In my personal experience with Qubes, one of the main inconveniences is file sharing and storage between qube AppVM’s. My ideal solution would be a main storage Qube (eg. “vault”) this qube would hold all the files for all designated AppVMs. And would interface with other AppVMs in replacement to their internal storage. For example, say I was was to download an image in a Qube called “work,” I would download it, but instead of downloading it somewhere in the “home” directory of “work,” it would download it in “vault’s” “home” directory. Then if I wanted to edit the downloaded image with an image editor in another qube, say “personal,” I would open the image in “personal” without moving it to “personal” (Like viewing files on a mounted block device). Then when I was done editing, the image would automatically save back to the “vault” qube. (I hope this makes since)
This has several benefits:
- The storage space required for each qube would be less.
- All files will be in one spot, not scattered all over multiple qubes.
- File transfer would be mostly unnecessary, since any qube could edit/view any file straight from the storage qube.
- If any qube was to be compromised, you would not loose any files in that qube, because there would not be any files in it.
- You would not have to move files back and fourth through many qubes, as they would never leave the main storage qube.
- You would not have to have a lot of duplicate applications in multiple AppVMs just to edit or view a file (eg. you want to view multiple images but they are located in a VM without an image viewer. rather than move all the files to a VM with an image viewer, or Download another image viewer in that qube, you would only need one image viewer to view it straight from the storage qube.
- I’m sure there are others I haven’t thought of yet.
I’ve found a few ways that work, like a SMB server in the storage qube, but then if anyone has access to any VM, they have access to all your files. is there a way to temporarily mount a qube, like a block device? Or is there another way? I’d like to be as secure as possible.
What are Yall’s thoughts?