Copying files to dom0
=====================

**!! Note: copying untrusted content (or trusted content from an untrusted VM) compromises the whole Qubes OS security model !!**


Technically, the output of a file in a VM (generated by a `qvm-run --pass-io ...` command) is redirected into a file in dom0:

~~~
qvm-run --pass-io vm-name "cat /path/to/file/in/vm" > "/path/to/file/in/dom0"
~~~

or with a pipe into `dd`, with the `conv=sparse` option to recreate a sparse file in dom0:

~~~
qvm-run --pass-io vm-name "cat /path/to/file/in/vm" | dd conv=sparse of=/path/to/file/in/dom0
~~~

Note that in this case the **whole** file is read by `cat` so the operation will take some time to complete for large files. Alternatively, one could pipe the output of `tar -Scf - large_file` into `tar` in dom0, but this is not recommended since an attacker could use potential vulnerabilities in `tar` to compromise dom0.

Script to automate copying:

~~~
#!/bin/bash
# qvm-copy-to-dom0
# Copy a file from an AppVM to dom0
# qvm-copy-to-dom0 appVM srcPath [ dst ]

AppVM=$1       # mandatory
Source=$2      # mandatory
Destination=$3 # optional (will use ~/QubesIncoming/AppVM/ folder if null)

if [ -z "$Destination" ]; then
	Destination="$HOME/QubesIncoming/$AppVM/$(basename "$Source")"
	mkdir -p "$HOME/QubesIncoming/$AppVM"
fi

if [ -e "$Destination" ]; then
	echo "'$Destination' exists; aborting" >&2
	exit 1
fi

qvm-run --pass-io $AppVM "cat $Source" > "$Destination"
~~~