Yup, you can do essentially that, you'll want to use the vboxmanage to
set or clear it immutable bit rather than just using the file system's
immutable bit since they aren't the same thing. The system's immutable
command will just cause virtualbox to throw an error that it can't write
to the hard drive. The virtualbox immutable command will signal
virtualbox to create a temporary snapshot that then gets thrown away
every single load, but the command to do it isn't too much more
difficult than just setting or clearing a file level immutable bit.
Sorry I can't look it up right now, I'm at Stammtisch and my laptop
doesn't have virtualbox installed.
Brian Cluff
On 04/19/2016 08:26 PM, Wayne D wrote:
Ya know, I got to thinking. Couldn't I simply revert to
NON-IMMUTABLE, update, then IMMUTABLE again? It IS a flag is it not?
chattr +i /path/to/filename
On 04/19/2016 06:24 PM, Brian Cluff wrote:
Correct, but you have to ask yourself, do you really need updates for
a box that even if it gets infected can't hold onto an
infection between loads of the VM.
That being said, getting something like cryptolocker would really
suck, so you might want to come up with a procedure so that the
machine gets updated periodically but goes right back to being locked
down, but if he's only using the system for strictly the bare
minimum, the likelihood of getting an infection is slim to none.
Brian Cluff
On 04/19/2016 05:04 PM, Wayne D wrote:
Just so (I) am clear on this: A VM setup this way cannot get
winblows updates either... correct? It would literally be frozen in
time.
---------------------------------------------------
PLUG-discuss mailing list - [email protected]
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list - [email protected]
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list - [email protected]
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
