The tool `qvm-get-image` in `dom0` is really poorly explained. No manual and `--help` only says "Secure copy of images between virtual machines." One must visit the [code](https://github.com/QubesOS/qubes-app-linux-img-converter/blob/main/qvm-get-image) to try to understand, but I see the developers have been doing (much work)[https://github.com/QubesOS/qubes-issues/issues/6425] just for the non-tech so I don't understand why such very simple thing (a good explanation for `qvm-get-image`) isn't existent even though it can be essential[^1] in many cases.
My question is on `qvm-get-image` security. How does it work? My guess is `qvm-get-tinted-image` what's used in `dom0` to retrieve app icons from VMs, including untrusted ones. Since `qvm-get-tinted-image` is the same as `qvm-get-image` with extra tint, as can be seen in the [code](https://github.com/QubesOS/qubes-app-linux-img-converter/blob/main/qvm-get-tinted-image), my guess was `qvm-get-image` is completely secure to use. I'm posting this because I won't take the risk of *compromising* `dom0`* with a *guess*. Also because I saw: [quote="unman, post:4, topic:5084"] Well they are not widely advertised or promoted, and they do have some use. They were introduced as tradeoff between security and usability. I still prefer the “full screen and screenshot” route for backgrounds. [/quote] I'm also posting this as **a suggestion for adding more explanation to `qvm-get-image` tool**, e.g. > Secure copy of images between virtual machines. Use with confidence to get any image you want from any VM into dom0. especially since `dom0` *already did that countless times* for all the app icons in the app menus. --- [^1]: A simple case is when one wants to transfer many images to `dom0` e.g. for wallpapers, while they are very many that the screenshot method is much manual work. Transferring images into `dom0` can be for other non-trivial reasons other than wallpapers, and it's because `dom0` is the GUI and management domain and *not* because one is doing work (e.g. what should be done in AppVMs) in `dom0`. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/qubes-users/3c0767fd17e59e14094e3e38a98ffea1.squirrel%40hxuzjtocnzvv5g2rtg2bhwkcbupmk7rclb6lly3fo4tvqkk5oyrv3nid.onion.
