On 06/28/2017 12:19 PM, wordswithn...@gmail.com wrote:
Thanks, and point taken on not focusing on security implications.
I found a thread from last year where some third-party devs are concerned about
the implications of letting qvm-run -p run wild:
https://github.com/SietsevanderMolen/i3-qubes/issues/15
It's a good idea, but I think I'm looking for a more secure solution - if it's
out there.
IIUC, having dom0 parse the file list is whats worrying you? Otherwise,
passing data through dom0 (no parsing) should be considered secure.
You can have dom0 pipe between machines like so:
qvm-run -p sys-net "tar -cf - /etc/NetworkManager/system-connections" |
qvm-run -p sys-net-profiles "tar -xf -"
This entails a small amount of risk to the profiles VM (because tar file
is parsed there), but not to dom0.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/53f323e2-6b45-7ce2-4077-f809db3a81cb%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.
