[Whonix-devel] [qubes-devel] Require script to run immed. after /rw mount
marmarek at invisiblethingslab.com
Tue Apr 18 01:52:41 CEST 2017
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, Apr 17, 2017 at 11:06:00PM +0000, Patrick Schleizer wrote:
> Marek Marczykowski-Górecki:
> > On Mon, Apr 17, 2017 at 10:02:00PM +0000, Patrick Schleizer wrote:
> >>> Alternately, mount-dirs.sh could have
> >>> a hook that points to a specific user script in /etc.
> >> User script sounds a bit limited. What about something a little more
> >> flexible?
> >> Untested pseudo code:
> >> if [ -d /etc/qubes/mount-dirs-post.d ]; then
> >> run-parts /etc/qubes/mount-dirs-post.d
> >> fi
> > IMO this is the way to go. In addition to your VM hardening scripts,
> > this could be used also for some /rw initialization, beyond /etc/skel.
> > AFAIR there was a need for similar thing to copy Tor Browser there.
> > As for implementation - do we want it in /etc, /usr/lib, or both (so
> > files in /etc could override /usr/lib)?
> Yes in both. Actually in all three. I.e. /etc/, /usr/lib and in
> /usr/local (/rw) to make it complete.
No, the whole point about this script is to run something _before_
anything gets processed/run from /rw.
> > But having both means we can't
> > use run-parts :(
> Why not just use above "Untested pseudo code" three times with the
> different dirs? :)
Because it will not allow to disable/override a script in /usr/lib by
placing a script with the same name in /etc.
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
More information about the Whonix-devel