Shared Folder Host-Side implementation

HulaHoop · May 25, 2019, 8:25pm

This topic is to track tasks needed to implement host-side shared folders for KVM.

Incron install and config for auto permission adjustment.
shared folder help package additions

Status: Incron policy for permission command application upon certain file actions testing and working.
Status:WIP

systemd service change to add a directory in the user’s home folder if it detects non-virtual environment. Will need to distinguish between Whonix-Host and Whonix Physical builds on x64 and ARM somehow since that would be irrelevant. @Patrick what if set it to look for a certain “this is Whonix-Host” file that’s only available in a Whonix Host build?

Two parts:
*mkdir /home/$USER/shared
*Adding a shared folder device to Whonix-Workstation using virt-xml. DONE. User name needs to be variable scripted though.

sudo virt-xml Whonix-Workstation --add-device --filesystem source=/home/user/shared,target=shared,type=mount,accessmode=mapped

Patrick · May 26, 2019, 1:22pm

systemd supports ConditionVirtualization=false, does that help?

On host or in VM?

What about the already established /mnt/shared folder by https://github.com/Whonix/shared-folder-help package?

Not yet, but will be implemented.

HulaHoop · May 26, 2019, 4:43pm

It should.

All host side.

Good idea. Are /mnt/ permissions lenient or will they cause problems for files in /shared ?

Patrick · May 29, 2019, 2:20pm

Are /mnt/ permissions lenient or will they cause problems for files in /shared ?

It’s whatever we make them. Worked well inside VMs. (See
shared-folder-help.postinst.)

HulaHoop · May 29, 2019, 8:58pm

Since the same directory location is readily available on host and guest this part of the package doesn’t need conditionals.

Only the part about pulling/sarting the incron package should be on the host. Is it possible to control whther a dependency gets pulled depending on the environment? Or maybe the incron daemon can be adjusted to only start when it detects it’s not virtualized.

Patrick · June 1, 2019, 1:01am

Not that I know, but no need since the dependency could be added to the host package whonix-host-xfce-kvm-freedom which only gets installed on Whonix Host Xfce KVM.

HulaHoop · June 1, 2019, 1:03am

Should I add it now or when a full configuration is added?

Patrick · June 1, 2019, 1:05am

Dunno. I don’t know what would speak about doing it now.

add

virt-xml "Whonix-Workstation" --add-device --filesystem source=/mnt/shared,target=shared,type=mount,accessmode=mapped`

below

github.com

Whonix/whonix-libvirt/blob/master/usr/lib/whonix-libvirt/install#L69-L78


virsh -c qemu:///system net-autostart "default" || true
virsh -c qemu:///system net-start "default" || true
virsh -c qemu:///system net-define "/usr/share/whonix-libvirt/xml/Whonix-External.xml" || true
virsh -c qemu:///system net-define "/usr/share/whonix-libvirt/xml/Whonix-Internal.xml" || true
virsh -c qemu:///system net-autostart "Whonix-External" || true
virsh -c qemu:///system net-start "Whonix-External" || true
virsh -c qemu:///system net-autostart "Whonix-Internal" || true
virsh -c qemu:///system net-start "Whonix-Internal" || true
virsh -c qemu:///system define "$temp_dir/xml/Whonix-Gateway.xml" || true
virsh -c qemu:///system define "$temp_dir/xml/Whonix-Workstation.xml" || true

?

Patrick · June 1, 2019, 1:10am

And above, add

mkdir --parents /mnt/shared
chmod 777 /mnt/shared

?

Then this is fully implemented? No need for ConditionVirtualization=false or any other changes?

HulaHoop · June 1, 2019, 1:13am

OK these two commands need to precede the virt-xml one or else it fails becuase the folder doesn;t exist

No need for service conditions now after this. incron can just go into the host package you mentioned.

Patrick · June 1, 2019, 1:15am

Ok. Could you add too please?

virt-xml “Whonix-Workstation” --add-device --filesystem source=/mnt/shared,target=shared,type=mount,accessmode=mapped` || true

Does it need -c qemu:///system?

HulaHoop · June 1, 2019, 1:16am

OK Does it need to be in a if-then block?

No this is a dedicated tool that doesn’t use this notation

Patrick · June 1, 2019, 1:17am

No, since these commands are idempotent.

HulaHoop · June 1, 2019, 1:21am

Done

Patrick · June 1, 2019, 1:22am

This commit does not show up in git master branch.

https://github.com/Whonix/whonix-libvirt/commits/master

I also don’t see a new branch.

It also does not show up in https://github.com/Whonix/whonix-libvirt/blob/master/usr/lib/whonix-libvirt/install

git fetch followed by git show does not show commit 25649bd7f16f8030a5c9d812146b53711c5e330f either.

Really strange.

Patrick · June 1, 2019, 1:23am

Did you use “directly commit to git” using github web? I have no idea how to use that or how to make use of such commits (without manual copy/paste which would be besides the point and loose authorship and commit messages).

HulaHoop · June 1, 2019, 1:24am

I’m using the web interface right now and it seems to have messed things upat your end? I was commiting the patch to the master branch

Patrick · June 1, 2019, 1:24am

Never mind I missed https://github.com/Whonix/whonix-libvirt/pull/85 which will work as usual.

Patrick · June 1, 2019, 1:26am

Merged.

HulaHoop · June 1, 2019, 1:27am

Do you think Whonix GW should have it added as well? Or leaveit on per user basis?

I imagine this could be part of a usability tool on the GW where users want to backup/restore onion keys on demand.