On 7/27/19 8:27 PM, Jon deps wrote:
pardon my non-sysadmin query :
any chance of some real world examples? quite a few new terms there .
so install into Debian-9
but step 2 am already lost
eg how and where amd I "activating" vm-boot-protect in the templatevm ?
or during install there is going to appear a choice of which service to
start , then when one opens a TBAVM based on the specified Deb-9
template the protection work at that point ?
Go to the VM's Settings / Services tab, and add "vm-boot-protect" as a
service.
Can I install it in a fresh Deb-9 , and if its breaking things, just
delete the fresh Deb-9 template, or is it touching dom0 ?
It has a second-stage installation step that changes sudo/root access
inside the template. And for that new root config to work, you have to
add a couple dom0 config lines (it shows you the dom0 lines at the end
of the install process).
If you remove the altered Deb-9, the dom0 config lines will stay unless
you change them back. However, in practice there is really no impact on
your unmodified templates, so whether or not to remove the dom0 lines is
a question of tidiness.
As an alternative, per the Readme step 3, you can sidestep the whole
sudo auth reconfiguration.
I guess once installed there is no un-installing ?
Currently there is no "purge everything" function or uninstall. You can
remove the service manually by deleting the following:
/lib/systemd/system/vm-boot-protect.service
/usr/lib/qubes/init/vm-boot-protect.sh
/etc/default/vms
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/0f75bffa-73d0-6868-fb08-faece210723c%40posteo.net.