"Storage Qube" or otherwise share folders of a drive selectively?

338 views
Skip to first unread message

codeg...@gmail.com

unread,
Jul 11, 2017, 4:08:56 PM7/11/17
to qubes-users
Right now, I have a lot of stuff all just "consolidated" on one hard drive.
/var/storage/{Anime,public_html,Documents,Pictures,.config/{pale\ moon,deluge}} and so on.

But, obviously, I want to try with Qubes to have some isolation from my webserver, perhaps have my Torrent client not be able to read my browser profile, etc.

I'm thinking of setting up perhaps something like a "Storage Qube", which will have the storage drive permanently attached, and be in charge of managing permissions and serving the folders to authorized VMs via…NFS? SSHFS?

The catch is, I want to try to have it at least be reasonably performant (i.e., my browser profile is there currently), and preferably not make it "too" hacky/inelegant, in case the Qubes devs roll their own guided/integrated system for this.

DOES Qubes have a facility to do this currently?

Florian Brandes

unread,
Jul 11, 2017, 4:52:20 PM7/11/17
to qubes...@googlegroups.com, codeg...@gmail.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi,

I'm new to qubes, so excuse me if I may sound stupid, but wouldn't it be easier to include your storage space in your overall qubes setup (maybe as an LVM), so that you would just use your qubes and extend their personal disk space? This way you could take advantage of the isolation provided by qubes without the hassle of setting up a dedicated storage VM which would also need to check permissions.

On the other hand you could probably set up a storage VM and serve the files via NFS on a IP basis. Since every qube has a unique IP address you could make sure that no other qube except the one you permit has access to a specific storage folder.

Greetings,

Florian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQI0BAEBCAAeBQJZZTp6FxxmbG9yaWFuLmJyYW5kZXNAZ214LmRlAAoJEKf3MHt6
BMRJ8REP/1Q1/3DYemY7X1zHtyhZ2BGTh82HXqfwSEKxJDOm4kLa60pl+JAeJuUm
INegwPw6zLLnCNnT2+aRjIB/keRJmLGs+/cJeLd3Qt0gu8BXBIitAOl4kXPxksNi
tdi5p7xmyy2opiXQakGkHGY/knWV1CowPSNAny6LL5RI+Sn0rYXZW1EvMeAoPSZs
oZrBJB3tafVA5CB7ywe25TkdszeDSFR+ZnEQn3ZbsTHbNm/LnH+BsZ+G0LUZIGLf
R6GG9d5+mQvzUOjCK/ANVdxxSGCflfvkhC2ERLu9LXNRgjh6mnrQMlJFvtiBwun4
CJ/FHIbiG692dDfEpiJ8UuXXNXKIzhsKzhXkuwEjq5+ygvimP2cAGgMLMiTGSFJ/
MUa61mY6/n2SZja5fG/Lxitw7zRKGiblRYFrjYcm1KEt4j4HC6G07icJkN9znqiN
2MKtLCt+5xlUFHvvD7Jz5KZSWqy8EfFj17WAruGBSs+qANPLw3jehTMFGUN39PDe
EYLYhDSLmJPnY0qFZR/KOG7aD3LVMTBuCLMeuxDBXd4c9NHH9hgoBfiB/l6FQObO
jlEuLcENHyHBNsGA6wtirwhPLeoCwzXZl1KUJEjp8YNz/FnKcVS1tUyGnj1reRrG
C5zJCljHaEMEw81yKRU+gNY5kZaBHwAJUsPSisfm+6KjHD7ablUB
=RDvn
-----END PGP SIGNATURE-----

P R

unread,
Jul 15, 2017, 3:57:52 AM7/15/17
to Florian Brandes, codeg...@gmail.com, qubes...@googlegroups.com
Hello,

Am 11.07.2017 10:52 nachm. schrieb "Florian Brandes" <florian...@gmx.de>:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 07/11/2017 10:08 PM, codeg...@gmail.com wrote:
(...)

> I'm thinking of setting up perhaps something like a "Storage Qube", which will have the storage drive permanently attached, and be in charge of managing permissions and serving the folders to authorized VMs via…NFS? SSHFS?
(...)

I'm new to qubes, so excuse me if I may sound stupid, but wouldn't it be easier to include your storage space in your overall qubes setup (maybe as an LVM), so that you would just use your qubes and extend their personal disk space? This way you could take advantage of the isolation provided by qubes without the hassle of setting up a dedicated storage VM which would also need to check permissions.

On the other hand you could probably set up a storage VM and serve the files via NFS on a IP basis. Since every qube has a unique IP address you could make sure that no other qube except the one you permit has access to a specific storage folder.

One idea that came to my mind:
- setup a "storage qube" which serves as a NFS Server

- create exports in separate folders which can only be accessed by dedicated IPs (from the AppVMs)

- as an additional Layer of security you could use encfs (with maybe some symlinks) in the AppVMs, so that the date is decrypted from the view of an AppVM but encrypted from the view of the Storage Qube.

I guess it should be possible to script something where the decryption key is stored locally in the AppVM (Assuming that the data would be unencrypted in the AppVM without a "Storage Qube".

Would this work for you?

- PhR

Noor Christensen

unread,
Jul 15, 2017, 4:45:43 AM7/15/17
to qubes-users
I found this project the other day: https://github.com/rustybird/qubes-split-dm-crypt

Haven't tried it myself yet but it looks like it could fit your idea.

-- noor

|_|O|_|
|_|_|O| Noor Christensen
|O|O|O| no...@fripost.org ~ 0x401DA1E0
signature.asc

Noor Christensen

unread,
Jul 15, 2017, 4:57:34 AM7/15/17
to qubes-users
Also, one of the main Qubes workflows is to create AppVMs separated by
"domain".

This can mean many things, but in your case I can think of at least two:
browser and torrents. You can have two AppVMs (one for browser, one for
torrents) that share the same TemplateVM but have their own private
storage for persistent files (browser profile, torrent client config).

By separating applications into their own AppVMs they are isolated from
each other, and they cannot read private data from other AppVMs. If you
need them to share anything, you just put that in the template and it
will be available for any AppVM using that template next time it starts.

Everything stored in an AppVM's private storage is persistent between
restarts. It is only available to that AppVM.
signature.asc

P R

unread,
Jul 15, 2017, 3:20:47 PM7/15/17
to qubes-users
Hello,


Am 15.07.2017 10:45 vorm. schrieb "Noor Christensen" <kchr+qub...@fripost.org>:

I found this project the other day: https://github.com/rustybird/qubes-split-dm-crypt

Haven't tried it myself yet but it looks like it could fit your idea.

Thank you for the link, very interesting!
As far as I understand the qubes-split-dm-crypt has a security benefit as the credentials are not entered in an AppVM where the encrypted partition should be mounted but in another VM.
As such there is less opportunity to grab the passphrase as it is entered in another VM.

As far as I have understand 'codegeak98' he is asking for a solution to store data in one storage qube, which might be accessed by several AppVMs while still beeing sure that the data is protected from access by other VMs or even the storage Qube itself.

- PhR

Noor Christensen

unread,
Jul 15, 2017, 3:25:42 PM7/15/17
to qubes-users
Yeah, I'm looking for a similar solution myself...

I think we can learn a lot from the qubes-split-dm-crypt for this since
it's more or less the same workflow but without the LUKS layer.

But if someone else have a working solution to the use case please
share!
signature.asc
Reply all
Reply to author
Forward
0 new messages