I'm creating a bash script in dom0 to help with this.
I could use
qvm-run -ap sys-net "sudo qvm-copy-to-vm sys-net-profiles /etc/NetworkManager/system-connections/*"
...but that will spawn a dom0 confirmation dialogue that I'd rather avoid (after all, dom0 is initiating the copy).
I could "allow" qubes.Filecopy from sys-net -> sys-net-profiles, but I don't want to trust sys-net to initiate this copy on its own.
Is there any way to directly copy files from one VM to another, executed directly from dom0?
How much of a risk do you think this is, passing the file contents through dom0 via qvm-run -ap?
Thanks, and point taken on not focusing on security implications.
I found a thread from last year where some third-party devs are concerned about the implications of letting qvm-run -p run wild:
https://github.com/SietsevanderMolen/i3-qubes/issues/15
It's a good idea, but I think I'm looking for a more secure solution - if it's out there.
I'm trying this for a solution:
- Creating sys-transfer-station VM
- Set it as internal VM (this VM will never be used for anything but transferring files)
- qubes.Filecopy policy: $anyvm sys-transfer-station allow
- As the computer shuts down, add to qubes.Filecopy policy: sys-transfer-station sys-net-profiles allow
- Transfer files
- Remove "sys-transfer-station sys-net-profiles allow"
I think this might do the trick... any comments on how this would be insecure? Seems somewhat similar to the qubes-dom0-update mechanism with sys-firewall.
sys-firewall is considered trusted = green. sys-net is considered very untrusted and red alert. Maybe the most untrusted vm there is? besides dispvm? I guess it really depends on how paranoid you are. I doubt there are known exploits or examples we can come up and I'm just a noob but I would says as long as you are not copying anything from sys-net to dom0 you should be fine, don't care what command you're running.
So in this case, sys-net could return whatever malicious file it desired, it would be passed through dom0 one character at a time without absolutely no interpretation, ending up at the destination VM?
Or would dom0 collect the entire text of the file, and then pipe it in one piece to the destination VM?