I would like to reverse qvm-copy if that is possible. My use case is simply copying a folder from one qube to another but I would like for the qube which the file is being copied to to decide the path. I.e., a hypothetical command qvm-copy-from-vm myqube /home/user/Documents.
This is because I want to automate the copying and would have to run a few commands in the qube that is being copied to beforehand. I also trust the qube being copied to more, and would prefer to pick a file path there.
Ideally the solution will not be something complex like requiring qvm-connect-tcp.
Summary
The unholy solution would be to orchestrate this via qvm-run in dom0.
I’m trying to understand your use case.
What has “trusting the qube” to do with automating the copying?
Will you copy a specific folder,(e.g. a log folder to be placed in a
datestamped target), or do you want different folders to diverse
targets?
Are the targets predetermined (“automate” suggests so) or to be set on
copy (“pick a file path” suggests so).
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
I prefer to make a policy that says “trustedqube can copy any file from untrustedqube” than “untrustedqube can copy any file to trustedqube”
Since untrustedqube can still place any file in the specified path, let me know if this is mere security theater.
Though, I could for instance in trustedqube not let it run a copy that takes longer than n seconds so there is some merit to it.
I will copy a single file path from qubeA to qubeB via a cronjob or similar.
With my current Qubes OS knowledge, the way I could do this is to grant allow on qubes.Filecopy from untrustedqube to trustedqube and to do the orchestration (cronjob, other RPC calls, etc) in untrustedqube. I would prefer that this works the other way around.
I mentioned not wanting to use qvm-connect-tcp, if your rsync setup can do something like this, then please let me know anyway since I do need to get this done.
