On Sunday, February 18, 2018 at 1:11:58 AM UTC+1, [799] wrote:
> Hello awokd,
> 
> -------- Original-Nachricht --------
> An 17. Feb. 2018, 23:41, 'awokd' via qubes-users schrieb:
> 
> > Can't really find a man page for xclip. What
> > happens when you run this in dom0? 
> 
> xclip doesn't have to be present in dom0 as the command is only used in the 
> AppVM.
> As such you might need to install it in your template VM.
> 
> In dom0 you are only using gnome-screenshot to make the screenshot.
> If it is not available in dom0 you can install it via qubes-dom0-update 
> gnome-screenshot or use any other existing sxreenshot-app which is available 
> in your dom0 and offers the option to safe screenshots directly to file.
> 
> Question regarding security:
> As far as I can tell I don't think that the suggested solution to transfer 
> screenshots to an AppVM offers a great security risk as the data is only 
> flowing from (!) dom0 to your AppVM and the graphic file is creating in dom0.
> But as I am far away from being a security expert, I'd like to hear a more 
> qualified feedback if working with this script might be a bad idea.
> 
> Regards
> 
> [799]

hmm, thinking about it, did you try awokd's approach? I do something very 
similar for my QubesTV setup that I'm working on polishing, which works on 
scripts too, like we're doing here. The command may have to be adjusted a bit, 
but in general, it should work, even without xclip in dom0. 

Actually, I'd go as far as to say it should most definitely work for xclip, 
while my scripts here are different, I've done it enough to tell it can work if 
modified correctly.

Either way, try awokd's command out, it will definitely work in one variant or 
different. The question is if require a bit of modification. For example, maybe 
use "qvm-run AppVM bash 'command to execute inside AppVM -o etc. lalala'" 
instead of say, "qvm-run AppVM gnome-terminal -e 'command to execute inside 
AppVM -o etc. lalala'". 

For example I've seen a case where one when executed inside the AppVM, will 
open the executed QubesTV streaming link in the same browser, same tab, while 
the very same command inserted into the AppVM from dom0, would open up a whole 
new instance of Firefox, and thereby open a new window. Which, needless to say, 
doesn't work. The solution was to use bash for already running firefox, so that 
it won't start a new firefox instance. Hopefully you can use any of this to 
make qvm-run appvm "command" work.

In terms of security, I'm in the same boat, I can't say for sure. But I agree 
with the notion, that it "probably"? is secure due to the one direction flow of 
data.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8bc85072-ac09-4ccc-8915-331ea300a33f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to