On Wednesday, June 28, 2017 at 11:53:51 AM UTC-4, qubenix wrote: > wordswithn...@gmail.com: > > On Wednesday, June 28, 2017 at 10:07:04 AM UTC-4, qubenix wrote: > >> qubenix: > >>> wordswithn...@gmail.com: > >>>> I want to copy network connection profiles from sys-net to > >>>> sys-net-profiles as my computer shuts down. > >>>> > >>>> I'm creating a bash script in dom0 to help with this. > >>>> > >>>> I could use > >>>> > >>>> qvm-run -ap sys-net "sudo qvm-copy-to-vm sys-net-profiles > >>>> /etc/NetworkManager/system-connections/*" > >>>> > >>>> ...but that will spawn a dom0 confirmation dialogue that I'd rather > >>>> avoid (after all, dom0 is initiating the copy). > >>>> > >>>> I could "allow" qubes.Filecopy from sys-net -> sys-net-profiles, but I > >>>> don't want to trust sys-net to initiate this copy on its own. > >>>> > >>>> Is there any way to directly copy files from one VM to another, executed > >>>> directly from dom0? > >>>> > >>> > >>> Not sure if it's the best solution, but this should work for avoiding > >>> prompt (briefly tested): > >>> > >>> for i in $(qvm-run -a -p -u root sys-net "ls > >>> /etc/NetworkManager/system-connections/"); do qvm-run -a -p -u root "cat > >>> /etc/NetworkManager/system-connections/$i" > $i; qvm-move-to-vm > >>> sys-net-profiles $i; done > >>> > >> > >> Oops small typo (forgot to name "sys-net" one time). Fixed: > >> > >> for i in $(qvm-run -a -p -u root sys-net "ls > >> /etc/NetworkManager/system-connections/"); do qvm-run -a -p -u root > >> sys-net "cat /etc/NetworkManager/system-connections/$i" > $i; > >> qvm-move-to-vm sys-net-profiles $i; done > >> > >> -- > >> qubenix > >> GPG: B536812904D455B491DCDCDD04BE1E61A3C2E500 > > > > How much of a risk do you think this is, passing the file contents through > > dom0 via qvm-run -ap? > > > > Yeah, this is moderately secure IMHO. You are copying everything from > /etc/NetworkManager/system-connections dir to dom0 before being moved to > destination vm without check. So theoretically something malicious could > be placed there. However, I don't see how it would be executed in dom0 > (should the file be malicious). I took no consideration for security, > only to solve the problem of prompt. > > -- > qubenix > GPG: B536812904D455B491DCDCDD04BE1E61A3C2E500
Thanks, and point taken on not focusing on security implications. I found a thread from last year where some third-party devs are concerned about the implications of letting qvm-run -p run wild: https://github.com/SietsevanderMolen/i3-qubes/issues/15 It's a good idea, but I think I'm looking for a more secure solution - if it's out there. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7f8f1a63-d5ab-4062-9522-b64a90fb5c6c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
