Getting own NetVM in domUs, how?

Suspicious_Actions · April 17, 2022, 10:49am

What i want to achieve:

Get information on the used netvm from within domU.

Why i want to achieve this:

Giving more cues on what netvm a domU is using by means of a custom zsh prompt element or something like neofetch.

Using the colored windows to indicate netvm does not cut it for me, as the used netvm can change on runtime, while the color cannot.

Possible solutions

Reading IP and determining netvm with a lookup table
Every domU holds a list with all Subnets/IPs of all netvms and can determine the used one through used subnet or gateway.

Pros:

Easy
No modification to qubes

Cons

Leaks system information to domUs
static
needs external updating of table

All domU is its own adminVM
Every domU is an adminVM. Qrexec rules should be as such, that they only can call qvm-prefs $OWN_NAME netvm for themselves.

Pros

dynamic
no leaks

Cons

Needs qubes-core-admin-client on all domUs
Needs tight qrexec rules that i might fuck up

I dont like neither of those ideas. Due to information leak solution one it is no real option for me, but i dont feel good installing qubes-core-admin-client in every vm on the system.

What are your feelings on this?
Do you have better ideas?

51lieal · April 17, 2022, 1:52pm

I maybe miss understanding your question, but aren’t running qvm-ls -n from dom0 is enough to get information of the used netvm?

enmus · April 17, 2022, 2:58pm

It is. But he probably kept on his mind

phl · April 17, 2022, 3:11pm

I imagine this could be possible through DNS. You could probably set a static DNS record, something like netvm.local , in each of your NetVMs and resolve it, for example, to a CNAME record which gives the real netVM name. Or you could choose an arbitrary private IP address and set an rDNS entry for it.
As far as I know, netVMs should resolve DNS for AppVMs unless you changed anything about this default behaviour. So depending on which netVM your Qube is connected to, DNS could give different results.

Suspicious_Actions · April 17, 2022, 3:15pm

Thanks for your response!

Yes from dom0 one could easily call for example qvm-prefs --get $QUBE netvm.

What i am trying to do is to display the used netvm inside the terminal of a domU.

Another solution would be to run a daemon in dom0 that writes the used netvm into a file in the domU’s, but that solution is hacky at best imo.

Suspicious_Actions · April 17, 2022, 3:23pm

This is by far the best idea yet, thanks!

As i would love to have an obvious, color based indication the implementation over DNS would leak no information about the systems configuration as it would with some kind of lookup table (one can encode the color in the CNAME entry).

I will try to do that. However i am not that familiar with DNS, especially in qubes, but that does not sound too difficult