[Whonix-devel] [qubes-devel] Require script to run immed. after /rw mount

Chris Laprise tasket at openmailbox.org
Thu Apr 20 23:46:48 CEST 2017


On 04/17/2017 06:12 PM, Marek Marczykowski-Górecki wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On Mon, Apr 17, 2017 at 10:02:00PM +0000, Patrick Schleizer wrote:
>> Hi! :)
>>
>> You want a hook exactly between mount-dirs.sh and bind-dirs.sh?
>>
>> Chris Laprise:
>>> Alternately, mount-dirs.sh could have
>>> a hook that points to a specific user script in /etc.
>>
>> User script sounds a bit limited. What about something a little more
>> flexible?
>>
>> Untested pseudo code:
>>
>> if [ -d /etc/qubes/mount-dirs-post.d ]; then
>>    run-parts /etc/qubes/mount-dirs-post.d
>> fi
>
> IMO this is the way to go. In addition to your VM hardening scripts,
> this could be used also for some /rw initialization, beyond /etc/skel.
> AFAIR there was a need for similar thing to copy Tor Browser there.

IIUC, this idea is for R4.x release..? It will be nice to have, but in 
the meantime I'm still looking for a way to make this possible in R3.2 
without getting medieval (sed /usr/lib...script.sh).

It would be really nice to activate my script on a per-VM basis(!) from 
Qubes Manager settings. I'm having better luck doing it this way, 
running it before meminfowriter and after qubes-sysinit.

-- 

Chris Laprise, tasket at openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886


More information about the Whonix-devel mailing list