Easily share folders between VMs.

Overview

Inter-VM shared folders for Qubes OS

This package aims to solve the problem of inter-VM file sharing (rather than manual copying) by allowing a VM to mount folders from any other VM's file system (or mounted network shares).

This package contains:

  • a Qubes OS qrexec service to serve folders from a qube
  • a program to mount folders in a qube served from other qubes
  • policy (for dom0) to permit or deny the process

There's a number of to-do items for which we'd love your help!

Usage

The following instructions assume that the qube which contains the files you want to share is named server and the qube where you want to access the files is named client. They also assume you successfully finished the one-time installation instructions below.

To mount /home/user from the server VM onto /home/user/mnt, run the following on a terminal of client:

cd /home/user
mkdir mnt
qvm-mount-folder server /home/user mnt

At this point you will see an authorization message from dom0 asking you if you really want to give client access to server's files. Note that the access is blanket read/write, and once given.

Authorize the access by confirming the name of the qube (server on the dialog and continuing.

Presto. You should be able to use a file manager, a terminal, or any of your favorite applications to use files in /home/user/mnt -- these files are all stored in server on folder /home/user.

To finish using it, run sudo umount /home/user/mnt. Note that currently, the connection remains open between client and server even after unmounting, so the only way to sever the connection is to power off one of the two qubes.

Security considerations

  • There is currently no way to control which folders of the server qube can be requested by client qubes. In principle this should be doable because diod can export only a subtree of any file system hierarchy, but the next point needs to be addressed first.
  • The connection remains open after unmounting. This means that the client VM can in principle continue to access resources from the file system exported by diod before the unmount happened.
  • A compromise of the client qube could be used to escalate into a compromise of the diod daemon running on the server qube -- in which case the server qube can be considered compromised. The converse case is possible as well. In other words: the client qube trusts that diod (on the server) will not send malicious data back, and the server qube trusts that the v9fs kernel module on the client qube will not send malicious data. This is an inherent risk of running a client/server setup that uses a low-level binary protocol and two sides (a client and a server), whether it be Git, SSH, or any other protocol.

If these security considerations cannot be accommodated by your security model, you are better off not using this program.

Installation

First, build a diod RPM package:

git clone https://github.com/Rudd-O/diod
cd diod
./autogen.sh && ./configure --prefix=/usr && make dist && rpmbuild -ts *tar.gz

Then, install this package on the template of the qube you plan to share your files from.

Now build RPM packages for this software:

git clone https://github.com/Rudd-O/qubes-shared-folders
cd qubes-shared-folders
make rpm

Two RPMs will result:

  1. qubes-shared-folders-...noarch.rpm
  2. qubes-shared-folders-dom0-...noarch.rpm

Install the first one in the template of the qube you plan to share your files from, as well as the template of the qube you plan to access your files in.

Install the second one in dom0. This package contains policy (default ask) for the service.

Now shut down all involved qubes, to ensure the installation takes. You don't need to shut down your computer or dom0.

Owner
Rudd-O
Rudd-O
Web service load balancing simulation experiment.

Web service load balancing simulation experiment.

NicestZK 1 Nov 12, 2021
TsuserverMoS - A Python-based server for Attorney Online,

tsuserverMoS A Python-based server for Attorney Online, forked from RealKaiser/tsuserverCC Requires Python 3.7+ and PyYAML. Changes/additions from tsu

1 Dec 30, 2021
Tool to transfer credential files from Firefox to your local machine to decrypt offline.

Firefox-Dumper Firefox Dumper identifies the current user's Firefox profile directory and exfiltrates the credential files to the attacker's FTP serve

Joe Helle 22 Sep 10, 2022
gRPC typing stubs for Python

gRPC Typing Stubs for Python This is a PEP-561-compliant stub-only package which provides type information of gRPC. Install using pip: pip install grp

Blake Williams 27 Dec 20, 2022
IoT owl is light face detection and recognition system made for small IoT devices like raspberry pi.

IoT Owl IoT owl is light face detection and recognition system made for small IoT devices like raspberry pi. Versions Heavy with mask detection withou

Ret2Me 6 Jun 06, 2022
Web-server with a parser, connection to DBMS, and the Hugging Face.

Final_Project Web-server with parser, connection to DBMS and the Hugging Face. Team: Aisha Bazylzhanova(SE-2004), Arysbay Dastan(SE-2004) Installation

Aisha Bazylzhanova 2 Nov 18, 2021
A repo with study material, exercises, examples, etc for Devnet SPAUTO

MPLS in the SDN Era -- DevNet SPAUTO All of the study notes have now been moved to use auto-generated documentation to build a static site with Githu

Hugo Tinoco 67 Nov 16, 2022
Synchronised text editor over TCP, for live editing with others.

SyncTEd Synchronised text editor over TCP, for live editing with others. Written in Python with PyGame. Run Install requirements: pip install -r requi

Marko Živić 1 May 13, 2022
An automatic web reconnaissance tool written in python3.

WebRecon is an automatic web reconnaissance tool written in python3. Provides a command line interaction similar to msfconsole. The Exasmple.py file is provided, and you can write your own scripts yo

prophet 1 Feb 06, 2022
Python Scripts for Cisco Identity Services Engine (ISE)

A set of Python scripts to configure a freshly installed Cisco Identity Services Engine (ISE) for simple operation; in my case, a basic Cisco Software-Defined Access environment.

Roddie Hasan 9 Jul 19, 2022
A simple framwork to streamline the Domain Adaptation training process.

FastDA Introduction This is a simple framework for domain adaptation training. You can use it to build your own training process. It heavily relies on

Vincent Zhang 7 Nov 22, 2022
A simple port scanner for Web/ip scanning Port 0/500 editable inside the .py file

Simple-Port-Scanner a simple port scanner for Web/ip scanning Port 0/500 editable inside the .py file Open Cmd/Terminal Cmd Downloads Run Command: pip

YABOI 1 Nov 22, 2021
Simple self-hosted server to receive files from remote systems

Badtray This is a very simple self-hosted server to receive files from remote systems. This works similar to Bintray (RIP) and primarily designed to d

Alex Taradov 1 Nov 22, 2021
Mass Reverse IP Dibuat Dengan Python 3 Dan Ada Fitur Filter.

Reverse IP Tools Description. Reverse IP is a method to map an IP address to a sub domain. This tool is made in the python 3 programming language. Fea

Wan Naz ID 6 Oct 24, 2022
This tool will scans your wi-fi/wlan and show you the connected clients

This tool will scans your wi-fi/wlan and show you the connected clients

VENKAT SAI SAGAR 3 Mar 24, 2022
Lightweight asyncio compatible utilities for consuming broker messages.

A simple asyncio compatible consumer for handling amqp messages.

Mehdi Kamani 3 Apr 10, 2022
A simple implementation of an RPC toolkit

Simple RPC With Raw Sockets Repository for the Data network course project: Introduction In this project, you will attempt to code a simple implementa

Milad Samimifar 1 Mar 25, 2022
This Python script can be used to bypass IP source restrictions using HTTP headers.

ipsourcebypass This Python script can be used to bypass IP source restrictions using HTTP headers. Features 17 HTTP headers. Multithreading. JSON expo

Podalirius 322 Dec 28, 2022
A Python framework for interacting with Solana's Pyth network.

Pyth Network A basic Python framework for reading and decoding data regarding the Pyth network

1 Nov 29, 2021
IPE is a simple tool for analyzing IP addresses. With IPE you can find out the server region, city, country, longitude and latitude and much more in seconds.

IPE is a simple tool for analyzing IP addresses. With IPE you can find out the server region, city, country, longitude and latitude and much more in seconds.

Paul 0 Jun 11, 2022