-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Mon, May 30, 2016 at 09:51:31PM -0400, Chris Laprise wrote:
>
>
> On 05/30/2016 09:05 PM, Brian Santich wrote:
> >
> >
> > On Monday, May 30, 2016 at 8:35:25 PM UTC-4, Chris Laprise wrote:
> >
> >
> >
> > On 05/30/2016 06:46 PM, [email protected] wrote:
> > > Hello,
> > >
> > > I am trying to mount several encrypted (LUKS) internal HDDs into
> > one of several AppVMs. Currently, I can attach the drive via the
> > manager, followed by mounting it via password/mount commands but I
> > was hoping to automate the process more. Is there a way I have
> > auto-mounting in dom0 simplify the process for me? For example, if
> > I add a crypttab/fstab entry, can I have attach the unencrypted
> > drive in my AppVM, instead of the encrypted device?
> > >
> > > Having to decrypt and mount each drive each time in each AppVM
> > is somewhat laborious and I was hoping there would be a more
> > straightforward approach.
> > >
> > > Thanks
> > >
> > > Brian
> > >
> >
> > I would search for examples of adding external drives to crypttab and
> > fstab, then set it up for that particular vm using
> > /rw/config/rc.local.
> >
> > Chris
> >
> >
> > Hi Chris,
> >
> > How do I give this VM access to the drive in question, before it starts
> > up (and runs the custom script)? If I write a normal script to
> > mount/decrypt the it doesnt work, in part, because it doesnt have access
> > to the disk yet, which I can attach only after it has started up.
> >
> > Brian
> >
>
> You could add a udev rule to dom0 that executes a 'qvm-block -a' command to
> attach the drive to the vm. Actually, this rule could do all the work: After
> qvm-block, use qvm-run to send the cryptsetup and mount commands to the vm.
> Probably you don't need crypttab.
FWIW I have a script in dom0, which detect connected USB stick and
attach it automatically to selected VM. Then, wait for a signal to
detach it.
Here is the script:
- -----
while qubesdb-watch -d sys-usb /qubes-block-devices/sda/desc; do
qvm-block -a testbuilder sys-usb:sda
sleep 0.2
qvm-run -p testbuilder 'echo $$ > /tmp/usb-eject; kill -STOP $$'
qvm-block -d sys-usb:sda
notify-send -t 10 done
done
- -----
It attach "sda" from sys-usb to testbuilder VM. Then testbuilder VM can
request detach with:
kill -CONT `cat /tmp/usb-eject`
In practice I use this to conveniently write installation ISO for
testing and have a script with build the ISO, write it there then
request USB detach.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXTVEVAAoJENuP0xzK19csEIsH/1g8tduN2cLM5Mti2Q4g4Y6T
9q2L1UUgJWNypj51JHP/AJaYDGHHDX8BpnNSM6wWSiq9BS2elAo4SszSukdnZWql
tpwv26jkk9etws9WwtpgFoRAK0RKkUHasfp8yCqFZVERe7TY65HVtwRtrkxlMZ0z
h9Iy+4+qOWR11g55E5KTsAVl/WNAPaCM/wKAZ++4j1rxug9CEgQ97lhFBPraHVRE
swJ7p0llvwnUOcLjafWyyG5C0gdXKAHlMKcTzyHK5xycKt5ZBuK1BRSxp4nLy/+a
QvSV6o3lMnPpx3Kf0FpDnh6U9hBb8FVM0Mbt8hO0KkrBDv0mfyZ7uexxBSMTTWo=
=2tle
-----END PGP SIGNATURE-----
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/20160531085342.GQ1593%40mail-itl.
For more options, visit https://groups.google.com/d/optout.
