[Whonix-devel] [qubes-devel] Require script to run immed. after /rw mount

Marek Marczykowski-Górecki marmarek at invisiblethingslab.com
Tue Apr 18 01:52:41 CEST 2017 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Mon, Apr 17, 2017 at 11:06:00PM +0000, Patrick Schleizer wrote:
> Marek Marczykowski-Górecki:
> > On Mon, Apr 17, 2017 at 10:02:00PM +0000, Patrick Schleizer wrote:
> >>> Alternately, mount-dirs.sh could have
> >>> a hook that points to a specific user script in /etc.
> > 
> >> User script sounds a bit limited. What about something a little more
> >> flexible?
> > 
> >> Untested pseudo code:
> > 
> >> if [ -d /etc/qubes/mount-dirs-post.d ]; then
> >>    run-parts /etc/qubes/mount-dirs-post.d
> >> fi
> > 
> > IMO this is the way to go. In addition to your VM hardening scripts,
> > this could be used also for some /rw initialization, beyond /etc/skel.
> > AFAIR there was a need for similar thing to copy Tor Browser there.
> > 
> > As for implementation - do we want it in /etc, /usr/lib, or both (so
> > files in /etc could override /usr/lib)?
> 
> Yes in both. Actually in all three. I.e. /etc/, /usr/lib and in
> /usr/local (/rw) to make it complete.

No, the whole point about this script is to run something _before_
anything gets processed/run from /rw.

> > But having both means we can't
> > use run-parts :(
> 
> Why not just use above "Untested pseudo code" three times with the
> different dirs? :)

Because it will not allow to disable/override a script in /usr/lib by
placing a script with the same name in /etc.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJY9VVKAAoJENuP0xzK19csLYMH/0oAYM8dzZxPkCqVOvgRd4Pk
hPUIk6s5Hf79HOQTCjMStH8luoyoerg7F4NRGSVnW7qHqdOY3hKct3LUB8JYITtV
X+4XHnwIGqLr6ZEw6ekspvZXyBpqGkjjQEtrRPpStzqW3ViSFns/0aXkNZ4q6Pq1
BnK2FL7qpWDA3mftu8qsW/JqpWzU+IBZx0kxnJpb8R042DNl2Zmis9VFA9WAsojm
SBQVkCQ8KOJj6wGtEZIZl75wgXs+u96bIQ7uitLU6nJA8UcF6cFY1PPk4pgIIYNi
NmAaTNoxthfwEiwaIS61dNv/0Q5f9v1zJlak45AC49CiuE0Cxq/A3XPDF/1lKHY=
=a5JZ
-----END PGP SIGNATURE-----

More information about the Whonix-devel mailing list