Re: [qubes-users] Access all vm data from a backup-vm?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Nov 20, 2016 at 09:13:36PM -0800, pixel fairy wrote: > On Sunday, November 20, 2016 at 10:15:44 AM UTC-5, Marek Marczykowski-Górecki > wrote: > > > > what do you think of "qvm-copy-to-vm backupvm ." followed by rdiff-backup > > > on the backupvm to luks encrypted disks? > > > > It's better, but personally I wouldn't do that either. > > how would you do incremental backups? would lvm/btrfs/zfs snapshots on the > backup volume work? Impossible right now. Some ideas: https://github.com/QubesOS/qubes-issues/issues/858 > > > if you were using qubes-backup, how would you restore a single file or > > > folder? > > > > Restore selected VM (under another name - it's done automatically), > > copy that single file to original VM, then remove restored VM. > > just tried that, it complained that there was already a vm of the same name. > did you mean to rename the original and then restore the old name? There is qvm-backup-restore --rename-conflicting option. It isn't available in GUI unfortunately... > it would be nice to have it offer to restore foo to foo_backup- with out > networking and maybe even start the file browser or shell There is tight limit on VM name length (31 chars)... - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYM1X+AAoJENuP0xzK19csjaUH/1oRgLtiG8Wplrd5737QpOl8 wxsrgR9lM3tt6lj8sRPOz6SlxBASewcBsmIcXNFUAqnZu11Fg/lb8NujngI1oxcf POYYTDLFcZkHK2mhkrRxXiTfrwm9/cfFMye2mQSzA9KxfuoPltKJqCQmgSqVMb+n T96l/9vA7p0m4OCjzs4/Ra9zXqctctLYbxCI8DcCxnpEW5yDptFtAIdnp454lGPF eIZPrloznEutN0OXZ58yHOP8DMx0QfnzAh7qCixUf0ZL3Gecp+wrpBcMG8q/of7P GU/MSN/RYnaOFDULeAocowCgvfRLYyL6iU73FGVrQtYsHjfsJnwgNccVSwD8m4U= =DHGj -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161121201556.GO1145%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Access all vm data from a backup-vm?
>> what do you think of "qvm-copy-to-vm backupvm ." followed by rdiff-backup on >> the backupvm to luks encrypted disks? > > It's better, but personally I wouldn't do that either. > >> if you were using qubes-backup, how would you restore a single file or >> folder? > > Restore selected VM (under another name - it's done automatically), > copy that single file to original VM, then remove restored VM. How large would the attack surface be if I create a huge .img container (50% of diskspace), mount it in dom0, do an rsync of all app-vm data onto it, then mount it in my backup-vm for the actual remote backup? Even if the backup-vm was compromised, all malicious changes _in_ the .img container would be overwritten by the next rsync. I am unsure if "sharing" the blockdevice-metadata (partitiontable etc) is such a high risk? Also, as dom0 and the backup-vm don't see any userdata, but only the other vms .img files, this should be pretty safe? For me, it would be nice as the backup-vm handles all backup-logic, can do incremental backups, and there is almost no backchannel from backup-vm to dom0. Of course, as soon as my backup-vm or remote backup target is compromised, I have a huge problem anyway. At least some (vault) data would always be encrypted (by the regular qubes procedure), and would necessarily be full-backupped every time. In general, availability of my data is more important to me than privacy. I'm still trying to achieve both, though :-) N2 p.s.: Please let me know if generally I should leave single emailadresses in CC, I removed all but the list itself. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/583351EA.80501%40posteo.de. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Access all vm data from a backup-vm?
On Sunday, November 20, 2016 at 10:15:44 AM UTC-5, Marek Marczykowski-Górecki wrote: > > what do you think of "qvm-copy-to-vm backupvm ." followed by rdiff-backup > > on the backupvm to luks encrypted disks? > > It's better, but personally I wouldn't do that either. how would you do incremental backups? would lvm/btrfs/zfs snapshots on the backup volume work? > > if you were using qubes-backup, how would you restore a single file or > > folder? > > Restore selected VM (under another name - it's done automatically), > copy that single file to original VM, then remove restored VM. just tried that, it complained that there was already a vm of the same name. did you mean to rename the original and then restore the old name? it would be nice to have it offer to restore foo to foo_backup- with out networking and maybe even start the file browser or shell -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/95d82edc-665b-4f50-8208-53ac06992686%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Access all vm data from a backup-vm?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Nov 20, 2016 at 07:02:28AM -0800, pixel fairy wrote: > On Sunday, November 20, 2016 at 8:07:58 AM UTC-5, Marek Marczykowski-Górecki > wrote: > > > This is risky. If one of your VMs is compromised, it may try to exploit > > some bug in filesystem handling code, or rsync, to steal data from other > > VMs. > > Handling this at block device level (so do not mount, but use /dev/xvdi > > as is) should be much safer. But then, you have qvm-backup tool which > > handle all this for you. The disadvantage (at least for now) is copy > > all the data each time - no support for incremental backups or such. > > what do you think of "qvm-copy-to-vm backupvm ." followed by rdiff-backup on > the backupvm to luks encrypted disks? It's better, but personally I wouldn't do that either. > if you were using qubes-backup, how would you restore a single file or folder? Restore selected VM (under another name - it's done automatically), copy that single file to original VM, then remove restored VM. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYMb4cAAoJENuP0xzK19csAFQH/1Qb9VUHbFT9CSPMGfFmhpg7 CYSSMFZ7CkfJCnuMO3VfYJk4iACLbgBwfej5MWqnimgW5oihQdmXZ6q/qhuYmZjY MkLCvfKLcOtLMZaCjkFkPjrs8plYmmtovo8wRA89ji3L0JilnAgClQ0cc5wL7Cjb d5YFMAHemMiomWJx5pHAUJHS4hgbgXvH57Hx7OgObA8f4DTfQBXI18bVqGdgMnUK cdqze1lagALso+poNJG7p1IhJABb+FN30cTwTCwy9NudwnmQfRjShMaWKG7rXIXF H1wk9IQc5/PSo4eKlEj3h/ML/aHGlff6RQtBdO8bF4QdTVduLJfKI71CfBf6Lrw= =3S2/ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161120151537.GH1145%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Access all vm data from a backup-vm?
On Sunday, November 20, 2016 at 8:07:58 AM UTC-5, Marek Marczykowski-Górecki wrote: > This is risky. If one of your VMs is compromised, it may try to exploit > some bug in filesystem handling code, or rsync, to steal data from other > VMs. > Handling this at block device level (so do not mount, but use /dev/xvdi > as is) should be much safer. But then, you have qvm-backup tool which > handle all this for you. The disadvantage (at least for now) is copy > all the data each time - no support for incremental backups or such. what do you think of "qvm-copy-to-vm backupvm ." followed by rdiff-backup on the backupvm to luks encrypted disks? if you were using qubes-backup, how would you restore a single file or folder? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6b5d8162-ef0c-44bd-9c82-be3ad1d51c55%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Access all vm data from a backup-vm?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Nov 20, 2016 at 01:04:03PM +0100, David Hobach wrote: > On 11/20/2016 12:35 PM, Franz wrote: > > On Sun, Nov 20, 2016 at 7:21 AM, Stickstoff wrote: > > > > > Hello dear new qubes family, > > > > > > I am having trouble designing a backup concept for my qubes workstation. > > > My goal is to have a (daily) copy of the entire workstation on a trusted > > > remote backup target (versioning, encryption, rotation is done > > > remotely). Only a small part of the local data ("vault") would need to > > > be encrypted before sending it on its way. > > > My plan was to use a dedicated backup-vm, locked down to only connect to > > > the remote target. > > > > > > - My first idea was to "mount --bind" the data to the backup-vm in > > > read-only mode. It would then do a simple rsync to the remote backup > > > target. This seems not to be possible, as I can't mount a directory from > > > outside, dom0, into the filesystem of the backup-vm. Mounting a > > > btrfs-snapshot would be a nice alternative, which doesn't seem to be > > > possible neither. > > That works. Just use qvm-block from dom0 to attach your other VMs to your > backup VM. Then you can e.g. start rsync in your backup VM from dom0 using > qvm-run. > > The concrete dom0 command should be > qvm-block -A [BACKUP_VM] dom0:/var/lib/qubes/appvms/[CLIENT_VM]/private.img > and then mount etc. in your backup VM using e.g. qvm-run. This is risky. If one of your VMs is compromised, it may try to exploit some bug in filesystem handling code, or rsync, to steal data from other VMs. Handling this at block device level (so do not mount, but use /dev/xvdi as is) should be much safer. But then, you have qvm-backup tool which handle all this for you. The disadvantage (at least for now) is copy all the data each time - no support for incremental backups or such. > read-only didn't work though the last time I tested it (you can write anyway > - probably some bug). Yes, this one: https://github.com/QubesOS/qubes-issues/issues/2255 - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYMaApAAoJENuP0xzK19csIzIIAIUsmVoT3OkLxXMPdJcya1hp LRPG+YxM09Zo8eVrMZwqGmnyew+YMb8p66yi0RMSUF2bPIoNmb0cNrfUCHzuSlXc Hd0eQ2cBFwCvVyzepxdUobkZebNiG+zylV6hEj3T9vpVXs0QYR6vbdHe90YO8yRe IpzzyG2/lPowNQOzbm3GN8EIISSymfuVqfFT4wXzZk2zdZAsJ63xsgO9PfAFghts k2f0zq763WtpbDcpNjAoBSsB5OjtKbCG4tBEO8AXSEfepzMssB99QAInfcEOiq1m L6AAcqPGUwPSj8Xa3iQ6VvnNowGjjOA2KxStmgN+XqzU5FCa/93ettIa/iukHIk= =gj/a -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161120130750.GF1145%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Access all vm data from a backup-vm?
On 11/20/2016 12:35 PM, Franz wrote: On Sun, Nov 20, 2016 at 7:21 AM, Stickstoff wrote: Hello dear new qubes family, I am having trouble designing a backup concept for my qubes workstation. My goal is to have a (daily) copy of the entire workstation on a trusted remote backup target (versioning, encryption, rotation is done remotely). Only a small part of the local data ("vault") would need to be encrypted before sending it on its way. My plan was to use a dedicated backup-vm, locked down to only connect to the remote target. - My first idea was to "mount --bind" the data to the backup-vm in read-only mode. It would then do a simple rsync to the remote backup target. This seems not to be possible, as I can't mount a directory from outside, dom0, into the filesystem of the backup-vm. Mounting a btrfs-snapshot would be a nice alternative, which doesn't seem to be possible neither. That works. Just use qvm-block from dom0 to attach your other VMs to your backup VM. Then you can e.g. start rsync in your backup VM from dom0 using qvm-run. The concrete dom0 command should be qvm-block -A [BACKUP_VM] dom0:/var/lib/qubes/appvms/[CLIENT_VM]/private.img and then mount etc. in your backup VM using e.g. qvm-run. read-only didn't work though the last time I tested it (you can write anyway - probably some bug). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d9a9692a-102f-9c50-8006-11af7573cacf%40hackingthe.net. For more options, visit https://groups.google.com/d/optout. smime.p7s Description: S/MIME Cryptographic Signature
Re: [qubes-users] Access all vm data from a backup-vm?
On Sun, Nov 20, 2016 at 7:21 AM, Stickstoff wrote: > Hello dear new qubes family, > > I am having trouble designing a backup concept for my qubes workstation. > My goal is to have a (daily) copy of the entire workstation on a trusted > remote backup target (versioning, encryption, rotation is done > remotely). Only a small part of the local data ("vault") would need to > be encrypted before sending it on its way. > My plan was to use a dedicated backup-vm, locked down to only connect to > the remote target. > > - My first idea was to "mount --bind" the data to the backup-vm in > read-only mode. It would then do a simple rsync to the remote backup > target. This seems not to be possible, as I can't mount a directory from > outside, dom0, into the filesystem of the backup-vm. Mounting a > btrfs-snapshot would be a nice alternative, which doesn't seem to be > possible neither. > > - I could use a dedicated drive, partition, or .img file to hold a copy > of all data locally and connect this back and forth between dom0 and the > backup-vm. This seems wasteful and opens security risks. > > - I could serve all data via nfs to the backup-vm. This would, of > course, open security risks in enabling some kind of networking in dom0. > > - I could send the backup-stream ("btrfs send", for example) to the > backup-vm and it forwards it to the remote backup target. This would > need all backup logic, programs and scripts to run in dom0. Also, I > suppose this would be an unstable solution, where (network) problems > immediately lead to a failed and broken backup (where rsync fails more > gracefully). > > > How do other people backup their qubes machine to a remote target? > > I have a simple script in dom0 that mounts a NAS via nfs on a backupVM and launches the default encrypted backup system. best Fran Thank you, > > N2 > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/qubes-users/5831792C.3060308%40posteo.de. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAPzH-qBbgPMHLjgZ76gu1D0_Z5L-nPXZpzBsmcdwWyhADzoNAA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Access all vm data from a backup-vm?
Hello dear new qubes family, I am having trouble designing a backup concept for my qubes workstation. My goal is to have a (daily) copy of the entire workstation on a trusted remote backup target (versioning, encryption, rotation is done remotely). Only a small part of the local data ("vault") would need to be encrypted before sending it on its way. My plan was to use a dedicated backup-vm, locked down to only connect to the remote target. - My first idea was to "mount --bind" the data to the backup-vm in read-only mode. It would then do a simple rsync to the remote backup target. This seems not to be possible, as I can't mount a directory from outside, dom0, into the filesystem of the backup-vm. Mounting a btrfs-snapshot would be a nice alternative, which doesn't seem to be possible neither. - I could use a dedicated drive, partition, or .img file to hold a copy of all data locally and connect this back and forth between dom0 and the backup-vm. This seems wasteful and opens security risks. - I could serve all data via nfs to the backup-vm. This would, of course, open security risks in enabling some kind of networking in dom0. - I could send the backup-stream ("btrfs send", for example) to the backup-vm and it forwards it to the remote backup target. This would need all backup logic, programs and scripts to run in dom0. Also, I suppose this would be an unstable solution, where (network) problems immediately lead to a failed and broken backup (where rsync fails more gracefully). How do other people backup their qubes machine to a remote target? Thank you, N2 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5831792C.3060308%40posteo.de. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature