On Sun, 1 Mar 2020 15:03:46 +0000
unman <un...@thirdeyesecurity.org> wrote:
>On Sun, Mar 01, 2020 at 06:48:14AM -0600, Stuart Perkins wrote:
>> I have a 300gb drive image I mount on whichever machine I want to put common
>> things...pictures/documents/etc...and this happens:
>>
>> Here is my mount scrip..{/mnt/2tb is the mount point for my 2 terrabyte
>> drive}
>>
>> ==============
>> [admin@dom0 ~]$ cat bin/mount300g.sh
>> if [ A${1} == A ]
>> then VM=untrusted
>> else VM=${1}
>> fi
>> MOUNTED=`qvm-block|grep 300g.img|wc -l`
>> if [ ${MOUNTED} == 1 ]
>> then
>> ONVM=`qvm-block|grep 300g.img|awk '{print $3}'`
>> echo Already Mounted on ${ONVM}
>> exit 0
>> fi
>> sudo losetup -f /mnt/2tb/300g.img
>> LOOPDEV=`losetup --list | grep -F 300g.img|awk '{print $1}'|awk -F/ '{print
>> $3}'`
>> qvm-block attach ${VM} dom0:${LOOPDEV}
>> VMDEV=`qvm-block|grep 300g.img|awk -Fxvd '{print "xvd" substr($2,1,1)}'`
>> echo Mounted on ${VM} as ${VMDEV}
>> qvm-run -p ${VM} 'sudo mount -a'
>> ==============
>>
>>
>> And here is what happens on a freshly opened dom0 command window...
>>
>> ==============
>> [admin@dom0 ~]$ mount300g.sh untrusted
>> qvm-block: error: backend vm 'dom0' doesn't expose device 'loop21'
>> Mounted on untrusted as
>> mount: /home/user/300g: can't find
>> UUID="b7a87607-d757-41f8-95fe-408268f3b62b".
>> ==============
>>
>> So, I remove it by dropping the mount with losetup...
>>
>> Then I issue a "cd" command, which does nothing since I'm still at the home
>> directory...
>>
>> Then I re-try the mount, and it succeeds...
>>
>> ==============
>> [admin@dom0 ~]$ mount300g.sh untrusted
>> Mounted on untrusted as xvdi
>> ==============
>>
>> Two questions:
>>
>> 1. What sort of half-done edit is this nonesense? It is embarrassing.
>>
>> 2. What exactly is trying to be controlled by restricting the exposure of
>> loop devices to manual mounting anyway? My machine, and I'll mount what I
>> want where I want.
>
>I wouldnt do this.
>I wouldnt do it like this - there's no error checking, you dont test
>outputs before moving on to next stage,`mount -a` is almost certainly
>not what you want.
>
>That said, it works for me - 300G image on a 1TB drive
>
>What shell are you running? (I note you dont specify in the script)
>Is `cd` at all relevant, or would *any* command do?
>Would it work if you just waited for a few minutes?
>
>My guess is that there's some issue between the *first* losetup and the
>LOOPDEV variable, and on the second run you pick up the *first* - you
>could test this with a long sleep between the losetup line and the
>LOOPDEV line.
>
I understand the security implications...and I take the "risks" with my own
stuff. I hadn't thought of just a sleep...I may try it with a 3 second sleep
in between. One would think the error message would be something "/dev/loop21
does not exist" though if that were the case. Thanks for the hint though...I
hadn't thought of just waiting a bit. My use of "cd" is simply a "do nothing"
command..I may try something else like an "ls" and see if I get the same
results if the wait doesn't do it. Just an oddness of the error message.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/20200301102649.5e078f7a%40gmail.com.
