mirror of
https://github.com/Qubes-Community/Contents.git
synced 2024-12-24 06:39:25 -05:00
46 lines
1.4 KiB
Markdown
46 lines
1.4 KiB
Markdown
Copying files to dom0
|
|
=====================
|
|
|
|
**!! Note: copying untrusted content (or trusted content from an untrusted VM) compromises the whole Qubes OS security model !!**
|
|
|
|
|
|
Technically, the output of a file in a VM (generated by a `qvm-run --pass-io ...` command) is redirected into a file in dom0:
|
|
|
|
~~~
|
|
qvm-run --pass-io vm-name "cat /path/to/file/in/vm" > "/path/to/file/in/dom0"
|
|
~~~
|
|
|
|
or with a pipe into `dd`, with the `conv=sparse` option to recreate a sparse file in dom0:
|
|
|
|
~~~
|
|
qvm-run --pass-io vm-name "cat /path/to/file/in/vm" | dd conv=sparse of=/path/to/file/in/dom0
|
|
~~~
|
|
|
|
Note that in this case the **whole** file is read by `cat` so the operation will take some time to complete for large files. Alternatively, one could pipe the output of `tar -Scf - large_file` into `tar` in dom0, but this is not recommended since an attacker could use potential vulnerabilities in `tar` to compromise dom0.
|
|
|
|
Script to automate copying:
|
|
|
|
~~~
|
|
#!/bin/bash
|
|
# qvm-copy-to-dom0
|
|
# Copy a file from an AppVM to dom0
|
|
# qvm-copy-to-dom0 appVM srcPath [ dst ]
|
|
|
|
AppVM=$1 # mandatory
|
|
Source=$2 # mandatory
|
|
Destination=$3 # optional (will use ~/QubesIncoming/AppVM/ folder if null)
|
|
|
|
if [ -z "$Destination" ]; then
|
|
Destination="$HOME/QubesIncoming/$AppVM/$(basename "$Source")"
|
|
mkdir -p "$HOME/QubesIncoming/$AppVM"
|
|
fi
|
|
|
|
if [ -e "$Destination" ]; then
|
|
echo "'$Destination' exists; aborting" >&2
|
|
exit 1
|
|
fi
|
|
|
|
qvm-run --pass-io $AppVM "cat $Source" > "$Destination"
|
|
~~~
|
|
|