On 04/14/2017 12:18 PM, Chris Laprise wrote:
I am trying to setup templates so the startup sequence in template-based
VMs can take action on /rw contents before they can affect the execution
environment (bind-dirs, rc.local, etc).
Unless there is a setting for this (disabling startup execution of
private.img contents) that I'm not aware of, I think some modification
of Qubes would be necessary to properly enable such action. This is
because currently bind-dirs.sh activation is lumped-in with mount-dirs.sh.
My suggestion would be to put the activation of qubes/init/bind-dirs.sh
under a separate systemd service. Alternately, mount-dirs.sh could have
a hook that points to a specific user script in /etc.
A possible workaround I'm trying is to have my systemd unit run before
qubes-mount-dirs.service and do an independent mount-dismount of /rw.
This allows my script to perform simple sanitizing operations in /rw
before anything in there has a chance to run. So far, it works...
--
Chris Laprise, [email protected]
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-devel/309e27cd-bc80-3a4f-06c3-e3de0999e2a1%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.
