On 10/18/2016 07:25 PM, John Maher wrote:
>
> Manuel, this is awesome! Thank you for the extensive explanation.
My pleasure.
>
> Regarding option 3, are you referring to a Qubes service or some other type
> of utility? Being new to Qubes, your mentioning of services above is my
> introduction to Qubes services.
What I outlined, effectively speaking, is a simple solution that allows
you to set up (on the TemplateVM) a systemd mount unit which only
triggers (on the AppVM) when the service /mnt-keepassxmount/ has been
added and activated in the /Services/ tab of the settings dialog for the
AppVM. None of your VMs (not the template, and not any other VMs based
on the template) will try to mount that file system, EXCEPT for the VM
in which /mnt-keepassxmount/ service has been activated.
Most of the learning complexity of the example I presented is
essentially the difficulty of learning stuff like mount units (man
systemd.mount).
The setup of the mount unit (creation of the /etc file and systemd
enable) needs to be done in the template because the root file system of
your AppVM is going to be based *afresh* on the template VM, *every
time* and your AppVM boots. When you enable the Qubes service
"mnt-keepassxmount", systemd attempts to activate the unit you created
(based on my example), resulting in the mount taking place.
Note that the target mount point (in my example /mnt/keepassxmount,
illustrated by mnt-keepassxmount.path in the unit file) must already
exist. If your mount point is going to be in /home or /rw, then you can
create that mount point in the AppVM. If your mount point is going to
reside outside those two places, then the mount point must exist in the
TemplateVM.
If your VM is a StandaloneVM with its own independent root file system,
then the changes must be done in the StandaloneVM, not on any template.
--
Rudd-O
http://rudd-o.com/
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/ea7f5551-19d7-743f-005a-877844d857b9%40rudd-o.com.
For more options, visit https://groups.google.com/d/optout.
