Qvm-open-in-vm multiple files.
3 views
Skip to first unread message
faube...@dnmx.cc
Oct 30, 2025, 7:04:31 PM (7 days ago) Oct 30
to qubes...@googlegroups.com
I intensely use DispVMs for almost everything. There are two types:
opening a file for view / edit, and opening a file for processing or
multiple files for view / edit. In the first case, the current
`qvm-open-in-vm` satisfies. But in the second case, when you need to
process a file and get the output back automatically, or when you need to
open multiple files for viewing / editing in the same DispVM e.g. when
they are all of the same trust level and no sense exists in separating
them and on the other hands more DispVMs use more RAM, the current
`qvm-open-in-vm` does not satisfy because it only takes one filename.
I am aware that this is intentional, as adding functionality for multiple
filenames will unnecessarily increase attack surface. But I just made a
script in dom0 that did the job with the only problem being you must
manually write source VM name and paths to input / output files. The
script takes source and target VM names, input and output file paths and
does the following: (1) Starts source and target VMs. (2) Executes
`qvm-copy` in source VM to copy input files to target VM. (3) Execute
`xdg-open` in target VM to open (process - as you configured it) the input
file(s), and pass output filenames as parameters (so it can name them as
wanted). (4) Execute `qvm-copy` in target VM to copy output file(s) to
source VM back.
That's why I am posting this - I am asking if it is possible to create
another RPC service that goes to VMs by default (like `qvm-copy`,
`qvm-open-in-vm`) that simply does nothing but calling scripts in dom0
with parameters. I see no problem at all, and rather many benefits: no
need to manually write VM name, make use of auto-completion with file
paths, have ability to use that in scripts in the VM.
opening a file for view / edit, and opening a file for processing or
multiple files for view / edit. In the first case, the current
`qvm-open-in-vm` satisfies. But in the second case, when you need to
process a file and get the output back automatically, or when you need to
open multiple files for viewing / editing in the same DispVM e.g. when
they are all of the same trust level and no sense exists in separating
them and on the other hands more DispVMs use more RAM, the current
`qvm-open-in-vm` does not satisfy because it only takes one filename.
I am aware that this is intentional, as adding functionality for multiple
filenames will unnecessarily increase attack surface. But I just made a
script in dom0 that did the job with the only problem being you must
manually write source VM name and paths to input / output files. The
script takes source and target VM names, input and output file paths and
does the following: (1) Starts source and target VMs. (2) Executes
`qvm-copy` in source VM to copy input files to target VM. (3) Execute
`xdg-open` in target VM to open (process - as you configured it) the input
file(s), and pass output filenames as parameters (so it can name them as
wanted). (4) Execute `qvm-copy` in target VM to copy output file(s) to
source VM back.
That's why I am posting this - I am asking if it is possible to create
another RPC service that goes to VMs by default (like `qvm-copy`,
`qvm-open-in-vm`) that simply does nothing but calling scripts in dom0
with parameters. I see no problem at all, and rather many benefits: no
need to manually write VM name, make use of auto-completion with file
paths, have ability to use that in scripts in the VM.
Reply all
Reply to author
Forward
0 new messages