On 04/24/2018 09:01 AM, Drew White wrote: > On Tuesday, 24 April 2018 15:28:40 UTC+10, Ivan Mitev wrote: >> On 04/24/2018 08:14 AM, Drew White wrote: >>> Is it possible for every guest to share one virtual drive for cacheing and >>> auto mounting to same location for file transfers? >> >> It isn't possible unless you set up a clustered file system, which >> implies having in-band or out-of-band communication channels between >> guests. This breaks compartmentalization, which is Qubes' raison d'etre, >> so if you really need this you're better off ditching Qubes and go with >> plain kvm (or xen) VMs. >> > > I'm not talking about for all guests. and the channel would be one image > file, read only. Writable only by one guest that does the downloading > securely and checks and writes the files.
AFAIK it's not possible. You need a clustered FS to see changes in real time; If you share an image/device you'll have to - make sure the guest with write rights has fsync'ed the changes to the FS and/or that no cache is involved. - unmount/remount the shared volume in R/O guests each time you need to read new files. I have no idea if Qubes allows sharing a volume between guests; I'd imagine that qvm-* commands won't allow that so that users don't shoot themselves in the foot, but you may be able to achieve this with lower level commands or by tweaking the qvm-* commands' source. But since you're sending content from a VM to other guests, the security level of your R/O guests is basically dependent on the one you download files to, so you could open some firewall ports and setup a networked clustered FS like glusterfs. > > One guest has cache and write permissions, nothing else does. Thus, secure. > More secure than downloading the same thing 50 times. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2b77ccc9-bed7-3095-7b47-b4616cb3f0e1%40maa.bz. For more options, visit https://groups.google.com/d/optout.
