Git-Mirrors/Qubes-Community-Content
1
0
Fork 0
mirror of https://github.com/Qubes-Community/Contents.git synced 2024-10-01 01:05:51 -04:00
Code Issues Packages Projects Releases Wiki Activity
09f6c5ee7b
Qubes-Community-Content/docs/common-tasks/copying-files-to-dom0.md
taradiddles a1b3741b28 add copying-files-to-dom0 doc
2018-04-04 16:56:25 +03:00

1.4 KiB
Raw Blame History

Copying files to dom0

!! Note: copying untrusted content (or trusted content from an untrusted VM) compromises the whole Qubes OS security model !!

Technically, the output of a file in a VM (generated by a qvm-run --pass-io ... command) is redirected into a file in dom0:

qvm-run --pass-io vm-name "cat /path/to/file/in/vm" > "/path/to/file/in/dom0"

or with a pipe into dd, with the conv=sparse option to recreate a sparse file in dom0:

qvm-run --pass-io vm-name "cat /path/to/file/in/vm" | dd conv=sparse of=/path/to/file/in/dom0

Note that in this case the whole file is read by cat so the operation will take some time to complete for large files. Alternatively, one could pipe the output of tar -Scf - large_file into tar in dom0, but this is not recommended since an attacker could use potential vulnerabilities in tar to compromise dom0.

Script to automate copying:

#!/bin/bash
# qvm-copy-to-dom0
# Copy a file from an AppVM to dom0
# qvm-copy-to-dom0 appVM srcPath [ dst ]

AppVM=$1       # mandatory
Source=$2      # mandatory
Destination=$3 # optional (will use ~/QubesIncoming/AppVM/ folder if null)

if [ -z "$Destination" ]; then
	Destination="$HOME/QubesIncoming/$AppVM/$(basename "$Source")"
	mkdir -p "$HOME/QubesIncoming/$AppVM"
fi

if [ -e "$Destination" ]; then
	echo "'$Destination' exists; aborting" >&2
	exit 1
fi

qvm-run --pass-io $AppVM "cat $Source" > "$Destination"