues/issues/904] [[[Tor_Entry_Guards|Tor Entry Guards]].]
* Disposables are not amnesic. In practice this means traces of their activity can be left on storage or in memory, making them vulnerable to forensic operations. [This is another reminder of why full disk encryption should always be used on the host.]
* Using a Disposable for the {{project_name_gateway_short}} results in [[Tor_Entry_Guards#Configure_Non-Persistent_Entry_Guards|non-persistent entry guards]] to the Tor network; behavior unlike the default configurations for {{project_name_short}}, Tor, and the Tor Browser Bundle. Mathematically speaking, end-to-end correlation attacks are ''more'' likely to succeed when a user chooses many random entry and exit points in the Tor network, rather than semi-permanent entry guards which are only rotated every few months. [https://gitlab.torproject.org/legacy/trac/-/issues/8240] [The reason is there are both malicious and benign guards in the Tor network. The more often the user "rolls the dice" (changes guards), the greater the chance of striking out.]
* See additional footnote. [The solution to the first problem is only allowing [https://github.com/QubesOS/qubes-issues/issues/904 in-RAM execution of Disposables], but this is not planned for implementation in the short-term. There is no perfect solution to the second problem. That said, there is an actual unstated security-privacy trade-off by running this configuration. Theoretically, an ephemeral {{project_name_gateway_short}} ProxyVM is only able to be infected for a single session (via the ''/home'', ''/usr/local'' and ''/rw'' directories), since it is discarded upon shutdown. This provides a counterbalance to the increased threat of malicious guards, as [https://gitlab.tails.boum.org/tails/blueprints/-/wikis/persistent_Tor_state/ {{project_name_short}} becomes more "Tails-like"].]
|-
! scope="row"| Spawning Disposables
|
* Word definition. What does Spawning Disposables mean? For example using qvm-open-in-dvm or right click context menu in certain file manages for which Qubes provides integration.
* If a Disposable is spawned from within a VM that is not connected to {{project_name_gateway_short}}, the new Disposable may route its traffic over clearnet. [
Disposables are created in one of two ways:
]Open in Disposable. On the command line (domU), run.
{{CodeSelect|code=
qvm-open-in-dvm
}}
Edit/View in Disposable. From the GUI context-menu (domU).
File → Actions → Edit/View in Disposable
* The reason is because Disposables inherit their NetVMs from the calling VM, or the calling VM's dispvm_netvm setting (if different). The dispvm_netvm setting can be configured per VM via: dom0 → Qube Manager → VM Settings → Advanced → NetVM for Disposable [On the command line (dom0), run. {{CodeSelect|code=qvm-prefs -s vmname dispvm_netvm {{project_name_gateway_vm}}}}
]
* If the calling VM is connected to {{project_name_gateway_short}}, this step is not necessary and the Disposable's traffic will be routed over Tor. See: [https://github.com/QubesOS/qubes-issues/issues/1954 {{project_name_short}} default NetVM settings fixes].
|-
! scope="row"| Named Disposables: Manual Shutdown
| Unlike Disposables spawned from the {{project_name_short}} default Disposable Template, [
See [[#User_Tips|Disposable Shutdown]] for more on this.
] named Disposables do not automatically shutdown when the first user process is terminated. If a fresh Named Disposable is needed, users must first shutdown the named Disposable and start a new Disposable instance. [
This is because named Disposables are created using a similar method to that which is used to create App Qubes. This means that named Disposables -- in some respects -- exhibit behavior similar to that of an App Qube. For example, behavior such as persistent VM settings across restarts; this includes, but is not limited to settings like --netvm, --autostart and --label to name a few. Before starting a new named Disposable instance, first verify in Qube Manager that the VM is fully shutdown.
] Failure to do so could lead to session data from previous activities persisting until the Disposable is properly shutdown.
|-
! scope="row"| Tor Browser in a Disposable Template
| Do not start Tor Browser in a Disposable Template! For reasons why, see: [[Tor_Browser/Advanced_Users#Running_Tor_Browser_in_Qubes_Template|Running Tor Browser in Qubes Template]]. Only start Tor Browser in App Qubes or Disposables, see: [[Qubes/Disposables#Start_Tor_Browser_in_a_Disposable|Start Tor Browser in a Disposable]].
|-
! scope="row"| Tor Browser Updater in a Disposable Template
| Do not start Tor Browser Updater in a Disposable Template! For reasons why, see: [[Tor_Browser/Advanced_Users#tb-updater_in_Qubes_Disposable_Template|tb-updater in Qubes Disposable Template]]. Instead, run [[#Keep Tor Browser Up-to-date|Tor Browser Downloader]] by {{project_name_short}} developers in {{project_name_workstation_short}} Template ({{project_name_workstation_template}}).
|-
! scope="row"| Tor Browser Version
|
* When using Disposables, use the [[Tor_Browser#Tor_Browser_Internal_Updater|Tor Browser Internal Updater]] daily to check the browser is up-to-date!
* To learn about recent Tor Browser versions, follow [https://blog.torproject.org The Tor Project blog]. Tor Browser's version number can also be checked manually: Tor Browser → Menu → Help → About Tor Browser. See [[#Keep Tor Browser Up-to-date|Keep Tor Browser Up-to-date]].
|-
! scope="row"| Verify Disposable Status
|
* Use caution when spawning a Disposable for the first time when it is based on a freshly created Disposable Template. This [https://github.com/QubesOS/qubes-issues/issues/3574 Qubes bug] can lead to the Disposable Template starting instead of the Disposable. [https://forums.whonix.org/t/whonix-14-starting-a-whonix-14-dispvm-actually-starts-the-templatebasedvm-instead/5579] [After creation of a new Disposable Template, all VMs spawned from the Disposable Template should be Disposables by design. This includes the first start and all subsequent starts thereafter. While this is expected behavior, it is safest to confirm the Disposable was correctly spawned on each occasion it is used.] There could be serious consequences if an application like Tor Browser was started in a Disposable Template and used extensively for web browsing. Compromise of the Disposable Template would mean all Disposables spawned from it would be similarly compromised; see [[Tor_Browser/Advanced_Users#Running_Tor_Browser_in_Qubes_Template|Running Tor Browser in Qubes Template]].
* To check the freshly started VM is a Disposable, verify it is named [disp xxxx] where xxxx is the number assigned to that Disposable. If the Disposable Template was started instead, then it should be shut down immediately. If the Disposable Template is ever inadvertently used for a dangerous activity like web browsing, then delete it and create a new one. This issue might be fixed in Qubes R4.2. This issue is likely not fixed in Qubes R4.1. Once Qubes-Whonix 16 for Qubes R4.1 has been deprecated, this warning can be removed.
|-
! scope="row"| {{project_name_gateway_short}} Linkability
| The Tor Project developer Teor has stated that [[Tor]] caches {{Code|DNS, HS descriptors, pre-emptive circuits, etc.}} [https://lists.torproject.org/pipermail/tor-dev/2016-October/011591.html] which may lead to linkage between App Qubes and Disposables sharing the same {{project_name_gateway_short}}. The extent to which this is a threat for {{project_name_short}} users has now been documented; see [[Multiple Whonix-Workstation|Multiple {{project_name_workstation_short}}]].
|-
|}
= Setup =
Note: Examples below reference GUI steps whenever possible.
== Create a {{project_name_short}} Default Disposable Template based on {{project_name_workstation_short}} ==
'''1.''' [[Qubes/Update|Update]] [[Qubes|{{q_project_name_short}}]].
'''2.''' Open a dom0 terminal: Qubes App Launcher (blue/grey "Q") → System Tools → Xfce Terminal
'''3.''' Create {{whonix-ws-dvm}} Disposable Template.
{{CodeSelect|code=
sudo qubesctl state.sls qvm.whonix-ws-dvm
}}
'''4.''' Done.
[[Qubes|{{q_project_name_short}}]] Dispoables are now ready for use.
== Create a Named {{project_name_short}} Disposable based on {{project_name_workstation_short}} ==
{{mbox
| type = notice
| image = [[File:Ambox_notice.png|40px|alt=Info]]
| text = Optional.
Nearly all users can skip steps 1 and 2 below. A specific use case for Disposable naming conventions has not (yet) been identified.
}}
A named Disposable is a
Disposable with a fixed name.
A named Disposable is not a Disposable Template.
Therefore when selecting a name for a named Disposable, do ''not'' include -dvm when naming Disposables! This is because dvm has a different meaning. The meaning of dvm is Disposable Template. A named Disposable with dvm in it's name would be a contradiction.
Tor Browser will not be inherited from {{project_name_workstation_short}} Template ({{project_name_workstation_template}}) if this advice is ignored.
Before creating named Disposables, familiarize yourself with their behavior and read all relevant [[Qubes/Disposables#Warnings|warnings]]. Failure to do so could lead to unwanted behavior which occurs without the user's knowledge.
{{Box|text=
'''1.''' Create a Disposable called {{project_name_workstation_vm}}-disp based on the {{whonix-ws-dvm}} Template.
In dom0 run.
{{CodeSelect|code=
qvm-create -C DispVM -l red --template {{whonix-ws-dvm}} {{project_name_workstation_vm}}-disp
}}
'''2.''' Launch Xfce Terminal in the Disposable.
{{CodeSelect|code=
qvm-run -a {{project_name_workstation_vm}}-disp xfce4-terminal
}}
}}
TODO - Investigate use cases for this procedure:
* A named Disposable might be useful for a larger root/private image.
* It might also be useful for activities such as building Templates in a Disposable.
== Customization ==
=== Disposable Templates ===
Extra caution must be exercised when customizing a Disposable Template. [Qubes documentation: [https://www.qubes-os.org/doc/disposable-customization/ Disposable Customization].] From a privacy perspective, it is ideal to have a Disposable Template that is indistinguishable from any other {{project_name_workstation_short}}. If changes are made to the Disposable Template, these may link all of the Disposables via a uniquely generated fingerprint should they be compromised independently. Risky changes include, but are not limited to:
* Installation of obscure programs;
* Uncommon configuration settings; or
* The placement of unique data files.
Always keep in mind the Disposable will likely be exposed to the greatest Internet threats.
Tor Browser is specifically designed to prevent website fingerprinting or identification based on the user's browser [[Fingerprint|fingerprint]]. It is safest to run Tor Browser in its stock configuration so the fingerprint is [[Data_Collection_Techniques#Fingerprinting_and_Anonymity|less unique]], due to commonality with the larger Tor Browser user pool. Each individual browser change can significantly worsen the fingerprint because of the associated entropy, [33 bits of entropy will identify one individual out of several billion.] so only make alterations if the impacts are known. See also: [[Tor_Browser/Advanced_Users#tb-updater_in_Qubes_Disposable_Template|tb-updater in Qubes Disposable Template]].
A decision must be made in advance whether to disable JavaScript by default. There is a [[Tor_Browser#Security_vs_Usability_Trade-off|usability-security trade-off]] to consider: fingerprinting and usability is worsened by disabled JavaScript, but this provides better protection against vulnerabilities. Conversely, enabled JavaScript improves usability and increases the risk of exploitation, but the browser fingerprint is (likely) more common.
=== Tor Browser in Disposable Template ===
For most users, Tor Browser customizations in the Disposable Template or Template are discouraged. Advanced users who wish to customize the Disposable Template despite the risks should follow [[Tor_Browser/Advanced_Users#Disposable_Template_Customization|these steps]].
=== Applications other than Torbrowser in Disposable Template ===
{{mbox
| type = notice
| image = [[File:Ambox_notice.png|40px|alt=Info]]
| text = Customization is completely optional. Only files in /home/user (or more generally, in /rw) can be customized in a Disposable Template.
}}
{{Box|text=
'''1.''' Launch the application in the Disposable Template.
Either open dom0 terminal and run.
{{CodeSelect|code=
qvm-run -a {{whonix-ws-dvm}}
}}
Or use Qube Manager:
dom0 → Qube Manager → right-click '{{whonix-ws-dvm}}' → Run command in qube → type name of the
'''2.''' Customize application settings.
Customize the application as per normal procedures.
'''3.''' Exit the application.
If required, save application-specific settings, then exit the application so settings are stored on the disk.
'''4.''' Shutdown the Disposable Template.
Either use a dom0 terminal.
{{CodeSelect|code=
qvm-shutdown {{whonix-ws-dvm}}
}}
Or use Qube Manager:
dom0 → Qube Manager → right-click '{{whonix-ws-dvm}}' → left-click 'Shutdown qube'
The changes will be available when the Disposable is restarted.
}}
== Delete a Disposable Template ==
If a Disposable Template has been customized and it is necessary to revert these changes, a Disposable Template can be deleted the same way as any other VM.
Note the Disposable Template cannot be deleted while it is the default Disposable of another VM, otherwise an error message appears. In that case, follow tips found [https://www.qubes-os.org/doc/disposable-customization/#deleting-disposables here] on how to manually change the default Disposable of VMs to another setting.
dom0 → Qube Manager → right-click '{{whonix-ws-dvm}}' → left-click 'Delete qube'
[Or on the command line (dom0), run. {{CodeSelect|code=qvm-remove }}]
== Keep Tor Browser Up-to-date ==
To obtain the latest Tor Browser, the simplest method is to use {{project_name_short}} built-in Tor Browser downloader functionality. Simply update using [[Tor_Browser#Tor_Browser_Downloader_by_{{project_name_short}}|Tor Browser Downloader by {{project_name_short}} (tb-updater)]] in {{project_name_workstation_short}} Template ({{project_name_workstation_template}}) when performing your usual maintenance [[Qubes/Update|updating]]:
'''1.''' Qubes App Launcher
Qubes App Launcher (blue/grey "Q") → {{project_name_workstation_template}} → Xfce Terminal [
]dom0 → Qube Manager → right-click on '{{project_name_workstation_template}}' → click 'Run command in qube' → type 'xfce4-terminal'
[
On the command line (dom0), run.
{{CodeSelect|code=
qvm-run -a {{project_name_workstation_template}} xfce4-terminal
}}]
'''2.''' Update the package lists.
{{Update}}
{{CodeSelect|code=
sudo apt update
}}
'''3.''' System upgrade.
{{CodeSelect|code=
sudo apt full-upgrade
}}
'''4.''' Tor Browser upgrade.
If Tor Browser has an issue and has not been upgraded, use {{Code2|update-torbrowser}} to download a new copy.
Launch Tor Browser Downloader by {{project_name_short}} and follow the instructions. [
{{CodeSelect|code=
update-torbrowser
}}
]
{{CodeSelect|code=
update-torbrowser --input gui
}}
'''5.''' Shutdown the Disposable Template: [
On the command line (dom0), run.
{{CodeSelect|code=
qvm-shutdown {{whonix-ws-dvm}}
}}
or]
Disposable Template command line (domU), run. {{CodeSelect|code=
sudo poweroff
}}
If running.
dom0 → Qube Manager → right-click on '{{whonix-ws-dvm}}' → click 'Shutdown qube'
'''6.''' Shutdown the Template.
'''7.''' Done.
== Update a Disposable Template ==
Changes to the underlying Template ({{project_name_workstation_template}}) are detected automatically and the Disposable Template is updated without user intervention. That means package updates that are applied to {{project_name_workstation_template}} are also applied to the {{whonix-ws-dvm}}.
= Usage =
Disposables are well-suited for risky and largely independent activities, like web browsing or opening untrusted files. In contrast, App Qubes might be better suited for activities necessitating file persistence, like email clients with local email storage.
With either kind of VM, Qubes' VM integration tools like [https://www.qubes-os.org/doc/how-to-copy-and-move-files/ secure file copy] and [https://www.qubes-os.org/doc/how-to-copy-and-paste-text/ secure clipboard] ensure that clean, trusted files and text can be easily and safely transferred to trusted VMs (if necessary).
== User Tips ==
'''Table:''' ''Disposable User Tips''
{| class="wikitable"
|-
! scope="col"| '''Category'''
! scope="col"| '''Recommendation'''
|-
! scope="row"| Data Storage
|
* In Qubes, it is unrecommended to store any valuable data in an untrusted VM. This perspective is reinforced by the Tor Browser design which similarly does not remember bookmarks or credentials. Best practice is to store sensitive data in an offline vault VM; for instance, when accessing passwords with a password manager.
* @rustybird has announced a new "split-tor-browser" [[https://github.com/rustybird/qubes-app-split-browser Github: Split Browser]] package that can retrieve urls and credentials from a trusted VM for use in a Disposable's browser. This package is yet to be tested or endorsed by {{project_name_short}}, but it looks promising.
|-
! scope="row"| Disposable Shutdown
| A Disposable automatically shuts down when the first user-launched process is terminated. For example, if a new Disposable is created by launching Tor Browser and a user simultaneously starts typing in an editor later on, all this work will be lost after Tor Browser is closed. To avoid this, first launch a terminal in the Disposable and then launch additional applications from the terminal. This way the Disposable is only destroyed after exiting the terminal.
|-
! scope="row"| Offline Disposables
|
* Use utmost caution if deciding to re-establish network connectivity for off-line Disposables! No mechanism is currently available to prevent connections to a clearnet NetVM.
* Non-networked Disposables are useful for opening untrusted files that potentially might try to use the network maliciously. Like all Qubes VMs, the NetVM for a Disposable can be changed dynamically while the VM is still running. Simply set the NetVM to "none" using Qube Manager or the command line interface. [On the command line (dom0), run.{{CodeSelect|code=qvm-prefs disp<1 {{!}} 2 {{!}} ...> netvm none}}]
|-
! scope="row"| Shortcuts
|
* Disposables can be created directly by launching programs from the application menu using shortcuts; [[#Add_a_Desktop_Shortcut|see below for instructions]].
* Disposables can also be spawned by using context-menus or the command line interface in other App Qubes. Refer to the [https://www.qubes-os.org/doc/how-to-use-disposables/ Qubes Disposable documentation] for instructions on different methods.
* Note the [[#Warnings|relevant warning]] concerning shortcuts in this chapter ("Spawning Disposables").
|-
! scope="row"| Spawning Disposables from other App Qubes
|
* There are several ways to spawn Disposables from App Qubes. In fact, in addition to the dom0 terminal and application menu, users can also spawn Disposables from the App Qube terminal emulator or context-menu. [See: [https://www.qubes-os.org/doc/how-to-use-disposables/ Qubes Disposables].] These tools provide a safe and convenient way to open files and email attachments that could contain malicious code. There is also an option to convert potentially dangerous [https://en.wikipedia.org/wiki/PDF PDFs] into trusted PDFs and open it in a Disposable. [See Micahflee's blog on [https://micahflee.com/2016/07/how-qubes-makes-handling-pdfs-way-safer/ How Qubes makes handling pdfs way safer].]
* The most commonly used methods to spawn Disposables from App Qubes are listed below. It is recommended to read the [[#Warnings|"Spawning Disposables" warning]] detailing Disposable network settings before proceeding:
# Context-menu
# Thunar file manager - open file in Disposable: File → Actions → Edit/View in Disposable
# Thunar file manager - open file in Disposable: File → Edit/View in Disposable
# [[Encrypted_Email_with_Thunderbird|Thunderbird]] E-[[E-Mail|mail]] client - open email attachment in Disposable: Email → Attachments → Open in Disposable
# Command line interface - open file in Disposable:{{CodeSelect|code=
qvm-open-in-dvm
}}
|-
|}
== Add a Desktop Shortcut ==
# From the Qubes application menu, drag and drop a menu item onto the desktop.
# Double-click the newly created launcher to start it.
# At first start, it is safe to click "Mark Executable".
== Add an Xfce4 Panel Shortcut ==
From the Qubes application menu, drag and drop the menu item onto the panel.
== Start Tor Browser in a Disposable ==
Tor Browser can be started via the GUI or on the command line.
{{Box|text=
If you are using a GUI.
Qubes App Launcher (blue/grey "Q") → Disposable: {{whonix-ws-dvm}} → Tor Browser (AnonDist)
If you are using a terminal.
{{CodeSelect|code=
qvm-run --dispvm={{whonix-ws-dvm}} torbrowser
}}
}}
After launch, ''always'' first [[#Warnings|check the Tor Browser version]]!
'''Figure:''' ''Tor Browser in {{q_project_name_short}} Disposable''
{{ContentImage|
[[Image:QubesDispVM.png|border]]
}}
== Start Terminal Emulator in a Disposable ==
Terminal emulator xfce4-terminal can be started via the GUI or on the command line.
{{Box|text=
If you are using a GUI, complete the following steps.
Qubes App Launcher (blue/grey "Q") → Disposable: {{whonix-ws-dvm}} → Xfce Terminal
If you are using a terminal, complete the following steps.
{{CodeSelect|code=
qvm-run --dispvm={{whonix-ws-dvm}} xfce4-terminal
}}
}}
= TODO =
* TODO document how to use multiple Disposable Templates - https://forums.whonix.org/t/is-anyone-interested-in-using-multiple-dvm-templates-based-on-whonix-ws-dvm/5757/5
= Footnotes =
{{reflist|close=1}}
{{Footer}}
[[Category:Documentation]]