Re: [qubes-users] Using UNISON between VMs... Is that possible?
28 views
Skip to first unread message
Message has been deleted
Sven Semmler
Sep 12, 2017, 12:43:12 PM9/12/17
to qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 09/12/2017 02:15 AM, segu....@gmail.com wrote:
> I have a script that uses UNISON [...] The idea is to sync files
> between two virtual machines that have no visibility between them.
Can you be more specific? Will those two VMs have network connections?
Are you planning to continue using UNISON? Must the script run fully
automatically or is some limited user interaction ok? (scheduled or
manual run)
> Has anyone faced this problem or imagined a solution for this?
* you can use qvm-copy-to-vm to copy file(s) from one VM to another,
whoever it won't give you synchronization ... if the sender had
visibility of the file system of the receiver, it would defeat the
entire purpose of Qubes OS (compartmentalization).
* you can mount a USB block device to VM 1 and run your script to sync
between VM 1 and a folder structure on the USB block device, then you
could unmount and mount the same to VM 2 and now run your script again
to sync with VM 2
* you could allow network for both VMs via sys-firewall and setup
firewall rules that would ensure that the only connection between the to
VMs is the one for UNISON (e.g. unison -socket 1234). You can lookup the
internal IP addresses of the VMs in the Qubes Manager.
Finally, I would recommend to take a step back and question your setup.
How much thought have you put into your domain compartmentalization? Is
it really necessary to sync between the two VMs? What is the purpose of
having the same files in two VMs that are isolated from each other?
/Sven
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJZuA6YAAoJENpuFnuPVB+2VkwP/0mWxWFlBKQtsfUp25rw7a9y
eiNsgIzzmWUgMAkFY6yFryVFUtmwCMOW48w9unx9FIUpOpboHSDrGW84N2yaqjyV
KzwFPhhaJbV/i7/1CyHzHzkhctgpipHfz5c0G4PFdpchSbgepaOfEjTQv5sv0p5X
swFxx3f7OA162rZRZqjSJ3KKvrkHzVLJuU2moRJvwg/+LMAtjtlsRGmG1wBsyBDy
LF94GMlKD+mMbGB5TQmAU2Svxq3ym0yKzjvwzzFbNc3RSASJROlFOvEtqSVwWioH
t6RicdD2DW0WnohVrbYLrj55oIhwDvRFfvBVqYr+Bbw9uD+lh16GHX6eALEm0yww
wZP4Xtk2id+giDkj9agSv+aLCoAQpxp0lg2Vrtj9LT/3rJWMRP2GPIirqVFLXONX
HmEC0iozlvG/OltQnuD+VQvX2yYdT84FgxKqGEtNhnRNs45RwDhkVqIXwifzSbIu
KRYRap6W9FNbpcEBoq4jBmotnOkECOdqi7qSCvzjlrBQNAHrSXZyY2SZaD731hir
UApJnm4Bo8yJE7O12P6IvA0335ins0eNk6IuWVTlYuN+ymIqwfitYqOd7HWE/Zzu
WXBwT3QzI9Br2R3D0dJR6+LoEQLmt/OXAhqG5wsFhKF6kd/SGTFpWseCoypjsZKB
bk3DM/YPjTAvWOLtkfOp
=L7c+
-----END PGP SIGNATURE-----
Hash: SHA256
On 09/12/2017 02:15 AM, segu....@gmail.com wrote:
> I have a script that uses UNISON [...] The idea is to sync files
> between two virtual machines that have no visibility between them.
Can you be more specific? Will those two VMs have network connections?
Are you planning to continue using UNISON? Must the script run fully
automatically or is some limited user interaction ok? (scheduled or
manual run)
> Has anyone faced this problem or imagined a solution for this?
* you can use qvm-copy-to-vm to copy file(s) from one VM to another,
whoever it won't give you synchronization ... if the sender had
visibility of the file system of the receiver, it would defeat the
entire purpose of Qubes OS (compartmentalization).
* you can mount a USB block device to VM 1 and run your script to sync
between VM 1 and a folder structure on the USB block device, then you
could unmount and mount the same to VM 2 and now run your script again
to sync with VM 2
* you could allow network for both VMs via sys-firewall and setup
firewall rules that would ensure that the only connection between the to
VMs is the one for UNISON (e.g. unison -socket 1234). You can lookup the
internal IP addresses of the VMs in the Qubes Manager.
Finally, I would recommend to take a step back and question your setup.
How much thought have you put into your domain compartmentalization? Is
it really necessary to sync between the two VMs? What is the purpose of
having the same files in two VMs that are isolated from each other?
/Sven
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJZuA6YAAoJENpuFnuPVB+2VkwP/0mWxWFlBKQtsfUp25rw7a9y
eiNsgIzzmWUgMAkFY6yFryVFUtmwCMOW48w9unx9FIUpOpboHSDrGW84N2yaqjyV
KzwFPhhaJbV/i7/1CyHzHzkhctgpipHfz5c0G4PFdpchSbgepaOfEjTQv5sv0p5X
swFxx3f7OA162rZRZqjSJ3KKvrkHzVLJuU2moRJvwg/+LMAtjtlsRGmG1wBsyBDy
LF94GMlKD+mMbGB5TQmAU2Svxq3ym0yKzjvwzzFbNc3RSASJROlFOvEtqSVwWioH
t6RicdD2DW0WnohVrbYLrj55oIhwDvRFfvBVqYr+Bbw9uD+lh16GHX6eALEm0yww
wZP4Xtk2id+giDkj9agSv+aLCoAQpxp0lg2Vrtj9LT/3rJWMRP2GPIirqVFLXONX
HmEC0iozlvG/OltQnuD+VQvX2yYdT84FgxKqGEtNhnRNs45RwDhkVqIXwifzSbIu
KRYRap6W9FNbpcEBoq4jBmotnOkECOdqi7qSCvzjlrBQNAHrSXZyY2SZaD731hir
UApJnm4Bo8yJE7O12P6IvA0335ins0eNk6IuWVTlYuN+ymIqwfitYqOd7HWE/Zzu
WXBwT3QzI9Br2R3D0dJR6+LoEQLmt/OXAhqG5wsFhKF6kd/SGTFpWseCoypjsZKB
bk3DM/YPjTAvWOLtkfOp
=L7c+
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
Message has been deleted
0 new messages