-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Fri, Aug 12, 2016 at 09:24:44AM -0600, Trammell Hudson wrote: > On Fri, Aug 12, 2016 at 09:18:52AM +0200, Marek Marczykowski-Górecki wrote: > > > > [...] > > > > Also search the list archive for relocating volatile.img files - AFAIR > > > > there was some script for that. > > > > Besides the above, for volatile.img it should be enough to modify this > > script. > > It seems that script is insufficient for a read-only / filesystem > since the prepare-volatile-img.sh script calls truncate on the file > and qubes/storage/__init__.py calls os.remove() on the file. > > I modified the python code to check for a symlink and remove the > destination of the link instead: > > # Re-create only for template based VMs > if source_template is not None and self.volatile_img: > if (os.path.islink(self.volatile_img)): > if os.path.exists(self.volatile_img): > os.remove(os.readlink(self.volatile_img)) > elif os.path.exists(self.volatile_img): > os.remove(self.volatile_img) > > I'm concerned that this code is executed as root, while the user > controls the path to self.volatile_img. It seems like this would > allow someone to remove any file on the system by tweaking the > destination file.
Have you read /etc/sudoers.d/qubes? ;) > With this change and relocating /var/log, var/cache, /var/lib/xen, and > /etc/libvrt/libxl to the writable partition, I'm now able to boot Qubes > with a read-only / filesystem and mostly read-only template VMs. > libvrt re-writes the config files to /etc on every vm startup, which > seems a little odd, but I haven't tracked it down yet. Yes, I think it needs a cache there, for persistence across daemon restarts. It's perfectly fine to restart libvirtd while some domains are still running. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJXrjnVAAoJENuP0xzK19csocAH/33j/2+HIA/Y/G40xP+Tzh4g 8RkXF8f+bPVOWnPEvb3nBrwt/Tth8fILq4V8tH5EO/GDDOf10G8ZeLqLFEaPNOPc dmFNJHa7pD9uKBGAcpRmFZTcrsdsDNWeKv0+GVL6c7ndofCWZcArry3p1R6b8wIl g9fOhi+9SV+kqsdkSOXG5PycSPPnlMLE/QqYsJN32ppFrr7E929gjRKHx18owTSt iw6YG0CWL4RVlZNzIZ8JPrvCiFrdkbDk3kr0J6s8dPGwI8yUfW0CKkQJGSPgXwF1 Lhgm9JWGWcTkLgnOJcZms0yBBzgxd+WtNP1aCf4zdaOLvUxmqGECrrGw/O3opAU= =/EZ3 -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20160812210420.GF9166%40mail-itl. For more options, visit https://groups.google.com/d/optout.
