[Whonix-devel] [qubes-devel] Require script to run immed. after /rw mount
Marek Marczykowski-Górecki
marmarek at invisiblethingslab.com
Tue Apr 18 00:12:55 CEST 2017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Mon, Apr 17, 2017 at 10:02:00PM +0000, Patrick Schleizer wrote:
> Hi! :)
>
> You want a hook exactly between mount-dirs.sh and bind-dirs.sh?
>
> Chris Laprise:
> > My suggestion would be to put the activation of qubes/init/bind-dirs.sh
> > under a separate systemd service.
>
> That would be nice, but may be hard to not break things.
I'm worrying the same thing.
(...)
> > Alternately, mount-dirs.sh could have
> > a hook that points to a specific user script in /etc.
>
> User script sounds a bit limited. What about something a little more
> flexible?
>
> Untested pseudo code:
>
> if [ -d /etc/qubes/mount-dirs-post.d ]; then
> run-parts /etc/qubes/mount-dirs-post.d
> fi
IMO this is the way to go. In addition to your VM hardening scripts,
this could be used also for some /rw initialization, beyond /etc/skel.
AFAIR there was a need for similar thing to copy Tor Browser there.
As for implementation - do we want it in /etc, /usr/lib, or both (so
files in /etc could override /usr/lib)? But having both means we can't
use run-parts :(
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJY9T3oAAoJENuP0xzK19csOBcH/2o4kcg7xOBQuhlGzXrsTDUU
QNzrdzBRn6glM6mR0vv5cELSDE9EI9QcRI0uPWoETGBtD2nHHWgLRAq9gK8SwAso
4ySrBo3QvkozAMrAM7YISrOo4IGnwuCnPbTvv3j8hZb71CpC/J7jXnDjfF3pj9ZT
9a7oMudbnT1lRZ+xELx8yIQRKQhE6kk4cTRlMPSoVbOlxNUtH8Ajsq4Mn8dO2eQQ
HnWdBEW93PLU73fQyvCCnsvywgTaJOV/c4eKeLEvaYUFME+C0sHaD5CPOCzgdftx
T3RHmbxUMDdQG1WWvLoLEixdYmM9Yon/5hAI2XGbOOkfOsgiplKbfEuCHTUBwhI=
=aaTK
-----END PGP SIGNATURE-----
More information about the Whonix-devel
mailing list