I’m still pretty new to qubes-os, but really like the idea and concept. To add even more security to the VMs, I would like to block all internet traffic and allow only dedicated, trusted addresses for some vms.
The idea is to build a new VM like the sys-firewall, called sys-secure-dns and install there dnsmask and unbound. This solution allows me, in contrast to the firewall, block domain entries which can point to several IPS. I know that the direct access to sites by using their IPs is not restricted by DNS blocking.
The sys-secure-dns would be downstream in the chain:
user vm 1
user vm2 – sys-secure-dns – sys-firewall → Internet
user vm3 /
other user vm – sys-firewall → Internet
My intention was to build a standaloneVM based on the debian10 Template VM and install there unbound and dnsmask because this two applications are not intended to be used on other VMs.
I built the standalone VM with the Qube Manager, the VM is up and running. But as soon as I start the shell, I can read an error in the shell:
ERROR: ld.so: object '/usr/local/lib/AppProtection/libAppProtection.so from /etc/ld.so.preload (cannot open shared object file): ignored.
What did I wrong when setting up the standalone VM? Where to correct the error? I already rebuilt it once with the same result.
Reading through the documentary was only confirming myself, that I built the VM as intended but brought no solution.