!! Note: copying untrusted content (or trusted content from an untrusted VM) compromises the whole Qubes OS security model !!
Technically, the output of a file in a VM (generated by a
qvm-run --pass-io ... command) is redirected into a file in dom0:
qvm-run --pass-io vm-name "cat /path/to/file/in/vm" > "/path/to/file/in/dom0"
or with a pipe into
dd, with the
conv=sparse option to recreate a sparse file in dom0:
qvm-run --pass-io vm-name "cat /path/to/file/in/vm" | dd conv=sparse of=/path/to/file/in/dom0
Note that in this case the whole file is read by
cat so the operation will take some time to complete for large files. Alternatively, one could pipe the output of
tar -Scf - large_file into
tar in dom0, but this is not recommended since an attacker could use potential vulnerabilities in
tar to compromise dom0.
Script to automate copying:
#!/bin/bash # qvm-copy-to-dom0 # Copy a file from an AppVM to dom0 # qvm-copy-to-dom0 appVM srcPath [ dst ] AppVM=$1 # mandatory Source=$2 # mandatory Destination=$3 # optional (will use ~/QubesIncoming/AppVM/ folder if null) if [ -z "$Destination" ]; then Destination="$HOME/QubesIncoming/$AppVM/$(basename "$Source")" mkdir -p "$HOME/QubesIncoming/$AppVM" fi if [ -e "$Destination" ]; then echo "'$Destination' exists; aborting" >&2 exit 1 fi qvm-run --pass-io $AppVM "cat $Source" > "$Destination"