-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Mon, Apr 17, 2017 at 11:06:00PM +0000, Patrick Schleizer wrote: > Marek Marczykowski-Górecki: > > On Mon, Apr 17, 2017 at 10:02:00PM +0000, Patrick Schleizer wrote: > >>> Alternately, mount-dirs.sh could have > >>> a hook that points to a specific user script in /etc. > > > >> User script sounds a bit limited. What about something a little more > >> flexible? > > > >> Untested pseudo code: > > > >> if [ -d /etc/qubes/mount-dirs-post.d ]; then > >> run-parts /etc/qubes/mount-dirs-post.d > >> fi > > > > IMO this is the way to go. In addition to your VM hardening scripts, > > this could be used also for some /rw initialization, beyond /etc/skel. > > AFAIR there was a need for similar thing to copy Tor Browser there. > > > > As for implementation - do we want it in /etc, /usr/lib, or both (so > > files in /etc could override /usr/lib)? > > Yes in both. Actually in all three. I.e. /etc/, /usr/lib and in > /usr/local (/rw) to make it complete.
No, the whole point about this script is to run something _before_ anything gets processed/run from /rw. > > But having both means we can't > > use run-parts :( > > Why not just use above "Untested pseudo code" three times with the > different dirs? :) Because it will not allow to disable/override a script in /usr/lib by placing a script with the same name in /etc. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJY9VVKAAoJENuP0xzK19csLYMH/0oAYM8dzZxPkCqVOvgRd4Pk hPUIk6s5Hf79HOQTCjMStH8luoyoerg7F4NRGSVnW7qHqdOY3hKct3LUB8JYITtV X+4XHnwIGqLr6ZEw6ekspvZXyBpqGkjjQEtrRPpStzqW3ViSFns/0aXkNZ4q6Pq1 BnK2FL7qpWDA3mftu8qsW/JqpWzU+IBZx0kxnJpb8R042DNl2Zmis9VFA9WAsojm SBQVkCQ8KOJj6wGtEZIZl75wgXs+u96bIQ7uitLU6nJA8UcF6cFY1PPk4pgIIYNi NmAaTNoxthfwEiwaIS61dNv/0Q5f9v1zJlak45AC49CiuE0Cxq/A3XPDF/1lKHY= =a5JZ -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170417235241.GM1486%40mail-itl. For more options, visit https://groups.google.com/d/optout.
