On 05/22/2018 08:02 AM, Sven Semmler wrote: > On 05/02/2018 09:22 AM, Ivan Mitev wrote: >> I'm trying to implement "semi-persistent" dispVMs (in 4.0) that could >> be used for more than one time, until the service call ends (eg. the >> browser is closed by the user). > > I understand what you are looking for and would like something like that > too. Unfortunately I lack the knowledge/skill to contribute this myself > but let me at least share the idea: > > You know the dialog that pops up in Qubes 4 now when one calls qvm-copy > or qvm-move to select the target VM?
yes - you get that dialog when the qubes policy [1] for a given rpc service is set to ask. > It would be great if qvm-open-in-vm would show a simliar dialog if no > target VM was specified. In that dialog one could choose an app VM, an > existing DispVM instance or create a new DispVM. change the following policies in dom0: /etc/qubes-rpc/policy/qubes.OpenInVM /etc/qubes-rpc/policy/qubes.OpenURL for instance '$anyvm $dispvm allow' -> '$anyvm $dispvm ask' (or 'work $dispvm ask' if you want to have the popup dialog displayed only for the 'work' VM). if you use tor you may want to change the whonix* stuff - I'm not familiar with how those VMs interact with each other. > I copy and paste plenty of URLs everyday. My default DispVM connects to > TOR ... but there are other URLs in my email that link either to a > specific Jira issues (open in dev VM) or a link that identifies me in > some way (makes no sense to open that over a TOR connection - is > actually harmful). Still most links I want to open in the DispVM with > TOR (Whonix) as they are just links to articles, presentations and > nothing in the URL identifies me. I see. FYI there's a xdg mime tweak [2] that you can use to reconfigure how you open URLs *globally* in a VM. That means that clicks, auto-open stuff, ..., can automatically get redirected to 'qvm-open-in-vm' ; The problem is that apps could leak info without having you notice (actually you'll see the url open in the dest VM but even if you stop it early you may have leaked info through the url). But combined with the policy tweaks above and you get a pretty powerful user controlled setup without habing to copy/paste between VMs. hope this helps ! [1] https://www.qubes-os.org/doc/rpc-policy/ [2] https://micahflee.com/2016/06/qubes-tip-opening-links-in-your-preferred-appvm/ PS: off-topic for qubes-devel: there's an effort to write some doc on that topic at https://github.com/Qubes-Community/Contents/issues/24 Feel free to drop a comment (or contribute) there... > > /Sven > > -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/80390e62-18fa-1ebb-e0c1-bffcbb707365%40maa.bz. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
