Re: [qubes-users] What exactly is stored in an App VM backup..?
OK, that's really nice to know that startup scripts are not saved. Really nice. The thing about having to shut down the VM is still annoying though. The other thing is, the progress bar for Qubes backups is very bad.. It stays at 0% for a long time, and then hours later, gets to 100%... There is not the kind of progressive movement that lets you know how long this is going to take. Apart from that though.. at least it's secure. That's the main thing I care about. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/797de76c-76ee-44fb-8917-6a29ce3652a4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] What exactly is stored in an App VM backup..?
On 08/14/2016 03:37 PM, neilhard...@gmail.com wrote: > But presumably this private.img is going to include things like: > > folder: /etc/init.d/ > > file: /etc/rc.local > > things like this, which are used to do start-up scripts. > No, it does not. Only root.img for templateVMs include such things; please refer to https://www.qubes-os.org/doc/template-implementation/ for more information on the overlayFS structure of block devices. > So anyone who hacked the VM might place some start-up scripts which > link to malware stored on the machine. These changes are not persisted, because they are not saved in the private.img file, if they are made on an appvm. > This is why I thought it would be better to use an internal Fedora > system to do the backup. > > Doing this would also prevent you from having to shut down your VM in > order to do the backup, which is a drain on productivity. You can use the backup system you like, or even a superposition of many. I myself use a staggered-and-timed syncthing mirror for quick recovery of user mistakes (everything is copied and kept 90 days, and 3 copies of every files are staggered, so accidental edits or deletions can be recovered if not too much time ago) and also the qubes backup system for disaster recovery. I like to protect against those two scenarios, and no tool covers both efficiently, so I use both. Me and a friend were thinking of preparing a duplicity-based appVM with beefy scripts which would be able to backup all the other appVMs and save a local USB hard drive or a remote, encrypted cloud storage (both standard functionality of duplicity), but eventually abandoned the project for lack of free time. That would have allowed for a centralized configuration and schedule point, while keeping the isolation Qubes provides. That could even be used, with some caveats (first and foremost, program data should be in a consistent state), with live AppVMs. -- Alex -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/24135208-6e86-9073-e295-d5648e8f54e1%40gmx.com. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] What exactly is stored in an App VM backup..?
But presumably this private.img is going to include things like: folder: /etc/init.d/ file: /etc/rc.local things like this, which are used to do start-up scripts. So anyone who hacked the VM might place some start-up scripts which link to malware stored on the machine. So these are going to be backed up by the Qubes backup system. This is why I thought it would be better to use an internal Fedora system to do the backup. Doing this would also prevent you from having to shut down your VM in order to do the backup, which is a drain on productivity. --- Or am I wrong here..? Would this somehow not back up any start-up scripts...? Because that's what I'm worried about. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c45479a8-c541-47cc-a427-34d8d3379e3f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] What exactly is stored in an App VM backup..?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-14 05:56, neilhard...@gmail.com wrote: > I want to know.. what exactly is stored in an App VM backup..? > > When you back it up, and you have your single backup file, what is in that > file? > > Obviously, your personal files, like folder structure, Documents, > Downloads, Music etc. > > But how about programs..? Are programs stored in there, or are they only > stored in the template VM..? > > How about things like startup scripts, for example, a startup script that > may load up a virus..? Or are those just in the template VM..? > > I say this in terms of security... as to whether it is safe to back up an > App VM... or whether it's safer to back up the files from within the App VM > using some sort of Fedora tool... > > Thanks > No programs, just the AppVM's private.img file along with things like firewall.xml. You can explore the contents for yourself by following the instructions here: https://www.qubes-os.org/doc/backup-emergency-restore-v3/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXsG9AAAoJENtN07w5UDAwm9AP/A5337EdKJgC/nU0Smv1QJu0 KJUx8bpcgkRDP7PNjuaDTZRDBTcvLv+6wqstgls5PemfFybV/GTCCH0gHHQfOlY6 QQum0jhJ3uWI/dlkhYSxAlWFM44rqMyxz1jDZ/seKFd91VY6SSnu02mgG+jZqDDa vtfremssHveka9/7hRQEuisJV4Z2ug5BGAR2J0BD01lorQhe4Uxz5/YIum16krKY tBFU/zBwbpIu6U7c+TNl2WHYAI7mWZDs3UnQqDN0WmYnmJnghzAgRBGvhCBVgeTn iKnCZiKt+xw5ATlwsXyqADtISq1oWmknXbWEkLQsxlIeysS67NjYVOWJQrSL+pxf FrQIK3bkxDGVEyCWrNhArkiuYBJPFShXa/JvOQOFTFK4PxbYHuB2kOGOBcDs0THj EUKS0E1Hm6eqMEwGWsMWhaHxiw3Lnr6GOrpcCdmbdqUqnywJi+4m2MhPCn/+I7wZ ryGpT4l0o6Q8l5rkxA//0ksq1ey3J/5o6DUhmH6yTYpvX8fUdZQk46Z28nxv9yV4 oqQSwhdtpn+VaCwNtBW3hDCsh/bNEZr3+wlPiBOh0eG0jVtgWjVazEy6dfCrw9vu wg1XAaj6PnujjvVGZRFh/VgoqL0G5KQsV3LENCcYnGOucXF7sfrVJBJTRlSuav3/ lQyDEB1HxA8sjEtdSHet =wSdb -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/69e9ebd3-7567-82d6-6511-5feb67f17c77%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.