On Sat, Feb 18, 2017 at 01:07:02PM -0700, Trammell Hudson wrote: > On Sat, Feb 18, 2017 at 10:45:31PM +0300, Oleg Artemiev wrote: > > [...] > > AFAIR, when App VM is started some image files are made. Are these > > files are made in /var/lib/qubes/appvms or also in > > /var/lib/qubes/vm-templates ? > > I've done some work on making Qubes' installation to have a read-only > (and dm-verity protected) dom0 / with a write-able /home. It requires > patching qubes/storage/__init__.py to allow the volatile.img file to > reside on the rw partition (and not be re-created on the ro /): > > https://groups.google.com/forum/#!topic/qubes-devel/hG93VcwWtRY
Thanks! Worth noting that another valuable reason to make dom0 / read-only is anti-forensics: a lot of information is logged in /var/ that you may not want an adversary (like a thief or border security) to get their hands on; encrypting / isn't always enough to defeat this threat. -- https://petertodd.org 'peter'[:-1]@petertodd.org -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170222234307.GC635%40savin.petertodd.org. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: Digital signature
