On Sun, Feb 05, 2017 at 04:38:09AM -0800, Andrew David Wong wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 2017-02-04 12:59, Unman wrote:
> > On Sat, Feb 04, 2017 at 07:02:57PM +0100, john.david.r.smith
> > wrote:
> >> On 04/02/17 18:42, Loren Rogers wrote:
> >>> Hi all,
> >>>
> >>> I'm confused about running disposable VMs - if I open a browser
> >>> or file viewer, then want to open a terminal for the same VM,
> >>> how could I do this? (E.g. I want to view an untrusted file,
> >>> then make some edits.)
> >> right click the dispvm in the qubes manager. select run command.
> >> enter xterm or whatever you want to run
> >>
> >> or user (in dom0) qvm-run DISPVM_NAME xterm
> >>>
> >>> Is there a way to configure the default disposable VM in the
> >>> Qubes menu? I see that disposable VMs can be configured for
> >>> individual domains, but I can't find where the generic one is.
> >>>
>
> Yes, you can customize the default DispVM by following
> these instructions:
>
> https://www.qubes-os.org/doc/dispvm-customization/
>
> >>> Also, is it possible to specify a different template for
> >>> disposable machines? Say I'm running something based on the
> >>> default fedora-23, and I want to open a document from my work
> >>> VM, which uses that template. But I want to open it with my
> >>> fedora-23-custom template as a disposable VM. (E.g. running a
> >>> video in VLC that has untrustworthy components.) Is this
> >>> doable?
> >>
> >> currently you can only have one dispvm. if you want, you can set
> >> the template as default for dispvms (qvm-create-default-dvm)
> >>
> >> -john
> >
> > Loren,
> >
> > You can't configure disposable VMs for individual qubes - what you
> > can do is change the netVM which will apply if you start a
> > disposableVM from that qube. The dispVM that will be started is
> > determined by the default dvm, and this is set by
> > qvm-create-default-dvm.
> >
> > As John said, you can only have one default dvm, but it's trivial
> > to work around this with a small script.
>
> Care to share that script, unman?
>
> > It's possible to do this because qvm-create-default-dvm does NOT
> > remove the files for old dvms. You can see this if you generate a
> > new default-dvm, and then look in /var/lib/qubes/appvms. So if you
> > generate a number of different dvms based on different templates,
> > it's simple to switch between them before launching a new dispVM.
> > The launch time isn't noticeably different from starting up a new
> > dispVM, and voila - multiple template disposable VMs on the cheap.
> >
>
> How do you easily switch between the different DVM templates?
>
> > I do this without any apparent ill effects, but it certainly isn't
> > part of the canon.
> >
> > unman
> >
>
I've attached the script. It's trivial.
First generate assorted dvms using qvm-create-default-dvm and customize
them as wou will. (Strictly this isnt necessary but you may as well get
your dvm just the way you want it.)
Then just run the script:
"./switch_dvm debian-8 xterm" will load a dvm based on the debian-8 template
and run xterm in a new dispVM derived from that dvm.
The debian-8-dvm will be the default from then on, but you can easily
switch to another: "./switch_dvm xenial-desktop "
If you havent generated a dvm already, then the script calls 'qvm-create
-default-dvm' for you.
Because you can set dvms with different netvms, and alternate
Qubes networking paths, it's possible to trigger dispVMs using
different torVMs/ VPNs through different NICs, in the same time it takes
to load a dispVM ordinarily.
I have a number of keyboard shortcuts to call it with different
parameters, to do exactly this.
It should be obvious that because you are using the saved dvm, you wont
see any changes you make in the template until you trigger an updated
saved dvm.
There's all sorts of stuff wrong with it, but it's a quick hack and it
works fine (for me). Try it at your own risk.
unman
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/20170205222339.GA6028%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.
#!/bin/sh
if [ $# -eq 0 -o $# -gt 2 ] ; then
echo 'Usage: switch_dvm templatename [command]'
exit 1
fi
TEMPLATENAME=$1
DVMTMPL="$TEMPLATENAME"-dvm
DVMTMPLDIR="/var/lib/qubes/appvms/$DVMTMPL"
ROOT=/var/lib/qubes/dvmdata/savefile-root
DEFAULT=/var/lib/qubes/dvmdata/default-savefile
CURRENT=/var/run/qubes/current-savefile
SHMDIR=/dev/shm/qubes
SHMCOPY=$SHMDIR/current-savefile
if [ -d $DVMTMPLDIR ] ; then
rm -f $ROOT $DEFAULT $CURRENT
ln -s "$DVMTMPLDIR/dvm-savefile" $DEFAULT
ln -s "/var/lib/qubes/vm-templates/$TEMPLATENAME/root.img" $ROOT
rm -f $SHMCOPY
cp $DEFAULT $SHMCOPY || exit 1
chgrp qubes $SHMCOPY
chmod 660 $SHMCOPY
ln -s $SHMCOPY $CURRENT
rm /var/lib/qubes/dvmdata/vmdir
ln -s $DVMTMPLDIR /var/lib/qubes/dvmdata/vmdir
else
echo "Creating new dvm"
qvm-create-default-dvm $1
fi
if [ $2 ] ; then
echo $2 | /usr/lib/qubes/qfile-daemon-dvm qubes.VMShell dom0 DEFAULT red
fi
