Re: [qubes-users] IMG sharing

[Ivan Mitev]

Hey,

On 04/24/2018 09:54 PM, 799 wrote:
> Hello Drew,
> 
> Drew White  schrieb am Di., 24. Apr. 2018, 07:14:
> 
>> Is it possible for every guest to share one virtual drive for cacheing and
>> auto mounting to same location for file transfers?
>>
>> i.e. One file always mounted to each guest and one reads while one writes.
>> etc. no need to mount and unmount? And it can be multiple images on
>> different locations at once?
>>
> 
> I haven't understand yet what you are trying to accomplish.
> You want a file location ("drive") that is shared between VMs, and you want
> that most VMs have read permissions to this location and one can write to
> it?
> 
> As mentioned by others this kind of breaks the security model of Qubes but
> I had a similar use case to work with data stored in a cloud service.
> 
> I wanted to separate data editing, local data storage and synchronization
> to the cloud service.
> The idea was that data is always encrypted in the "storage AppVM". Other
> "AppVMs" can access this Storage AppVM using SSHfs.
> I am using certificates and tight firewall configuration:
> - the AppVM can request connection to the storage VM via ssh, login is done
> via certificates.
> - after authentication the remote location is mounted via SSHfs
> - the data is encrypted with encfs and the decryption keys are only stored
> on the AppVM which is accessing the data (not the storage VM)
> 
> This setup works quiet well for my usecase as it is less complex than
> setting up a Fileserver with NFS to share data between AppVMs.
> 
> I know that this may not the best thing for a die hard Qubes user, but it
> allows me to setup inter-AppVM data flows if needed for specific use cases.
> 
> I have also scripted everything so that the firewall ports will only be
> opened when needed.
> 
> If you are interested I can upload my scripts/how-to to my GitHub account.

Sounds like a good candidate for the Qubes-Community project :)

> 
> [799]
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/afd0011c-9a51-57aa-3894-a99b0151e2b7%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] IMG sharing

[Teqleez Motley]

On Tue, Apr 24, 2018, at 20:54, 799 wrote:
> I have also scripted everything so that the firewall ports will only be
> opened when needed.
> 
> If you are interested I can upload my scripts/how-to to my GitHub account.
> 

Please do that, very interesting! Thanks.

Regards,
Teqleez

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1524639561.1575805.1349917712.24EC6883%40webmail.messagingengine.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] IMG sharing

[799]

Hello Drew,

Drew White  schrieb am Di., 24. Apr. 2018, 07:14:

> Is it possible for every guest to share one virtual drive for cacheing and
> auto mounting to same location for file transfers?
>
> i.e. One file always mounted to each guest and one reads while one writes.
> etc. no need to mount and unmount? And it can be multiple images on
> different locations at once?
>

I haven't understand yet what you are trying to accomplish.
You want a file location ("drive") that is shared between VMs, and you want
that most VMs have read permissions to this location and one can write to
it?

As mentioned by others this kind of breaks the security model of Qubes but
I had a similar use case to work with data stored in a cloud service.

I wanted to separate data editing, local data storage and synchronization
to the cloud service.
The idea was that data is always encrypted in the "storage AppVM". Other
"AppVMs" can access this Storage AppVM using SSHfs.
I am using certificates and tight firewall configuration:
- the AppVM can request connection to the storage VM via ssh, login is done
via certificates.
- after authentication the remote location is mounted via SSHfs
- the data is encrypted with encfs and the decryption keys are only stored
on the AppVM which is accessing the data (not the storage VM)

This setup works quiet well for my usecase as it is less complex than
setting up a Fileserver with NFS to share data between AppVMs.

I know that this may not the best thing for a die hard Qubes user, but it
allows me to setup inter-AppVM data flows if needed for specific use cases.

I have also scripted everything so that the firewall ports will only be
opened when needed.

If you are interested I can upload my scripts/how-to to my GitHub account.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2vvTj%3DmF2dcx537LF6u3TKCxAu0-ma_dMbOzsL9D4DMzw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] IMG sharing

[Ivan Mitev]

On 04/24/2018 09:01 AM, Drew White wrote:
> On Tuesday, 24 April 2018 15:28:40 UTC+10, Ivan Mitev  wrote:
>> On 04/24/2018 08:14 AM, Drew White wrote:
>>> Is it possible for every guest to share one virtual drive for cacheing and 
>>> auto mounting to same location for file transfers?
>>
>> It isn't possible unless you set up a clustered file system, which
>> implies having in-band or out-of-band communication channels between
>> guests. This breaks compartmentalization, which is Qubes' raison d'etre,
>> so if you really need this you're better off ditching Qubes and go with
>> plain kvm (or xen) VMs.
>>
> 
> I'm not talking about for all guests. and the channel would be one image 
> file, read only.  Writable only by one guest that does the downloading 
> securely and checks and writes the files.

AFAIK it's not possible. You need a clustered FS to see changes in real
time; If you share an image/device you'll have to
- make sure the guest with write rights has fsync'ed the changes to the
FS and/or that no cache is involved.
- unmount/remount the shared volume in R/O guests each time you need to
read new files.

I have no idea if Qubes allows sharing a volume between guests; I'd
imagine that qvm-* commands won't allow that so that users don't shoot
themselves in the foot, but you may be able to achieve this with lower
level commands or by tweaking the qvm-* commands' source.

But since you're sending content from a VM to other guests, the security
level of your R/O guests is basically dependent on the one you download
files to, so you could open some firewall ports and setup a networked
clustered FS like glusterfs.


> 
> One guest has cache and write permissions, nothing else does. Thus, secure. 
> More secure than downloading the same thing 50 times.
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2b77ccc9-bed7-3095-7b47-b4616cb3f0e1%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] IMG sharing

[Drew White]

On Tuesday, 24 April 2018 15:28:40 UTC+10, Ivan Mitev  wrote:
> On 04/24/2018 08:14 AM, Drew White wrote:
> > Is it possible for every guest to share one virtual drive for cacheing and 
> > auto mounting to same location for file transfers?
> 
> It isn't possible unless you set up a clustered file system, which
> implies having in-band or out-of-band communication channels between
> guests. This breaks compartmentalization, which is Qubes' raison d'etre,
> so if you really need this you're better off ditching Qubes and go with
> plain kvm (or xen) VMs.
> 

I'm not talking about for all guests. and the channel would be one image file, 
read only.  Writable only by one guest that does the downloading securely and 
checks and writes the files.

One guest has cache and write permissions, nothing else does. Thus, secure. 
More secure than downloading the same thing 50 times.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/48f543f9-1120-4443-ac73-092ac09156fe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] IMG sharing

[Ivan Mitev]

On 04/24/2018 08:14 AM, Drew White wrote:
> Is it possible for every guest to share one virtual drive for cacheing and 
> auto mounting to same location for file transfers?

It isn't possible unless you set up a clustered file system, which
implies having in-band or out-of-band communication channels between
guests. This breaks compartmentalization, which is Qubes' raison d'etre,
so if you really need this you're better off ditching Qubes and go with
plain kvm (or xen) VMs.


> i.e. One file always mounted to each guest and one reads while one writes. 
> etc. no need to mount and unmount? And it can be multiple images on different 
> locations at once?
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/85bffea7-d097-8570-f5a4-7d96cd9f4e73%40maa.bz.
For more options, visit https://groups.google.com/d/optout.