Things I would love to get addressed (of course, other suggestions and improvements welcome):
* Permission system to allow certain folders to certain VMs (the argument in qrexec is sanitized, rendering it useless for that) * Persistent notification on tray that indicates a specific folder is exported to a certain VM * Performance improvements (large mounts from network shares can be very slow) * Security hardening (make check was disabled in the specfile because there are some issues I don't know how to fix, sadly) * UI for mount clients to configure certain mounts to be mounted upon start / list existing configured mountpoints and statuses and open file managers to these mountpoints README and usage instructions follow. -------------------------------------------------------------- # Inter-VM shared folders for Qubes OS This package aims to solve the problem of inter-VM file sharing (rather than manual copying) by allowing a VM to mount folders from any other VM's file system (or mounted network shares). This package contains: * a Qubes OS `qrexec` service to serve folders from a qube * a program to mount folders in a qube served from other qubes * policy (for dom0) to permit or deny the process ## Usage The following instructions assume that the qube which contains the files you want to share is named `server` and the qube where you want to access the files is named `client`. They also assume you successfully finished the one-time installation instructions below. To mount `/home/user` from the `server` VM onto `/home/user/mnt`, run the following on a terminal of `client`: ``` cd /home/user mkdir mnt qvm-mount-folder server /home/user mnt ``` At this point you will see an authorization message from dom0 asking you if you really want to give `client` access to `server`'s files. Note that the access is blanket read/write, and once given. Authorize the access by confirming the name of the qube (`server` on the dialog and continuing. **Presto.** You should be able to use a file manager, a terminal, or any of your favorite applications to use files in `/home/user/mnt` -- these files are all stored in `server` on folder `/home/user`. To finish using it, run `sudo umount /home/user/mnt`. Note that currently, the connection remains open between `client` and `server` even after unmounting, so the only way to sever the connection is to power off one of the two qubes. ## Security considerations * There is currently no way to control *which* folders of the server qube can be requested by client qubes. In principle this should be doable because `diod` can export only a subtree of any file system hierarchy, but the next point needs to be addressed first. * The connection remains open after unmounting. This means that the client VM can in principle continue to access resources from the file system exported by `diod` before the unmount happened. ## Installation First, build a [`diod`](https://github.com/Rudd-O/diod) RPM package: ``` git clone https://github.com/Rudd-O/diod cd diod./autogen.sh && ./configure --prefix=/usr && make dist && rpmbuild -ts *tar.gz
``` Then, install this package on the template of the qube you plan to *share your files from*. Now build RPM packages for this software: ``` git clone https://github.com/Rudd-O/qubes-shared-folders cd qubes-shared-folders make rpm ``` Two RPMs will result: 1. `qubes-shared-folders-...noarch.rpm` 2. `qubes-shared-folders-dom0-...noarch.rpm` Install the first one in the template of the qube you plan to *share your files from*, as well as the template of the qube you plan to *access your files in*. Install the second one in dom0. This package contains policy (default `ask`) for the service. Now shut down all involved qubes, to ensure the installation takes. You don't need to shut down your computer or dom0. -- Rudd-O https://rudd-o.com/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b70e5bdb-d94e-1ce4-008b-6a2ec734a7e7%40rudd-o.com.
OpenPGP_signature
Description: OpenPGP digital signature
