Mounting directories across VMs (losetup/block device solution for directories)?
52 views
Skip to first unread message
Johannes Graumann
Feb 26, 2020, 4:23:41 PM2/26/20
to qubes-users
Hi,
I'm experimenting with creating a sys-dropbox vm that syncs with my
dropbox account. I would love to be able to then mount defined
subdirectories of the synced path to other vms (losetop/qvm-block-
style, which only works for files).
Is this possible? Where to find pointers?
Sincerely, Joh
I'm experimenting with creating a sys-dropbox vm that syncs with my
dropbox account. I would love to be able to then mount defined
subdirectories of the synced path to other vms (losetop/qvm-block-
style, which only works for files).
Is this possible? Where to find pointers?
Sincerely, Joh
alex.b...@gmail.com
Feb 27, 2020, 2:33:32 AM2/27/20
to qubes-users
I don't think you can achieve this by block device sharing unless you spread your directory structure across block devices exactly in a way you are going to share it with VMs - and even in that case you'll not be able to share with VM and sync with Dropbox at the same time (you didn't specify if that's required).
I suggest you explore the options of network shares using NFS/SAMBA/FTP/WebDAV/etc - together with passing just that network port to the target VM this can be a good solution.
dhorf-hfre...@hashmail.org
Feb 27, 2020, 11:49:48 AM2/27/20
to alex.b...@gmail.com, qubes-users
On Wed, Feb 26, 2020 at 11:33:32PM -0800, alex.b...@gmail.com wrote:
> I suggest you explore the options of network shares using
> NFS/SAMBA/FTP/WebDAV/etc - together with passing just that network port to
> the target VM this can be a good solution.
for an out-of-the-box solution, i would recommend sshfs via qubes-rpc.
> I suggest you explore the options of network shares using
> NFS/SAMBA/FTP/WebDAV/etc - together with passing just that network port to
> the target VM this can be a good solution.
(== zero network whatever required)
for something more custom, i would look for some FUSE example code
that just does "mirror mounts", then adjust it to work over qubes-rpc
instead of whatever IPC it is currently using.
799
Feb 27, 2020, 12:04:42 PM2/27/20
to Johannes Graumann, qubes-users
Hello Johannes,
Johannes Graumann <nons...@graumannschaft.org> schrieb am Mi., 26. Feb. 2020, 22:23:
(...) I'm experimenting with creating a sys-dropbox vm that syncs with my
I startee building something similar to be able to sync data with Microsoft OneDrive.
The solutions consists of three AppVMs:
1) VM stores data (encfs or cryfs encrypted)
2) VM syncs (encrypted data) with the cloud
3) VM decrypts data
Data is shared between AppVMs via sshFS and sys-firewall'd to minimize access options.
one7two99
David Hobach
Feb 27, 2020, 2:32:26 PM2/27/20
to qubes-users
Johannes Graumann
Feb 28, 2020, 8:40:35 AM2/28/20
to David Hobach, qubes-users
Nice solution, but overkill in my case - I use tresorit's E2EE solution (let's not get started on the closed source/snake oil discussion, I have to consider noob-co-usage ...) and want to sync that storage to a sys-tresorit, from where I want to grant access to certain subsections of it to individual vms - without additional encryption.
Any pointers on where to start exploring the above mentioned sshfs via qubes-rpc solution?
Sincerely, Joh
David Hobach
Feb 29, 2020, 7:27:08 AM2/29/20
to Johannes Graumann, qubes-users
On 2/28/20 2:40 PM, Johannes Graumann wrote:
> On 2020-02-27 20:32, David Hobach wrote:
>
>> On 2/26/20 10:23 PM, Johannes Graumann wrote:
>>> Hi,
>>> I'm experimenting with creating a sys-dropbox vm that syncs with my
>>> dropbox account. I would love to be able to then mount defined
>>> subdirectories of the synced path to other vms (losetop/qvm-block-
>>> style, which only works for files).
>>> Is this possible? Where to find pointers?
>>
>> qcrypt can do that: https://github.com/3hhh/qcrypt
>
> Nice solution, but overkill in my case - I use tresorit's E2EE solution
> (let's not get started on the closed source/snake oil discussion, I have
> to consider noob-co-usage ...) and want to sync that storage to a
> sys-tresorit, from where I want to grant access to certain subsections
> of it to individual vms - without additional encryption.
I disagree with the idea that only pros deserve real security.
> On 2020-02-27 20:32, David Hobach wrote:
>
>> On 2/26/20 10:23 PM, Johannes Graumann wrote:
>>> Hi,
>>> I'm experimenting with creating a sys-dropbox vm that syncs with my
>>> dropbox account. I would love to be able to then mount defined
>>> subdirectories of the synced path to other vms (losetop/qvm-block-
>>> style, which only works for files).
>>> Is this possible? Where to find pointers?
>>
>> qcrypt can do that: https://github.com/3hhh/qcrypt
>
> Nice solution, but overkill in my case - I use tresorit's E2EE solution
> (let's not get started on the closed source/snake oil discussion, I have
> to consider noob-co-usage ...) and want to sync that storage to a
> sys-tresorit, from where I want to grant access to certain subsections
> of it to individual vms - without additional encryption.
I'd recommend automating stuff so much that it can be used by "noobs".
Only that automation programming might require some "pro" knowledge, but
it needs to be done only once.
> Any pointers on where to start exploring the above mentioned sshfs via
> qubes-rpc solution?
someone already implemented that.
However wrt your apparently low profile threat model I don't see too
much of a security benefit over doing it over battle-hardened TCP
anyway. So you might just want to check the Qubes doc on opening ports
to other VMs.
Reply all
Reply to author
Forward
0 new messages