cool! thanks!
This would be awesome, I gave it a try but for some reason can't seem to get it to work, that is getting a link from an email in tbird to open up in a browser in my work vm.
I created an ~/.local/share/applications/open_work_vm.desktop
edited the exec line:
[Desktop Entry]
Encoding=UTF-8
Name=WorkBrowserVM
Exec=qvm-open-in-vm work %u
Terminal=false
X-MultipleArgs=false
Type=Application
Categories=Network;WebBrowser;
MimeType=x-scheme-handler/unknown;x-scheme-handler/about;text/html;text/xml;application/xhtml+xml;application/xml;application/vnd.mozilla.xul+xml;application/rss+xml;application/rdf+xml;image/gif;image/jpeg;image/png;x-scheme-handler/http;x-scheme-handler/https;
ran xdg-settings:
xdg-settings set default-web-browser open_work_vm.desktop
(it created a mimeapps.list file) then tried it, nada.
I tried restarting the browser, then the tbirdVM, then the workvm, each time clicking on the link in the email in tbird and hoping the default browser (firefox) would pop up in my workVM. Instead nothing happened, the workVM didn't start up, firefox didn't open up (when I pre-started the work vm), and a tab didn't pop up when the workvm and ff were both pre-started.
I would really like to get this working for a variety of reasons, actually the absolute best would be to click on a link in tbird (or right click in a browser) and have a menu that gave a few options of where I'd like to open a page up like in a dispvm, anonvm, or just another regular appvm.
Thoughts?
I will reply to your comments and then go read your how-to (i fear it might be over my head as I am an absolute desktop/qvm-open-in-vm noob but I am sure it will be a good start!)
> What happens if you run `qvm-open-in-vm work https://qubes-os.org` in
> tbirdVM
it seems to work just fine that way
> and when you run xdg-open https://qubes-os.org in the work VM
> (without the quotes)?
ok, xdg-open I hadn't tried. But regardless this seems to work fine as well.
>
> I actually just finished a how-to on setting default applications and
> qvm-open-in-(d)vm:
> https://github.com/QubesOS/qubes-doc/pull/379/files?short_path=83ca4e2#diff-83ca4e28de9bcee331783522a52c2bd0
> (Any comments would be appreciated.)
>
> --
> ubestemt
wil check it out!
Any thoughts (Micah or the community), on whether this creates an avenue for persistent compromise of a VM?
Maybe there's a way to make this change persistent from the TemplateVM, eg store the .desktop file outside /home and create a symlink in to it?
I'm a little wary of adding a handler for http/https links that resides in /home.
This is a good point. So the fundamental security issue is the we cannot specifically confirm the URL that is being sent to the other VM as we are approving it.
I suppose this would need to be secured on the web browser VM end. Maybe create another .desktop file as the default HTTP/HTTP handler on the web browser VM that allows for user confirmation of the URL before opening in the actual browser?