is ready for testing.  The description is below.

Things I would love to get addressed (of course, other suggestions and improvements welcome):

 * Permission system to allow certain folders to certain VMs (the
   argument in qrexec is sanitized, rendering it useless for that)
 * Persistent notification on tray that indicates a specific folder is
   exported to a certain VM
 * Performance improvements (large mounts from network shares can be
   very slow)
 * Security hardening (make check was disabled in the specfile because
   there are some issues I don't know how to fix, sadly)
 * UI for mount clients to configure certain mounts to be mounted upon
   start / list existing configured mountpoints and statuses and open
   file managers to these mountpoints

README and usage instructions follow.


# Inter-VM shared folders for Qubes OS

This package aims to solve the problem of inter-VM file sharing
(rather than manual copying) by allowing a VM to mount folders
from any other VM's file system (or mounted network shares).

This package contains:

* a Qubes OS `qrexec` service to serve folders from a qube
* a program to mount folders in a qube served from other qubes
* policy (for dom0) to permit or deny the process

## Usage

The following instructions assume that the qube which contains the
files you want to share is named `server` and the qube where you
want to access the files is named `client`.  They also assume you
successfully finished the one-time installation instructions below.

To mount `/home/user` from the `server` VM onto `/home/user/mnt`,
run the following on a terminal of `client`:

cd /home/user
mkdir mnt
qvm-mount-folder server /home/user mnt

At this point you will see an authorization message from dom0 asking
you if you really want to give `client` access to `server`'s files.
Note that the access is blanket read/write, and once given.

Authorize the access by confirming the name of the qube (`server` on
the dialog and continuing.

**Presto.**  You should be able to use a file manager, a terminal, or
any of your favorite applications to use files in `/home/user/mnt`
-- these files are all stored in `server` on folder `/home/user`.

To finish using it, run `sudo umount /home/user/mnt`.  Note that
currently, the connection remains open between `client` and `server`
even after unmounting, so the only way to sever the connection is
to power off one of the two qubes.

## Security considerations

* There is currently no way to control *which* folders of the server
  qube can be requested by client qubes.  In principle this should
  be doable because `diod` can export only a subtree of any file
  system hierarchy, but the next point needs to be addressed first.
* The connection remains open after unmounting.  This means that the
  client VM can in principle continue to access resources from the
  file system exported by `diod` before the unmount happened.

## Installation

First, build a [`diod`]( RPM package:

git clone
cd diod
./ && ./configure --prefix=/usr && make dist && rpmbuild -ts *tar.gz

Then, install this package on the template of the qube you plan to
*share your files from*.

Now build RPM packages for this software:

git clone
cd qubes-shared-folders
make rpm

Two RPMs will result:

1. `qubes-shared-folders-...noarch.rpm`
2. `qubes-shared-folders-dom0-...noarch.rpm`

Install the first one in the template of the qube you plan to
*share your files from*, as well as the template of the qube
you plan to *access your files in*.

Install the second one in dom0.  This package contains policy
(default `ask`) for the service.

Now shut down all involved qubes, to ensure the installation takes.
You don't need to shut down your computer or dom0.


You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To view this discussion on the web visit

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply via email to