On Fri, Aug 12, 2016 at 09:18:52AM +0200, Marek Marczykowski-Górecki wrote:
> > > [...]
> > > Also search the list archive for relocating volatile.img files - AFAIR
> > > there was some script for that.
>
> Besides the above, for volatile.img it should be enough to modify this
> script.
It seems that script is insufficient for a read-only / filesystem
since the prepare-volatile-img.sh script calls truncate on the file
and qubes/storage/__init__.py calls os.remove() on the file.
I modified the python code to check for a symlink and remove the
destination of the link instead:
# Re-create only for template based VMs
if source_template is not None and self.volatile_img:
if (os.path.islink(self.volatile_img)):
if os.path.exists(self.volatile_img):
os.remove(os.readlink(self.volatile_img))
elif os.path.exists(self.volatile_img):
os.remove(self.volatile_img)
I'm concerned that this code is executed as root, while the user
controls the path to self.volatile_img. It seems like this would
allow someone to remove any file on the system by tweaking the
destination file.
With this change and relocating /var/log, var/cache, /var/lib/xen, and
/etc/libvrt/libxl to the writable partition, I'm now able to boot Qubes
with a read-only / filesystem and mostly read-only template VMs.
libvrt re-writes the config files to /etc on every vm startup, which
seems a little odd, but I haven't tracked it down yet.
--
Trammell
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-devel/20160812152444.GP16348%40chishio.swcp.com.
For more options, visit https://groups.google.com/d/optout.
