On 04/20/2017 10:54 AM, Johannes Graumann wrote:
Hi,
Has anyone figured out a setup for qubes-usb-proxy-based USB-
passthrough that will allow for automatic (and active) monitoring of
sys-usb connections and VMs? I'm envisioning a situation where I tell
the proxy setup that
1) if device X shows up and VM Y is running, the device should be
connected to the VM.
2) If VM Y comes up and device X is present, the device should be
connected to the VM
3) the connection should be removed automatically if either member
disappears ...
Is this possible? Where would one start?
Should be possible I guess; maybe not yet implemented (I didn't test
that new USB proxy feature so far). Should be implemented in dom0 for
obvious security reasons.
In a side note: is it possible to pass a single device (e.g. smart card
reader) through to multiple VMs simultaneously?
I guess not (I/O racing conditions and so on), but then again you can try.
As the wiki states though [1]: "Stating with Qubes 3.2, it is possible
to attach a single USB device to any Qube. While this is useful feature,
it should be used with care, because there are many security
implications from using USB devices and USB passthrough will expose your
target qube for most of them. If possible, use method specific for
particular device type (for example block devices described above),
instead of this generic one."
--> So you should use qvm-block or qvm-copy-to-vm for the files on your
SD cards, if you like the security Qubes provides. That can also be done
automatically, if needed.
[1] https://www.qubes-os.org/doc/usb/
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/6a041e30-921f-2c50-6551-5d09245e6859%40hackingthe.net.
For more options, visit https://groups.google.com/d/optout.
smime.p7s
Description: S/MIME Cryptographic Signature