I don’t know how to print from AppVM.
How this is supposed to work?
It depends on the location of your printer/how it is connected.
If it's a local USB printer, for example, you could just give your AppVM
control of the USB controller. (Of course, you may have to install some
drivers depending on your printer model.)
http://qubes-os.org/trac/wiki/NetworkPrinter
If you do not have a network printer you can buy a simply adapter
compatible with your printer. I got a TP-link PS110U that works perfectly.
Best
Franz
Seems like you could create a dedicated standalone VM to act as a
print server, with the locally-connected USB or network printer
configured, and then have your AppVMs point to that via CUPS. Not sure
there's much value in terms of security boundary with a dedicate print
VM since you're likely going to have to install all the CUPS
infrastructure on the AppVMs anyway (though the NetworkPrinter page
makes a good point about potentially buggy drivers and installation
process).
Seems like a dedicated print VM would though address the issue of
installing the drivers into the template VM and then having to shuttle
around the USB device to different AppVMs whenever you wanted to
print.
Cheers,
Brian
If you have/want a network printer, sure, but you shouldn't have to buy
any extra hardware, IMHO. I use a USB printer in the way described in my
previous email, and it's very easy.
Remember that you can also just qvm-copy-to-vm the document you wish to
print from any AppVM to the AppVM to which the printer is connected. The
undesirable part of this is that you end up copying documents from
different security levels to this "printer" domain (more likely "usb"
domain), but:
1) This domain can (and probably should) be disconnected from the
network, making leaks less likely.
2) You only ever have to copy from higher security domains to lower
security domains.
3) You would probably face equal (or greater) confidentiality risk with
a standalone network printer or a network printer connected to a
different physical machine.