With bind-dirs.sh you can make selected files persistent in
TemplateBasedVMs.
What is it useful for?
For example, it is useful for Whonix, sys-whonix. Tor's data dir
/var/lib/tor has been made persistent in the TemplateBased ProxyVM
sys-whonix. So sys-whonix does not require to be a StandaloneVM. And
therefore can benefit from the Tor anonymity feature 'persistent Tor
entry guards' without the overhead of a StandaloneVM.
When will bind-dirs.sh be available?
bind-dirs.sh will likely come with Qubes R3.2. It is not available from
any testing repositories at the moment. Only available by manual
modifications / from source. [6]
What is the purpose of this posting?
- announce bind-dirs.sh
- document it
- encouragement of review by the community
- discussing current limitations
- brainstorming of potential solutions to these limitations
- fixing limitation [2] would help implementing a TemplateBased sys-vpn.
(By using VPN-Firewall. - A project maintained by me that could
theoretically in future provide a bulletproof sys-vpn implementation,
that (in development branch) also defeats 'fixed shared VPN/Tor server
leak bug'[5] - There will be a separate thread about vpn-firewall soon.)
- help is welcome!
How the configuration for some directory binding would look like?
/rw/config/qubes-bind-dirs.d/50_user.conf
binds+=( '/var/lib/tor' )
binds+=( '/var/lib/whonix' )
binds+=( '/var/lib/whonixcheck' )
binds+=( '/var/cache/whonix-setup-wizard' )
binds+=( '/var/cache/qubes-whonix' )
binds+=( '/etc/tor' )
binds+=( '/etc/hosts' )
binds+=( '/etc/testfile' )
binds+=( '/etc/testsymlink' )
Other config folders are sourced in order (lowest priority)
/usr/lib/qubes-bind-dirs.d /etc/qubes-bind-dirs.d
/rw/config/qubes-bind-dirs.d (highest priority).
Limitations:
[1] Files that exist in the TempalteVM root image cannot be made deleted
in the TemlateBasedVMs root image using bind-dirs.sh.
[2] Does not work if the file / folder in question does not already
exist in the root image. I.e. a file that does not exist in the root
image cannot be bind mounted in the TemplateBasedVM.
[3] Re-running /usr/lib/qubes/bind-dirs.sh without previous umount does
not work yet.
[4] Running '/usr/lib/qubes/bind-dirs.sh umount' after boot (before
shutdown) is probably not sane and nothing can be done about that.
Any ideas on how to overcome any of these?
on github:
https://github.com/marmarek/qubes-core-agent-linux/blob/master/vm-systemd/bind-dirs.sh
Credits:
The original concept was created by nrgaway and specific to Whonix. Made
generic and mostly rewritten by me.
Cheers,
Patrick
[5]
https://github.com/adrelanos/vpn-firewall/issues/12
[6]
https://github.com/marmarek/qubes-core-agent-linux/pull/58