[email protected]: > On Wednesday, June 28, 2017 at 10:07:04 AM UTC-4, qubenix wrote: >> qubenix: >>> [email protected]: >>>> I want to copy network connection profiles from sys-net to >>>> sys-net-profiles as my computer shuts down. >>>> >>>> I'm creating a bash script in dom0 to help with this. >>>> >>>> I could use >>>> >>>> qvm-run -ap sys-net "sudo qvm-copy-to-vm sys-net-profiles >>>> /etc/NetworkManager/system-connections/*" >>>> >>>> ...but that will spawn a dom0 confirmation dialogue that I'd rather avoid >>>> (after all, dom0 is initiating the copy). >>>> >>>> I could "allow" qubes.Filecopy from sys-net -> sys-net-profiles, but I >>>> don't want to trust sys-net to initiate this copy on its own. >>>> >>>> Is there any way to directly copy files from one VM to another, executed >>>> directly from dom0? >>>> >>> >>> Not sure if it's the best solution, but this should work for avoiding >>> prompt (briefly tested): >>> >>> for i in $(qvm-run -a -p -u root sys-net "ls >>> /etc/NetworkManager/system-connections/"); do qvm-run -a -p -u root "cat >>> /etc/NetworkManager/system-connections/$i" > $i; qvm-move-to-vm >>> sys-net-profiles $i; done >>> >> >> Oops small typo (forgot to name "sys-net" one time). Fixed: >> >> for i in $(qvm-run -a -p -u root sys-net "ls >> /etc/NetworkManager/system-connections/"); do qvm-run -a -p -u root >> sys-net "cat /etc/NetworkManager/system-connections/$i" > $i; >> qvm-move-to-vm sys-net-profiles $i; done >> >> -- >> qubenix >> GPG: B536812904D455B491DCDCDD04BE1E61A3C2E500 > > How much of a risk do you think this is, passing the file contents through > dom0 via qvm-run -ap? >
Yeah, this is moderately secure IMHO. You are copying everything from /etc/NetworkManager/system-connections dir to dom0 before being moved to destination vm without check. So theoretically something malicious could be placed there. However, I don't see how it would be executed in dom0 (should the file be malicious). I took no consideration for security, only to solve the problem of prompt. -- qubenix GPG: B536812904D455B491DCDCDD04BE1E61A3C2E500 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5eef3931-4ff7-3f87-22f0-450353c8b47f%40riseup.net. For more options, visit https://groups.google.com/d/optout.
