Different qvm-open-in-dvm for different filetypes

My goal is to be able to (double)click a file/link in qube personal so specific dispvm:dvm-filetype-based-template to opens it.

For example, if I doubleclick txt file in qube personal, to trigger dispvm based on a dvm-template that has only mousepad installed in it. When I click a link in qube personal, to trigger dispvm based on a dvm-template that has only browser installed, and no mousepad or any other unwanted app, and so on.

Is that achievable? Any idea appreciated.

1 Like

Yes, and it will take 3 steps:

  1. Write a script that will open files.
    A script is required because you must assign some kind of a program to file types you want to open in disposables. If you want this to apply to all qubes based on a template, create the script in the template and store it in /usr/bin/ or just /bin/. If you want this to happen in one specific AppVM, save the script into home folder: /home/user/.local/bin/

    These paths may differ from one distribution to another, so check their documentation or add path to the $PATH variable yourself if shell won’t detect your script.

    The script itself may be as sophisticated as you want, but the core functionality revolves around the command like this:

    qvm-open-in-vm @dispvm:<disposable_template> $1
    
    • qvm-open-in-vm @dispvm:<disposable_template> opens file $1 in a disposable based on <disposable_template>. Replace it with the name of your disposable template.
    • $1 is a special bash variable that holds first input of a command. For example, if you run cat mouse, $1 will be equal mouse from the perspective of cat.
  2. Assign file types to be opened by the script. Use tools you prefer to do this. In xfce it is xfce4-mime-settings.

  3. Create qubes policy.
    Technically, it should work without this step. But without it Qubes OS will ask you to select vm each time you open a file.

    To create the policy, open policy editor in dom0 and add a policy to one of the existing files or create a new policy file.

    I’m not sure whether it is better to add to existing files or to create a new one. It is technically possible for existing files to update with qubes, thus removing all your customizations. Hopefully somebody will clarify this.

    For this example, let’s assume that your script runs qvm-open-in-vm @dispvm:custom-dvm $1 and you want to run it from vault-test

    Your policy line should be:

    qubes.OpenInVm    *   vault-test    @dispvm:custom-dvm    allow
    

    This policy allows vault-test to open files in disposables based on custom-dvm.

You need to either make script in such a way that it will run different disposables depending on the type of the input file, or create multiple scripts and assign them.

2 Likes

Thank you for your comprehensive answer. I get the whole process/concept.

I have one dilemma though: how should script/command look like in order to set, for example, .sh files to be opened by mousepad in dispvm? Also, how with HTTP links?

File types

The easiest way to determine the type of a file is by querying file types.

Something like:

if [ $(xdg-mime query filetype $1) == "application/x-shellscript" ]
then qvm-open-in-vm @dispvm:custom-dvm $1
fi

But you can do the same thing by assigning different scripts to different file types using your system tools.

On that note, I just realized that you don’t necessarily need to write scripts. You can assign qvm-open-in-vm @dispvm:custom-dvm directly as a command to open a file type.

Using scripts, however, you can select how to open files based on other criteria. For instance, open all scripts in the folder “sus_files” in a certain vm:

if [ $(xdg-mime query filetype $1) == "application/x-shellscript" ]; then
   if [[ "$(readlink -f $1)" == *"sus_files/"* ]]
   then qvm-open-in-vm @dispvm:very-disposable-vm $1
   else qvm-open-in-vm @dispvm:custom-dvm $1
   fi
fi

In dvms

I am pretty sure that Qubes OS uses xdg-open to open file in the default application based on the file type. So, you can set it manually via whatever mime setting app you have in there.

In another word, I don’t think that you can tell your dvm which app to use from the script in another vm in a concise way. Nonetheless, it should be possible to build some custom monstrosity to do this.

Links

With links approach is the same, but you need to set your script (or just the command) as your browser. I’m not sure how it works under the hood, but in xfce (and most of other conventional DEs) you can assign a browser in the mime settings app.

Again, in a script you can further determine the actions depending on what the link is.

1 Like

Thanks @otter2. I really appreciate your time.

Yes it does. But if I set text editor as the default app for scripts in custom-dvm template (I assume here custom-dvm is dvm-template, not THE template), will it break running scripts there?
I’m having hard time to grasp this, so please apologize for me not understanding it.

It won’t break running scripts, this change will only apply to e.g. running the command xdg-open myscript.sh or opening the file from the file manager.

1 Like

Thanks for your responses.

Before I summarize it all, I need one more clarification. For the links, I would use something like this

$ xdg-mime default qvm-open-http(s)-in-dvm.desktop x-scheme-handler/https

So I create a copy of an existing qvm-open-in-dvm.desktop rename it to qvm-open-http(s)-in-dvm.desktop and edit it, but I’m not sure about the syntax for the Exec line, so it would actually opens @dispvm:browser-based-dvm-template

I tried (using common sense as the only tool I posses for this):

Exec=/usr/bin/qvm-open-in-vm – @dispvm:browser-based-dvm-template %u

with/or without -- and @ but it doesn’t work.

Now in the qvm-open-in-dvm.desktop file it says:

'### Note: With this installed, typing “xdg-settings set default-web-browser qvm-open-in-dvm.desktop” will make it so that in gnome-terminal
’ ### that right clicking on a URL on screen, then selecting “open with” to open the link, will open it in a disposable VM (as opposed to opening it in the current VM)

Executing this command in gnome-terminal doesn’t show entry “Open With...” (?!). If I’d got this entry anywhere for the links, the problem would be solved because

$ qvm-open-in-vm @dispvm:browser-based-dvm-template https://www.duckduckgo.com

works with correspondent dom0 policy, but nowhere “Open With...” to be found, so I could set this command for the default app.

Anyway so, it’s obviously something about the syntax in a .desktop file for the `Exec=~ line.

I can’t use xfce4-mime-settings because I deploy minimals.

First of all, I’m not sure about using xdg-mime to set default browser. Since a browser can handle multiple mime file types just setting x-scheme-handler might be insufficient. Apparently there is a xdg-settings setting called default-web-browser to handle this.

In fact, this is exactly what the note in the qvm-open-in-dvm.desktop says. I think there is a typo there and terminal should display something like “Open link” when you right click on a link. It depends on the terminal, of course.

Concerning the syntax of the Exec parameter in a desktop file, it seems to be not as simple. When tested this with xfce, it doesn’t create a desktop file to assign the default-web-browser xdg-setting. Instead, it creates a “helper” located in .local/share/xfce4/helpers/custom-WebBrowser.desktop:

[Desktop Entry]
NoDisplay=true
Version=1.0
Encoding=UTF-8
Type=X-XFCE-Helper
X-XFCE-Category=WebBrowser
X-XFCE-CommandsWithParameter=qvm-open-in-vm @dispvm:browser-based-dvm-template "%s"
Icon=qvm-open-in-vm
Name=qvm-open-in-vm
X-XFCE-Commands=qvm-open-in-vm @dispvm:browser-based-dvm-template

This works, but it also seems like this functionality is DE-dependent, so you must use their tools or dig deeper.

Or just try this helper and hope that it will work in a minimal, I guess. Parameters of a helper are different when I set an actual browser as a browser, so they must be dependent on the browser application. If minimal uses XFCE bits to run GUI it may work.

1 Like

Well, it obviously didn’t create it in my case. Actually, have no /.local/xfce4 folder at all. I tried to create it to contain .desktop file, but to no avail.

But what your thought inspired me was to check my /.local/share/applications folder, and, oh boy, I found there a bunch of qvm-open-http(s)-in-dvm.desktop files in which names there were random characters, plus the original one with the given name. Once I deleted them all (!) it started to work!

Thanks for the ideas and inspiration!

I will choose your 2nd post as a solution but I will summarize it all in the next post.

Basically, for my case it is as follows.

Files

  1. I have set different dvm-templates for different file types (filetype-based-dvm-template)
  2. In a desired qube (desired-qube), via context menu I have set default app for each file type as

qvm-open-in-vm @dispvm:filetype-based-dvm-template

  1. For the desired qube, in dom0 I had to set policy for each file type for the desired qube

qubes.OpenInVM * desired-qube @dispvm:filetype-based-dvm-template allow

because the last policy line is, and I don’t want to be asked for certain filetypes

qubes.OpenInVM * @anyvm @anyvm ask

Links

I) If default dispvm is browser-based-dvm-template (that has browser installed in it), it should be enough to set

xdg-mime default qvm-open-in-dvm.desktop x-scheme-handler/http
xdg-mime default qvm-open-in-dvm.desktop x-scheme-handler/https

II) If default dispvm is not browser-based-dvm-template, then:

  1. I created qvm-open-http(s)-in-dvm.desktop file with the content as follows and placed it into /usr/share/applications directory.

[Desktop Entry]
Version=1.0
Name=Open Links In DisposableVM
Exec=/usr/bin/qvm-open-in-vm – @dispvm:browser-based-dvm-template %u
Terminal=false
Type=Application
Categories=Network;WebBrowser;
MimeType=application/octet-stream;application/pdf;application/qubes-untrusted-file;application/rdf+xml;application/rss+xml;application/vnd.mozilla.xul+xml;application/x-wwf;application/x-zerosize;application/xhtml+xml;application/xml;image/gif;image/jpeg;image/png;image/svg+xml;text/html;text/plain;text/xml;x-scheme-handler/about;x-scheme-handler/http;x-scheme-handler/https;x-scheme-handler/unknown;
NoDisplay=true

Please note that instead browser-based-dvm-template, the one has to set their template.

  1. Checked /.local/share/applications folder, and if found there any instance of qvm-open-http(s)-in-dvm.desktop files (multiple can have additional random characters!), plus the original one with the given name - deleted them all (!) and it started to work!

This to work for links in terminal, I enabled hyperlinks in it’s Settings as well as what I used was an option to middle click links in order to open them, so I could avoid accidental openings by left/right clicks.

Side note for the future users they should not forget: after each policy change, qubesd has to be restarted id dom0, in order the change to become effective:

$ systemctl restart qubesd

1 Like