-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2016-12-20 16:40, Chris Laprise wrote: > On 12/20/2016 06:35 PM, Patrick Schleizer wrote: >> - /usr/local/etc/qubes-bind-dirs.d/50_user.conf >> - Qubes-Whonix specific /usr/local/etc/whonix_firewall.d >> >> (/usr/local is stored in /rw anyhow.) >> >> I don't propose abolishing existing implementations using /rw. >> >> - It would suffice if we keep this in mind for new developments. I.e. if >> some new Qubes functionality wants provide TemplateBasedVM specific "/rw >> style" settings, make that '/usr/local/etc/...' instead. >> > > Before including standard config paths into the template-based scheme > for private storage, I think we have to ask how many other non-Qubes > programs will end up using these paths and thus inadvertently causing > settings and scripts to persist. And under what conditions does this > become undesirable?
> Would malware that is not Qubes-aware try to propagate through a > folder like /usr/local/etc? I think this last question lies outside the Qubes threat model, since TemplateBasedVM rootfs nonpersistence isn't exactly intended to be a security feature, at least not in that way: https://www.qubes-os.org/attachment/wiki/slides/LinuxCon_2014_Qubes_Tutorial.pdf - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJYWj6aAAoJENtN07w5UDAwL5EQAIhQKKldSVclGvxWb2s7bKRY I4qKEWuxY2BwXDbvGk1/eE20VxwMaQZEj5C7y+gukP85w5y4lZ2h3tvmZfDYrtM6 LRIR0NTlMbuybmPdGodNK8WwppshN+pBAfQFLdZa0GLfXSryPYeFUr2EemZPGL5x hEn9Xl0pEC0P+MXbzeFfgun/V6bGlcHNjOOLTJBM87KQpveFeEezD3z5ueZ96iPD MGaCOxW/mTpi8aXdCTPb6bEfyZ3ROC9BcYxi7Oetq8zYPYUBtkJc520E68vha64x 0YQHGEekbu0/6QYXqvvfXw3NfFt6iKxipEJTAy1eMW0fO6up3nL+P3BJYoDIZ3aj NfZTbU9LZXR/iycnDuFCbqDMZtb0nXO5RHt4RfkSibXfDhxi7zDSsUj2LTNxZ8w7 kgb60WXY4BbRzARTfRxCbIf0I39q80k3X5sJK60mx8CP5gxOjLuKe26YY+MA+B2g oSpGGZ0QQF4Xdpl2JFtNY6GG3VBS2jNpgkRD+kAgQB+7TUMu4VY+G7rbIenQi+8L nVP6Nju7HglhOqTY4kR0OZEsMYA7v591SdilrCUX/zKIiPzfCrNQ93usk6qUdY5Y WghiFve2eYYU7GDlVe7XxhUxpZMrFp7PDGtuIw/C5hxr2v6cdSzAmqXOLlbuTwUV GQKxL+Rd0cfTpu7gVRQB =mPpe -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/c0e58a8a-c8df-eabb-04a9-ca83dab1bffd%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
