How do I create a read-only VM?

[LooneyTunes]

Hi,

I want to install a VM I can use for reading sketchy emails and what not, that will not collect any malware or things like that.

How would I go about doing that in PVE please?

 

[bbgeek17]

Thats not under hypevisor control. Find yourself an OS distribution that boots from ISO and/or is disposable. Perhaps a template clone for each start.

Dont run things as administrator or root. Implement OS/app level policies. Most importantly - dont click links in sketchy emails.
Generally there are no OS's that can run in a completely ReadOnly mode. Things have to be processed and written, if not to disk - to memory. If you catch a malware that manages to execute and scan/deploy on your network, it doesnt matter that you didnt explicitly "save" it.

PS put your VM in DMZ VLAN thats isolated from the rest of the stuff.

---

Blockbridge: Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox

 

[LooneyTunes]

Thats not under hypevisor control. Find yourself an OS distribution that boots from ISO and/or is disposable. Perhaps a template clone for each start.

Dont run things as administrator or root. Implement OS/app level policies. Most importantly - dont click links in sketchy emails.
Generally there are no OS's that can run in a completely ReadOnly mode. Things have to be processed and written, if not to disk - to memory. If you catch a malware that manages to execute and scan/deploy on your network, it doesnt matter that you didnt explicitly "save" it.

PS put your VM in DMZ VLAN thats isolated from the rest of the stuff.

---

Blockbridge: Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox

Thanks, yes first step is to isolate a network soley for this. No access to anything but minimal access to the mailserver. I get the part with Live ISO, but how do I incorporate that with a VM? I suppose it has to have some cache or similar...