Easily share folders between VMs.

Overview

Inter-VM shared folders for Qubes OS

This package aims to solve the problem of inter-VM file sharing (rather than manual copying) by allowing a VM to mount folders from any other VM's file system (or mounted network shares).

This package contains:

  • a Qubes OS qrexec service to serve folders from a qube
  • a program to mount folders in a qube served from other qubes
  • policy (for dom0) to permit or deny the process

There's a number of to-do items for which we'd love your help!

Usage

The following instructions assume that the qube which contains the files you want to share is named server and the qube where you want to access the files is named client. They also assume you successfully finished the one-time installation instructions below.

To mount /home/user from the server VM onto /home/user/mnt, run the following on a terminal of client:

cd /home/user
mkdir mnt
qvm-mount-folder server /home/user mnt

At this point you will see an authorization message from dom0 asking you if you really want to give client access to server's files. Note that the access is blanket read/write, and once given.

Authorize the access by confirming the name of the qube (server on the dialog and continuing.

Presto. You should be able to use a file manager, a terminal, or any of your favorite applications to use files in /home/user/mnt -- these files are all stored in server on folder /home/user.

To finish using it, run sudo umount /home/user/mnt. Note that currently, the connection remains open between client and server even after unmounting, so the only way to sever the connection is to power off one of the two qubes.

Security considerations

  • There is currently no way to control which folders of the server qube can be requested by client qubes. In principle this should be doable because diod can export only a subtree of any file system hierarchy, but the next point needs to be addressed first.
  • The connection remains open after unmounting. This means that the client VM can in principle continue to access resources from the file system exported by diod before the unmount happened.
  • A compromise of the client qube could be used to escalate into a compromise of the diod daemon running on the server qube -- in which case the server qube can be considered compromised. The converse case is possible as well. In other words: the client qube trusts that diod (on the server) will not send malicious data back, and the server qube trusts that the v9fs kernel module on the client qube will not send malicious data. This is an inherent risk of running a client/server setup that uses a low-level binary protocol and two sides (a client and a server), whether it be Git, SSH, or any other protocol.

If these security considerations cannot be accommodated by your security model, you are better off not using this program.

Installation

First, build a diod RPM package:

git clone https://github.com/Rudd-O/diod
cd diod
./autogen.sh && ./configure --prefix=/usr && make dist && rpmbuild -ts *tar.gz

Then, install this package on the template of the qube you plan to share your files from.

Now build RPM packages for this software:

git clone https://github.com/Rudd-O/qubes-shared-folders
cd qubes-shared-folders
make rpm

Two RPMs will result:

  1. qubes-shared-folders-...noarch.rpm
  2. qubes-shared-folders-dom0-...noarch.rpm

Install the first one in the template of the qube you plan to share your files from, as well as the template of the qube you plan to access your files in.

Install the second one in dom0. This package contains policy (default ask) for the service.

Now shut down all involved qubes, to ensure the installation takes. You don't need to shut down your computer or dom0.

Owner
Rudd-O
Rudd-O
simple subdomain finder

Subdomain-finder Simple SubDomain finder using python which is easy to use just download and run it Wordlist you can use your own wordlist but here i

AsjadOwO 5 Sep 24, 2021
The module that allows the collection of data sampling, which is transmitted with WebSocket via WIFI or serial port for CSV file.

The module that allows the collection of data sampling, which is transmitted with WebSocket via WIFI or serial port for CSV file.

Nelson Wenner 2 Apr 01, 2022
Decentra Network is an open source blockchain that combines speed, security and decentralization.

Decentra Network is an open source blockchain that combines speed, security and decentralization. Decentra Network has very high speeds, scalability, asymptotic security and complete decentralization

Decentra Network 74 Nov 22, 2022
Find information about an IP address, such as its location, ISP, hostname, region, country, and city.

Find information about an IP address, such as its location, ISP, hostname, region, country, and city. An IP address can be traced, tracked, and located.

Sachit Yadav 2 Jul 09, 2022
Apple Store Stock Notifier monitors the availability of selected Apple devices in selected Apple stores, and sends you a notification when devices are available!

Apple Store Stock Notifier This software will immediately send you a notification via Telegram when one of your coveted Apple Devices is available in

Floris-Jan Willemsen 25 Dec 05, 2022
A simple tcpdump sidecar injector to demonstrate Kubernetes's Mutating Webhook

k8s-tcpdump-webhook A simple tcpdump sidecar injector to demonstrate Kubernetes's Mutating Webhook Build and Deploy Build docker image; docker build -

Bilal Ünal 2 Sep 01, 2022
Wifijammer - Continuously jam all wifi clients/routers

wifijammer Continuously jam all wifi clients and access points within range. The effectiveness of this script is constrained by your wireless card. Al

Dan McInerney 3.5k Dec 31, 2022
An improved version of the original AutoDD

AutoDD = Automatically does the "due diligence" for you. If you want to know what stocks people are talking about on reddit, this little program might help you.

Steven Zhu 169 Oct 05, 2022
9SPY: a Windows RAT built in Python using sockets

9SPY 👁‍🗨 9SPY is a Windows RAT built in Python using sockets Features Features will be listed here soon, there are currenly 14 Information This is a

doop 12 Dec 01, 2022
This Tool can help enginners and biggener in network, the tool help you to find of any ip with subnet mask that can calucate them and show you ( Availble IP's , Subnet Mask, Network-ID, Broadcast-ID )

This Tool can help enginners and biggener in network, the tool help you to find of any ip with subnet mask that can calucate them and show you ( Availble IP's , Subnet Mask, Network-ID, Broadcast-ID

12 Dec 13, 2022
Web service load balancing simulation experiment.

Web service load balancing simulation experiment.

NicestZK 1 Nov 12, 2021
A library of functions that can be used to manage the download of claims from the LBRY network.

lbrytools A library of functions that can be used to manage the download of claims from the LBRY network. It includes methods to download claims by UR

13 Dec 03, 2022
Solismod - A script subscribes to MQTT topics and waits for a message

SolisMod This is a first attempt to modify Solis inverter settings As SolisMon3,

9 Nov 14, 2022
libsigrok stacked Protocol Decoder for TPM 2.0 transactions from an SPI bus. BitLocker Volume Master Key (VMK) are automatically extracted.

libsigrok stacked Protocol Decoder for TPM 2.0 transactions from an SPI bus. BitLocker Volume Master Key (VMK) are automatically extracted.

Jordan Ovrè 9 Dec 26, 2022
Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation

Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation

Mariusz B. 715 Dec 25, 2022
Get Your Localhost Online - Ngrok Alternative

Get Your Localhost Online - Ngrok Alternative

Azimjon Pulatov 442 Jan 04, 2023
Securely and anonymously share files, host websites, and chat with friends using the Tor network

OnionShare OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor ne

OnionShare 5.4k Jan 01, 2023
A benchmark for stateful fuzzing of network protocols

A benchmark for stateful fuzzing of network protocols

3 Apr 25, 2022
School Project using Python Sockets and Personal Encryption Method.

Python-Secure-File-Transfer School Project using Python Sockets and Personal Encryption Method. Installation Must have python3 installed on your syste

1 Dec 03, 2021
This is simple script that changes the config register of a cisco router over serial so that you can reset the password

Cisco-router-config-bypass-tool- This is simple script that changes the config register of a cisco router over serial so that you can bypass the confi

James 1 Jan 02, 2022