On Sat, Jul 15, 2017 at 10:45:38AM +0200, Noor Christensen wrote: > On Tue, Jul 11, 2017 at 01:08:55PM -0700, [email protected] wrote: > > Right now, I have a lot of stuff all just "consolidated" on one hard drive. > > /var/storage/{Anime,public_html,Documents,Pictures,.config/{pale\ > > moon,deluge}} and so on. > > > > But, obviously, I want to try with Qubes to have some isolation from > > my webserver, perhaps have my Torrent client not be able to read my > > browser profile, etc. > > > > I'm thinking of setting up perhaps something like a "Storage Qube", > > which will have the storage drive permanently attached, and be in > > charge of managing permissions and serving the folders to authorized > > VMs via…NFS? SSHFS? > > > > The catch is, I want to try to have it at least be reasonably > > performant (i.e., my browser profile is there currently), and > > preferably not make it "too" hacky/inelegant, in case the Qubes devs > > roll their own guided/integrated system for this. > > > > DOES Qubes have a facility to do this currently? > > I found this project the other day: > https://github.com/rustybird/qubes-split-dm-crypt > > Haven't tried it myself yet but it looks like it could fit your idea.
Also, one of the main Qubes workflows is to create AppVMs separated by "domain". This can mean many things, but in your case I can think of at least two: browser and torrents. You can have two AppVMs (one for browser, one for torrents) that share the same TemplateVM but have their own private storage for persistent files (browser profile, torrent client config). By separating applications into their own AppVMs they are isolated from each other, and they cannot read private data from other AppVMs. If you need them to share anything, you just put that in the template and it will be available for any AppVM using that template next time it starts. Everything stored in an AppVM's private storage is persistent between restarts. It is only available to that AppVM. -- noor |_|O|_| |_|_|O| Noor Christensen |O|O|O| [email protected] ~ 0x401DA1E0 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170715085730.ojdqv3wvwazfd3tg%40mail. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: PGP signature
