Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure that VM LVM volumes are not parsed by dom0 tools #2319

Open
1 of 2 tasks
marmarek opened this issue Sep 14, 2016 · 0 comments
Open
1 of 2 tasks

Ensure that VM LVM volumes are not parsed by dom0 tools #2319

marmarek opened this issue Sep 14, 2016 · 0 comments
Labels
C: installer C: other P: major Priority: major. Between "default" and "critical" in severity. security This issue pertains to the security of Qubes OS. T: task Type: task. An action item that is neither a bug nor an enhancement.

Comments

@marmarek
Copy link
Member

marmarek commented Sep 14, 2016
edited
Loading

This scanning include:

  • udev (blkid and friends)
  • lvm tools (vgscan etc)
  • looking for partition table

This all should be easy to blacklist using appropriate udev rule, similar to this:
https://github.com/QubesOS/qubes-core-admin-linux/blob/master/system-config/00-qubes-ignore-devices.rules
QubesOS/qubes-core-admin-linux@ae7656e

It needs to be included in:

  • installed dom0
  • installer/recovery boot image
@marmarek marmarek added C: installer C: other P: major Priority: major. Between "default" and "critical" in severity. T: task Type: task. An action item that is neither a bug nor an enhancement. labels Sep 14, 2016
@marmarek marmarek added this to the Release 4.0 milestone Sep 14, 2016
marmarek added a commit to marmarek/qubes-core-admin that referenced this issue Jun 6, 2017
@marmarek
WIP storage/lvm: prefix VM LVM volumes with 'vm-'
257e56c 
This will allow filtering them out in udev rules - to not parse any of
it.

QubesOS/qubes-issues#2319
marmarek added a commit to marmarek/qubes-core-admin that referenced this issue Jun 9, 2017
@marmarek
storage/lvm: prefix VM LVM volumes with 'vm-'
fd5386c 
This will allow filtering them out in udev rules - to not parse any of
it.

QubesOS/qubes-issues#2319
@qubesos-bot qubesos-bot mentioned this issue Jul 4, 2017
Closed
marmarek added a commit to marmarek/qubes-linux-utils that referenced this issue Jul 6, 2017
@marmarek
udev: don't list in qvm-block any device marked to be ignored by udev
0d4c561 
Not only device-mapper one.
This especially include loop devices for VM disk images.

QubesOS/qubes-issues#2319
marmarek added a commit to marmarek/qubes-core-admin-linux that referenced this issue Jul 6, 2017
@marmarek
udev: exclude LVM volumes for VM images
6ffac09 
QubesOS/qubes-issues#2319
This was referenced Jul 6, 2017
Closed
Closed
@iamahuman iamahuman mentioned this issue Feb 7, 2021
Closed
@andrewdavidwong andrewdavidwong added the security This issue pertains to the security of Qubes OS. label Feb 10, 2021
@andrewdavidwong andrewdavidwong removed this from the Release 4.1 updates milestone Aug 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
C: installer C: other P: major Priority: major. Between "default" and "critical" in severity. security This issue pertains to the security of Qubes OS. T: task Type: task. An action item that is neither a bug nor an enhancement.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@marmarek @andrewdavidwong