hi.
i have following setup:
* an external drive holds some truecrypt containers.
* i attach this drive to sys-usb
* i attach the block device to a data vm. this vm decrypts the
container, but never uses any of it.
* i use the data per open in vm or copying it to an appvm that needs
it.
this has the following implications:
* sys-usb: can't read the data, but could only destroy it (i can't do
anything about this)
* data-vm: knows the secret and can access any files. it is trusted,
since only decrypts and passes the data to other vms.
* appvm: it only gets the data it is given the right to access (it can
modify data if open in vm is used)
this works well except for some cases:
a) i want to use a big file in some vm, but don't want the vm to change
it. -> i have to use copy to vm, which takes time
b) i want to use a folder in some vm and change the data (e.g. a set of
files i have to modify at the same time (latex etc.)) . -> i need to
copy the data to the appvm, edit it, copy it back and copy it onto the
encrypted device
c) i want to use multiple files, but don't change them (e.g. i want to
hear music, so i have to copy the folder of audio files to a vm)
to solve this some mechanism of "lending" a file/folder would be nice
(with the option to make the files read only).
this would stop unnecessary coping and increase the usability of such a
setup.
1) is there already such a feature? (or is something like this
planned?)
2) if not: would you consider implementing such a feature?
a possible way of implementing it would be to dynamically create some
virtual block device (containing one or multiple files or folders,
possibly read only), expose them to dom0 and use the current qubes
manager to attach them to a vm.
all of this wrapped in a convenient script used in the data-vm.
3) is my idea for implementation already possible using some existing
linux tools?
-john
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-devel/46d9a3a2c029bfb9c2809a627e44b082%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.
