Security Implications of Uluancher in Qubes Dom0

Well, I’ve finally got the hardware that can support Qubes, and making the leap into Qubes. But, damn, so much friction using Qubes… looking to streamline things…

My workflow relied heavily on Ulauncher.

So far it looks like the only way to get close to Ulauncher functionality I had before I have to install in Dom0 (unless there is a way to sandbox across multi domains and share the same config).

What does this mean for security? If Ulauncher is compromised, I get that the whole system is compromised if in Dom0.

But… what about the Ulauncher extensions? Are they sandboxed, or do they have system access to files?

Any other ways to get Ulauncher quick launch functionality, without creating a security hole?

dom0 already has a built-in launcher application. You can customize desktop panels with application launchers that can be scripted in the properties dialog. I set up numerous custom icons along the top and bottom of my desktop. Each of them can start up of a half dozen VMs with a single click… configured to connect via Tor and/or VPN with a specific appVM that opens with my program of choice. No need to manually start each qube and app.

Just create a panel on the desktop and right click to add a new launcher (xfce) or in KDE go to the application menu, right click an app and add it to your panel. Then right click the panel icon to set the properties. Link VMs together via their NetVM property in Qubes Manager or dom0 terminal.

1 Like

You really should run as few things as possible in dom0 and verify the source code for all of them. People who like nice UI for opening apps on Qubes OS recommend KDE. I personally just hit Alt+F3 and write a few letters of a program I want to run, without any menus. Also, there is a new experimental launch menu.

You should not rely on intra-VM sandboxing, it would break all security built into Qubes OS.

You may want to look at this: You can allow one qube to manage other qubes, e.g. launch applications in them.


Any Qubes newbies that stumble on this post, KDE Krunner works on top of Qubes. And so far, is a far better user experience than Ulauncher was. As a newbie, moving to KDE resolved a good many frictions/frustrations I was having trying to make XFCE work for my workflow.