How to use disposable VMs in GNOME Boxes (like Qubes, Windows Sandbox)

Sometimes you need a virtual machine (VM) that remembers all your settings and files. Other times, you need the opposite — a disposable VM (DVM) that is either deleted or reset when you close it. This article focuses on the latter use case in GNOME Boxes.

DVMs are isolated sandboxes for testing, experimentation, and risqué computing. They’re useful for trying out new software, opening files from unknown/untrusted sources (such as email attachments), or just playing around to expand your knowledge of how things work (and break).

DVMs are one of the selling points of the Qubes OS Linux distribution — the distro that runs most apps and components in their own VMs. Each VM is run like a separate operating system environment built from configurable template VMs. You need to maintain and periodically update your templates just like your host system.

Qubes OS is a good choice if your need for a reasonably secure operating system outweighs your need for speed and convenience. However, it requires motivation, patience, and practice to overcome Qubes OS’ mental and maintenance overhead.

Windows Professional also introduced a similar feature called Windows Sandbox in 2018. Windows Sandbox launches a disposable and lightweight virtual machine in seconds. The VM is built on the fly using the host operating system as the template. You don’t need to update or maintain it separately from the host system. Ars Technica has a great write-up on Windows Sandbox.

As discussed in my GNOME Boxes review, the app has few configuration options. It’s designed to install and run simple VMs without any fuss. That’s a limitation of the app and not the underlying virtualization technology. However, you’ll need to introduce some fuss in your workflow to set up a DVM.

You can find Linux tools that can “magically” compose a guest VM from your current host system; akin to how Windows Sandbox works. This is a highly complex solution, and you should be reading a book on VM management and not just an article to succeed with this approach. Instead, you need to follow the Quebes model with VM templates that you need to periodically update.

How to create a disposable VM in Boxes

Begin by creating a new VM in Boxes. This VM will be your template VM from which you create your disposable VMs. Install your desired operating system, and set it up with a minimal user account.

Optionally, configure it and install necessary software such as spice-guest to facilitate clipboard sharing. Enable passwordless logins and other convenience features you want in the VM.

Shut down the VM and rename it in GNOME Boxes to something like “Ubuntu Linux Template”; and include today’s date in the name. I’ll get back to why this is important later in the article.

Clone the VM by right-clicking on it and choosing it from the context menu. Note that this will consume roughly the same disk space as the template VM. Don’t attempt to save on storage space by reusing the same disk image as a “backing store” for multiple VMs or do anything too clever. GNOME Boxes will delete all disks associated with a VM when you delete it from Boxes, so you risk breaking multiple VMs. Rename the cloned VM something like “Disposable Ubuntu”; and maybe include today’s date.

Right-click on the cloned VM, choose Properties, and click the Edit XML (or Edit Configuration) button. Scroll down to the <devices> section and look for <disk type="file" device="disk">. There should only be one such disk. Add <transient/> inside the <disk> section, and Save the changes. Your changes may appear to have disappeared after you save them due to Boxes bugs #737 and #752. Restart Boxes to confirm that it got applied.

That’s it, really. Every time you shut down the disposable (“transient”) VM, it will reset. Note that it doesn’t reset if you reboot it from inside the VM. So, you can still test applying updates and processes that require you to reboot the system.

You should periodically delete the disposable VM, update the template VM, and make a new transient clone. Including today’s date in the name of the VMs can help you remember to do it. At least, you’ll know how out-of-date the VM is.

You can save storage space by using snapshots instead of VM clones. The process is similar but requires you to create snapshots before you make the VM transient, so you can restore to a pre-transient state to perform updates. In the long run, creating many snapshots will consume more total storage space than using a template VM and cloned disposable VM. You also lose the ability to run multiple instances by making multiple clones of the disposable VM.

I also recommend using a separate template and disposable VM because it’s a simpler workflow. It’s an easier mental model with fewer things to keep track of. It should help prevent making mistakes while the VM is in the wrong state (although the liberal use of snapshots makes it easier to revert). Bugs in Boxes, like #752, also make it easier to work with a separate template and cloned VM.

Frankly, the user experience won’t anywhere near as good as the one Windows Sandbox provides. Mac could replicate it, but it’s a more difficult challenge with an environment as diverse as Linux. The move towards immutable operating systems and sandboxed applications, e.g. Fedora Silverblue and Flatpak, might negate the need for disposable VMs over time.

The best improvement we could hope in Boxes is a toggle option for switching a VM between transient and persistent state. It still wouldn’t get you all the way, but at least you wouldn’t have a workflow that involves periodically digging around in XML configuration files.