On Thursday, September 26th, 2024 at 3:55 PM, Marek Marczykowski-Górecki <marmarek at invisiblethingslab.com> wrote: > I like this!
Nice! > We could put that into vm-config, or even have a new place > (bind-dirs prefix?). A dedicated prefix sounds even better! Perhaps even a chance to get a less implementation-specific name like "persistent-app-dirs". But either way is even better than (ab)using vm-config. > If present, configuration in /rw/config would be ignored and > maybe also /home not bind-mounted anymore (unless > listed in bind-dirs explicitly?). I think /home could be added by default to this bind-dirs prefix when creating a new qubes otherwise getting started on Qubes would even be more difficult. Installed programs in app qubes "mysteriously disappearing" is a commonly reported issue in the forum. So my suggestion would be to keep the default experience, but allowing advanced users to remove /home persistence if desired. This way we'd keep regular users happy (because nothing broke) and advanced users with yet another tool in their toolbox. One aspect to also think about is how to do this "default home persist" in a multi-OS way. Perhaps the default bind-dirs could be obtained template's preferences. Maybe stored in "os-home-dirs"? > One remaining question is interaction > with template-stored configuration (/usr/lib/qubes-bind-dirs.d) - I > guess it should be respected in that case, correct? Yes, I think it is reasonable to keep honoring template bind-dirs. After all, a malicious template can do much more than mess with bind-dirs. Best regards, deeplow -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/KFpQSe1EM3rLNogxwpCv_vMvci5_qwCBxqstwP7o1p-uAm6b0y5eAzTmn2Cx-DVpz_WqZbePKX1WqjElYq4IEkoMRi2trEB5rziVE2uwOb4%3D%40protonmail.com.
