On Sat, Feb 18, 2017 at 10:45:31PM +0300, Oleg Artemiev wrote: > [...] > AFAIR, when App VM is started some image files are made. Are these > files are made in /var/lib/qubes/appvms or also in > /var/lib/qubes/vm-templates ?
I've done some work on making Qubes' installation to have a read-only (and dm-verity protected) dom0 / with a write-able /home. It requires patching qubes/storage/__init__.py to allow the volatile.img file to reside on the rw partition (and not be re-created on the ro /): https://groups.google.com/forum/#!topic/qubes-devel/hG93VcwWtRY > [...] > Yes, I understand this won't turn off writes to ssd when template VM > is upgraded. This is one difficult point with the setup is upgrades, especially if Qube's overwrites the python library. In my case it also requires rebooting into a recovery mode, installing updates and then re-signing the root filesystem. The rw partition is on separate TPM protected keys so the VMs are not available during the upgrade process. -- Trammell -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170218200702.GU30182%40chishio.swcp.com. For more options, visit https://groups.google.com/d/optout.
