Tweaks and clarifications per review

- Noted sd-devices auto-attach behavior in setup docs - Clarified how to copy logs by example - Changed intra-VM copying description to a more neutral example
freedomofpress · May 20, 2020 · dc45110 · dc45110
1 parent 94790fe
commit dc45110
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 5 deletions.
diff --git a/docs/admin/install.rst b/docs/admin/install.rst
@@ -387,7 +387,9 @@ You can now choose between creating a new password database or importing an exis
 
     We recommend reviewing each section of the password database before giving other users access to the workstation.
 
-To import an existing database, attach the required USB drive (typically a *Journalist Workstation* USB) to the ``vault`` VM, similar to the process described in :ref:`copy_journalist`. You can use the file manager (**Q > Domain: vault > Files**) to unlock the USB drive and copy the password database (typically a file like ``keepass.kdbx`` in the directory ``Persistent``) to your user directory, and then detach the USB drive.
+To import an existing database, attach the required USB drive (typically a *Journalist Workstation* USB) to the ``vault`` VM, similar to the process described in :ref:`copy_journalist`. Note that you may have to detach the USB drive from the ``sd-devices`` VM, first, which will attempt to automatically attach USB storage devices and printers for use by SecureDrop Workstation.
+
+Once the USB drive is attached to ``vault``, you can use the file manager (**Q > Domain: vault > Files**) to unlock the USB drive and copy the password database (typically a file like ``keepass.kdbx`` in the directory ``Persistent``) to your user directory, and then detach the USB drive.
 
 When importing a passwordless database, KeePassXC may warn you every time about opening the database without a password. Similarly, when creating a new password database, KeePassXC will prompt you to protect it with a password, and will refuse to accept a blank password.
 

diff --git a/docs/admin/managing_clipboard.rst b/docs/admin/managing_clipboard.rst
@@ -3,9 +3,9 @@ Managing Clipboard Access
 
 .. include:: ../includes/top-warning.rst
 
-Every VM in Qubes has its own clipboard, similar to the clipboard of a Mac, Windows or Linux computer. For example, if you wanted to create a boilerplate "Thank you" message for replies to sources, you could create a textfile in the ``sd-app`` VM and copy its contents to the SecureDrop Client using ``Ctrl+C`` (copy) and ``Ctrl+V`` (paste) keyboard shortcuts.
+Every VM in Qubes has its own clipboard, similar to the clipboard of a Mac, Windows or Linux computer. For example, if you used the default ``work`` VM to browse the web and wanted to copy text from one browser window to another, you would use the ``Ctrl+C`` and ``Ctrl+V`` keyboard shortcuts to copy and paste. This type of clipboard usage -- copy and paste in the same VM -- also works in all VMs that are part of SecureDrop Workstation.
 
-Qubes also supports copying information *between* VMs. This is done by using `special keyboard shortcuts <https://www.qubes-os.org/doc/copy-paste/>`_, ``Ctrl+Shift+C`` and ``Ctrl+Shift+V``, in a four-step process. By default, this is disabled for all VMs that are part of SecureDrop Workstation, consistent with the `principle of least privilege <https://en.wikipedia.org/wiki/Principle_of_least_privilege>`__.
+In addition, Qubes supports copying information *between* VMs. This is done by using `special keyboard shortcuts <https://www.qubes-os.org/doc/copy-paste/>`_, ``Ctrl+Shift+C`` and ``Ctrl+Shift+V``, in a four-step process. By default, this is disabled for all VMs that are part of SecureDrop Workstation, consistent with the `principle of least privilege <https://en.wikipedia.org/wiki/Principle_of_least_privilege>`__.
 
 As an administrator, you should be aware of the following risks related to clipboard access before changing the default configuration:
 

diff --git a/docs/admin/reviewing_logs.rst b/docs/admin/reviewing_logs.rst
@@ -13,7 +13,7 @@ If you want to selectively enable copying logs to a single VM, you can use tags,
 
 .. important::
 
-   Before copying logs to a networked VM, we recommend carefully inspecting them for sensitive information, and potentially redacting them
+   Before copying logs to a networked VM, we recommend carefully inspecting them for sensitive information, and potentially redacting them.
 
 To enable copying logs to a target VM, you can use a command like the following in ``dom0``, substituting ``<VM name>`` with the name of the target VM (e.g., ``work``):
 
@@ -33,4 +33,10 @@ To remove the permission, use this command in ``dom0``:
 
   qvm-tags <VM name> del sd-receive-logs
 
-With the permission in effect, you can use the command ``qvm-copy`` in a terminal in ``sd-log`` to copy individual files to the target VM.
+With the permission in effect, you can use the command ``qvm-copy`` in a terminal in ``sd-log`` to copy individual files to the target VM. For example, to copy a file ``syslog-redacted.log``, you would use this command:
+
+.. code-block:: sh
+
+  qvm-copy syslog-redacted.log
+
+A graphical prompt will permit you to select any target VM that has the ``sd-receive-logs`` tag. Once successfully copied, the file can be found in the directory ``~/QubesIncoming/sd-log`` in the target VM. See the `Qubes OS documentation on copying files <https://www.qubes-os.org/doc/copying-files/>`__ for more information.