Ext4 formatted external USB hard drive not seen in file manager even though it attaches OK to appvm

[Eric Smith]

I am able to see FAT32 formatted usb hard drive in nautilus, but cannot see EXT4 formatted usb hard drive.
Also, dom0 recognizes my ext4 usb drive and I am able to browse it in dom0 (probably dangerous). 
The ext4 formatted usb attaches to an appvm without complaints but it does not show up in nautilus (unlike the fat32 usb drive).
Is there a way to fix this? 
Thank you.
Eric

[Marek Marczykowski-Górecki]

Make sure you've used proper partition table, i.e create ext4 on /dev/sdb1,
not /dev/sdb (or whatever name device gets).

--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

[Axon]

Eric Smith:

> Also, dom0 recognizes my ext4 usb drive and I am able to browse it in dom0
> (probably dangerous).

I've noticed that most if not all AppVM home directories are browsable
from dom0's Thunar. It's been this way for as long as I can remember. I,
too, wonder if this is dangerous.

[Axon]

Axon:

Just to clarify, what I mean is that (last time I checked), I was able
to view individual files residing in AppVMs from dom0. For example, if I
download foo.pdf in "untrusted," then I open up the file manager in dom0
and browse through the list of "devices," I eventually find one which
contains "stuff.pdf." But at this point I was too afraid to click on it
(to try to open it from dom0) to see what would happen. :P Fortunately,
auto-preview seems to be disabled in dom0's file manager by default, but
it's still a bit disconcerting.

[Axon]

Axon:

"stuff.pdf" should have been "foo.pdf"

[Joanna Rutkowska]

So, just to make sure I understand this -- you're saying that if the
user installs some file manager in Dom0 (qubes-dom0-update) and then
fires up this file manager, and then navigates to /var/lib/qubes/appvm/
and clicks on a .img symbolizing a priovate disk for a VM, then... the
file manager actually shows the contents of it?

joanna.

[Marek Marczykowski-Górecki]

No, some file managers lists loop devices used by running VMs. So when one
select such device, it is mounted in dom0... This is one of many reasons why
one should not use file manager in dom0.

[Axon]

Marek Marczykowski-Górecki:

Yes, what Marek said.

And, the file manager is already pre-installed in dom0 (KDE). It's
"Thunar File Manager."

I was not aware that there was any reason not to use a file manager in
dom0. Perhaps it was just me being stupid, but I suspect many other
Qubes users will also assume that using a file manager in dom0 is
harmless, so I just added a warning to the wiki about this here:
http://qubes-os.org/trac/wiki/SecurityGuidelines

Marek, you said that there are "many reasons" not to use a file manager
in dom0. May I ask what some of the others are?

[Marek Marczykowski-Górecki]

Thunar is file manager from Xfce, so this can be a bug in "KDE+Xfce"
installation option.

> I was not aware that there was any reason not to use a file manager in
> dom0. Perhaps it was just me being stupid, but I suspect many other
> Qubes users will also assume that using a file manager in dom0 is
> harmless, so I just added a warning to the wiki about this here:
> http://qubes-os.org/trac/wiki/SecurityGuidelines
>
> Marek, you said that there are "many reasons" not to use a file manager
> in dom0. May I ask what some of the others are?

For example accidentally mount some untrusted USB stick, or try to store/open
some document in dom0 instead of AppVM. There should be no user data directly
in dom0 (even if ultimately trusted), only VMs.

[Axon]

Axon:

Not sure if feasible, but might a good candidate for a future
"enhancement" be disabling the use of any file managers in dom0 (in
keeping with the Qubes theme of "protecting the user from her own
mistakes")?

[Franz]

Seems a good idea. In a previous Qubes release (do not remember which one), without thinking much about it, wrote "nautilus" in a Dom0 terminal and it opened nautilus.  I was startled, realized was doing something wrong and closed it. I supposed it was there because it was difficult or impossible to remove it. This was the reason why I wrote in the security guidelines to avoid running any program in Dom0 except a simple editor.

[Axon]

Franz:

Ah, perhaps I should have incorporated my note into that point instead
of making a new one.

BTW, now that read that point and think about it, I'm not sure the
advice about not running any programs in TemplateVMs is correct. For
example, it seems appropriate to run Nautilus in the TemplateVM in order
to disable auto-preview (before Qubes shipped that way by default). For
another example, IIRC, Joanna wrote that it's OK to start Firefox in the
TemplateVM in order to change its settings (e.g., change the homepage,
change cookie settings, etc.).

[Zrubecz Laszlo]

On 28 May 2014 02:01, Axon <ax...@openmailbox.org> wrote:

> Not sure if feasible, but might a good candidate for a future
> "enhancement" be disabling the use of any file managers in dom0 (in
> keeping with the Qubes theme of "protecting the user from her own
> mistakes")?

You can't protect the users from their own mistakes ;)

And the file manager is actually needed by other applications like the
Ksnapshot.
I use it frequently for taking snapshots for my Qubes related
wrintings/presentations.



--
Zrubi

[Zrubecz Laszlo]

So instead of disabling the file manager, we should disable this
feature in the file managers.



--
Zrubi

[Franz]

Nautilus and Firefox are special cases because one may probably run them in all appVMs. But if an application has been compromised by a rouge developer and it is installed in a template, but never run in the template, then applVMs (where this application is never run) remain clean, even if it is possible to run this application in a less trusted VM. Isn't it? I do not know if there may be real cases of using an applVM without Nautilus or Firefox, but for example netvm, firewallvm and vpnvm (thanks Zrubi) do not need them.