So if I have say, Firefox, open in a disposable qube and that is the only thing running in that Qube; how can I open a terminal in that Qube? I presume I need to do this with some commands from dom0 terminal?
Note the name of the disposable qube from the title bar - then just
qvm-run <name> <command> from dom0
I presume I need to do this with some commands from dom0 terminal?
You can click on the Q icon in the system tray, select your Qube of interest, and click āRun Terminalā.
Also, in i3, if the window from this VM is in focus, Meta+Enter should open the terminal for you.
1 Like
A nice use-case for this is being able to open multiple documents on the same dispVM. However, there is not on-interface solution to this. Only through the terminal / through ārun command in qubeā as suggested.
This came up in the securedrop-workstation a while ago:
1 Like
A nice use-case for this is being able to open multiple documents on
the same dispVM.
I do this all day long. This workflow [1] works not only for URLs but
also for files / documents.
However, there is not on-interface solution to this.
Basically you configure qubes.OpenInVM to always askā¦ that will
produce the dom0 dialog where you can choose the already existing
disposable qube as target.
Thatās 100% pure GUI after it was setup once.
[1]
2 Likes
Thanks a lot for the tip. Always learning!
Re-using dispVMs
In the section above weāve seen how using the āaskā RPC policy allowed us to start a (disp)VM once and use it for opening subsequent URLs (or files) to avoid having to wait insane amounts of time for dispVMs to start. However this comes at the price of a loss in compartmentalization. It is thus up to the user to carefully pick destination VMs and to manage the lifecycle of dispVMs, killing it/them when necessary when a clean state is required.
@sven the way you suggest is great already. However, Iām particularly afraid of the highlighted part. I havenāt yet played too much with the RPC policies. But before digging into that, Iād like to ask you if the following is possible: having a named dispVM that is the predefined for srcVM.
That way, when the user clicked on āopen in VMā (on the file manager), it would be the default target, so the user would not have to ācarefully pickā.
Iād like to ask you if the following is possible: having a named
dispVM that is the predefined for srcVM.
ā¦ you mean target ā right?
That way, when the user clicked on āopen in VMā (on the file
manager), it would be the default target, so the user would not have
to ācarefully pickā.
$anyvm $dispvm ask,default_target=my_special_dvm
Nope. I mean source VM. For example. Iād like the default dispVM to be a named one, so that it always opens attachments on that same one, without me needing to select a target (named) dispVM.
Hmmmā¦ Perhaps we need to be a little clearer on the definitions? Is this correct?
-
srcVM: Part 1: The qube that contains the attachment/document to be opened (edited/viewed).
-
srcVM: Part 2: Also in its settings contains the Default DisposableVM Template.
-
Default DisposableVM Template: The template qube to use for the created dispVM (duh!
). -
dispVM: The qube created on-the-fly. Also the targetVM.
@deeplow : If I understand you correctly, you would like an enhancement to change āDefault DisposableVM Templateā to āDefault DisposableVMā, which could be either a Named dispVM or a DisposableVM Template. In the former case the Named dispVM would be (re-)used; in the latter case a new dispNNNN would be created each time, as now.
While only DisposableVM Templates are in the drop-down list in the Qubes Manager, interestingly qvm-prefs allows specifying a Named dispVM - but unfortunately it doesnāt take and actually resets the Default DisposableVM Template to None, without displaying any error - likely a bug?
@Sven : He may be asking if a set of entries is possible like:
vm1 $dispvm default_target=nameddispvm1forvm1
vm2 $dispvm default_target=nameddispvm2forvm2
etcā¦
Or I may just be confused!
Iām afraid my question has steered the thread into another (yet interesting direction). But the original point seems to have been addressed and this goes in a very similar direction.
Played around with it a bit and now I know whatās Iād like. Iād like to be able to set a named dispVM as the default dispVM for the srcVM such that whenever one clicks open in dispVM it would only boot one dispVM (the named one) and subsequent open in dispVM would open in the same one. This would make the workflow equivalent the one detailed by @Sven but without the need for the RPC dialogue for selecting the default target qube.
Hopefully Iām explaining myself correctly.
Basically my conclusion was that it is not possible because a named dispVM is of type DispVM and we can only select as Default disposableVM template an AppVM marked as DisposableVM template. Kinda confusingā¦
1 Like
This would make the workflow equivalent the one detailed by @Sven but
without the need for the RPC dialogue for selecting the default
target qube.
Well, if you set the policy to āask,target=my_named_dispvmā then the
dialog will come up but your named dispvm is preselected. So all you
need to do it hit the [OK] button. ā¦thatās not quite what you wanted
but pretty close.
Yup. I think as close as weāll get for now. Thanks again for the tip.
Actually,
srcVM $dispvm allow,target=targetVM
seems to eliminate the promptā¦
Of course, youād need such a line for each srcVMā¦
1 Like
The way I use this is to set named disposableVMs with the
qubes-shutdown-idle service configured for a short shutdown (2 mins I
think)
I use mailcaps and mimeinfo to set opening most files in a disposableVM,
and alias āopenā to āqvm-open-in-dvmā.
Because all the heavy lifting is done in /etc/qubes-rpc/policy/qubes.OpenInVM
I have keyboard shortcuts to set/unset the default allow rules. That gives
me the flexibility of changing from āopen files in separate disposableVMā
to āopen files in the same disposableVMā.
You should be able to set this up yourself with minimal effort: if you
need help shout out.
1 Like
This is it. Thanks!!
Yes, I was already thinking of doing exactly the same.
This makes me think about the possibility of dynamic RPC policies. Basically /etc/qubes-rpc/policy/qubes.OpenInVM could be an executable file whoās output would be the the actual policy. But this is probably a topic on its own.
Thank you. If I need, Iāll ping you then.