On Saturday, October 14, 2017 at 5:54:28 PM UTC-6, [799] wrote: ... > Solution Design: > > [Access+Transfer AppVM] > > Template: fedora-25-minimal > > Additional packages: > > - OneDrive Freeclient (https://github.com/skilion/onedrive) > > - sudo dnf -y install nfsutils > > Will be configured to mount a NFS-share from the Storage AppVM and to access > OneDrive to synchronize the files > > Data will be downloaded and storad in the mounted NFS-Share of the Storage > AppVM ... > In the Work AppVM you are mounting the NFS Share from the Storage AppVM: > > sudo mount 10.137.2.20:/var/nfs/work /mnt/onedrive-work.encfs > > > > In Order to access the files, the NFS share is encfs-mounted: > > encfs /mnt/onedrive-work.encfs ~/work ... > What's your opinion about this approach (I hope I could make clear what the > idea is) - am I opening to much attack possibilities because I need to have > NFS server running between the AppVMs? Keep in mind, that I am only sharing > one directory, which is encrypted and only the AppVM knows how to decrypt the > data. > > So even if the Storage AppVM gets compromissed, the data should be encrypted > (and therof protected). ... > Interested to get your feedback. > > > [799]
Have you considered using SSHFS rather than NFS? I'm no security expert, but it would seem to me to be more secure than NFS. Ron -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e94c1d60-7c05-412a-a504-b3548862a5cb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
