AppVMs

AppVMs are a type of virtual machine used in Qubes OS to run individual applications in isolated security compartments. An AppVM is created from a Template VM, which provides the base operating system and software; the AppVM receives a writable private storage layer while sharing the template's read-only filesystem. This separation allows applications to run in separate processes and desktops while minimizing the risk that a compromise in one AppVM will affect others or the base system. AppVMs are connected to a NetVM for all external network access; network traffic is controlled by the NetVM's firewall rules.

Administration and lifecycle: Administrators can configure each AppVM with a specific template, memory and CPU quotas,

Isolation and data sharing: Communication between AppVMs is restricted by policy; clipboard and file transfer between

Limitations and considerations: The architecture introduces performance overhead and requires careful security management. Users must be