Chris Laprise: > On 12/20/2016 06:35 PM, Patrick Schleizer wrote: >> - /usr/local/etc/qubes-bind-dirs.d/50_user.conf >> - Qubes-Whonix specific /usr/local/etc/whonix_firewall.d >> >> (/usr/local is stored in /rw anyhow.) >> >> I don't propose abolishing existing implementations using /rw. >> >> - It would suffice if we keep this in mind for new developments. I.e. if >> some new Qubes functionality wants provide TemplateBasedVM specific "/rw >> style" settings, make that '/usr/local/etc/...' instead. >> > > Before including standard config paths into the template-based scheme > for private storage, I think we have to ask how many other non-Qubes > programs will end up using these paths and thus inadvertently causing > settings and scripts to persist. And under what conditions does this > become undesirable? Would malware that is not Qubes-aware try to > propagate through a folder like /usr/local/etc?
Since Qubes R3.0 [and probably also earlier] /usr/local is already stored in /rw anyhow. Therefore my suggestion does not change anything about inadvertent /usr/local persistence. Inadvertent /usr/local persistence however is an interesting separate question. Best regards, Patrick -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/7917b375-8b85-c8bf-cedd-771935a3e3c8%40riseup.net. For more options, visit https://groups.google.com/d/optout.
