[Whonix-devel] [qubes-devel] Require script to run immed. after /rw mount
Marek Marczykowski-Górecki
marmarek at invisiblethingslab.com
Thu Apr 20 23:51:42 CEST 2017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Thu, Apr 20, 2017 at 05:46:48PM -0400, Chris Laprise wrote:
> On 04/17/2017 06:12 PM, Marek Marczykowski-Górecki wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA256
> >
> > On Mon, Apr 17, 2017 at 10:02:00PM +0000, Patrick Schleizer wrote:
> > > Hi! :)
> > >
> > > You want a hook exactly between mount-dirs.sh and bind-dirs.sh?
> > >
> > > Chris Laprise:
> > > > Alternately, mount-dirs.sh could have
> > > > a hook that points to a specific user script in /etc.
> > >
> > > User script sounds a bit limited. What about something a little more
> > > flexible?
> > >
> > > Untested pseudo code:
> > >
> > > if [ -d /etc/qubes/mount-dirs-post.d ]; then
> > > run-parts /etc/qubes/mount-dirs-post.d
> > > fi
> >
> > IMO this is the way to go. In addition to your VM hardening scripts,
> > this could be used also for some /rw initialization, beyond /etc/skel.
> > AFAIR there was a need for similar thing to copy Tor Browser there.
>
> IIUC, this idea is for R4.x release..? It will be nice to have, but in the
> meantime I'm still looking for a way to make this possible in R3.2 without
> getting medieval (sed /usr/lib...script.sh).
Actually, if the behaviour without any additional configuration would be
unchanged, we may consider it also for R3.2.
> It would be really nice to activate my script on a per-VM basis(!) from
> Qubes Manager settings. I'm having better luck doing it this way, running it
> before meminfowriter and after qubes-sysinit.
For this, take a look here:
https://www.qubes-os.org/doc/qubes-service/
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJY+S1uAAoJENuP0xzK19cs4eIH/2zoQ3XyV9GfsAEjswuaNPBe
kg/fXOxsgL2+cLWFcncrXW249IqaHbxTdnmjEQ6/EvAacJENdf/LhWfL7KmK/J4i
rc8u5N2qtl9JRjX+08axIM212afZ8z22kBZS+zArWJuCphvDF2B+d/tWdmqXa5HV
syJAkVihBbU+LU/Ij+D52TBS8uOwijfswXvsOYNrhYLjF9akLiSzubzix0wXItiS
AvnPVj8QM+Y/60D9wPaApwg9MuifwS78myMfXaMFP9PwG3S/ptKHt5Dv2lmnWJRS
e+ajknxK8kP3O78q2p3W6RLrVFdN83tC89jxGzttxgX5nQ74R/Be5bDqRAPN/gQ=
=fJL0
-----END PGP SIGNATURE-----
More information about the Whonix-devel
mailing list