[Whonix-devel] [qubes-devel] Require script to run immed. after /rw mount
tasket at openmailbox.org
Fri Apr 21 02:51:04 CEST 2017
On 04/20/2017 05:51 PM, Marek Marczykowski-Górecki wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> On Thu, Apr 20, 2017 at 05:46:48PM -0400, Chris Laprise wrote:
>> On 04/17/2017 06:12 PM, Marek Marczykowski-Górecki wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA256
>>> On Mon, Apr 17, 2017 at 10:02:00PM +0000, Patrick Schleizer wrote:
>>>> Hi! :)
>>>> You want a hook exactly between mount-dirs.sh and bind-dirs.sh?
>>>> Chris Laprise:
>>>>> Alternately, mount-dirs.sh could have
>>>>> a hook that points to a specific user script in /etc.
>>>> User script sounds a bit limited. What about something a little more
>>>> Untested pseudo code:
>>>> if [ -d /etc/qubes/mount-dirs-post.d ]; then
>>>> run-parts /etc/qubes/mount-dirs-post.d
>>> IMO this is the way to go. In addition to your VM hardening scripts,
>>> this could be used also for some /rw initialization, beyond /etc/skel.
>>> AFAIR there was a need for similar thing to copy Tor Browser there.
>> IIUC, this idea is for R4.x release..? It will be nice to have, but in the
>> meantime I'm still looking for a way to make this possible in R3.2 without
>> getting medieval (sed /usr/lib...script.sh).
> Actually, if the behaviour without any additional configuration would be
> unchanged, we may consider it also for R3.2.
>> It would be really nice to activate my script on a per-VM basis(!) from
>> Qubes Manager settings. I'm having better luck doing it this way, running it
>> before meminfowriter and after qubes-sysinit.
> For this, take a look here:
Yes, already there. It seems to work well now. I settled on specifying
WantedBy=sysinit.target and no 'Before'.
Chris Laprise, tasket at openmailbox.org
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
More information about the Whonix-devel