Google Groupes

TemplateBasedVMs: make selected files and folders located in the root image persistent- review bind-dirs.sh

Patrick Schleizer 11 mai 2016 18:07
Envoyé au groupe : qubes-devel
With bind-dirs.sh you can make selected files persistent in
TemplateBasedVMs.

What is it useful for?

For example, it is useful for Whonix, sys-whonix. Tor's data dir
/var/lib/tor has been made persistent in the TemplateBased ProxyVM
sys-whonix. So sys-whonix does not require to be a StandaloneVM. And
therefore can benefit from the Tor anonymity feature 'persistent Tor
entry guards' without the overhead of a StandaloneVM.

When will bind-dirs.sh be available?

bind-dirs.sh will likely come with Qubes R3.2. It is not available from
any testing repositories at the moment. Only available by manual
modifications / from source. [6]

What is the purpose of this posting?

- announce bind-dirs.sh
- document it
- encouragement of review by the community
- discussing current limitations
- brainstorming of potential solutions to these limitations
- fixing limitation [2] would help implementing a TemplateBased sys-vpn.
(By using VPN-Firewall. - A project maintained by me that could
theoretically in future provide a bulletproof sys-vpn implementation,
that (in development branch) also defeats 'fixed shared VPN/Tor server
leak bug'[5] - There will be a separate thread about vpn-firewall soon.)
- help is welcome!

How the configuration for some directory binding would look like?

/rw/config/qubes-bind-dirs.d/50_user.conf

binds+=( '/var/lib/tor' )
binds+=( '/var/lib/whonix' )
binds+=( '/var/lib/whonixcheck' )
binds+=( '/var/cache/whonix-setup-wizard' )
binds+=( '/var/cache/qubes-whonix' )
binds+=( '/etc/tor' )
binds+=( '/etc/hosts' )
binds+=( '/etc/testfile' )
binds+=( '/etc/testsymlink' )

Other config folders are sourced in order (lowest priority)
/usr/lib/qubes-bind-dirs.d /etc/qubes-bind-dirs.d
/rw/config/qubes-bind-dirs.d (highest priority).

Limitations:

[1] Files that exist in the TempalteVM root image cannot be made deleted
in the TemlateBasedVMs root image using bind-dirs.sh.

[2] Does not work if the file / folder in question does not already
exist in the root image. I.e. a file that does not exist in the root
image cannot be bind mounted in the TemplateBasedVM.

[3] Re-running /usr/lib/qubes/bind-dirs.sh without previous umount does
not work yet.

[4] Running '/usr/lib/qubes/bind-dirs.sh umount' after boot (before
shutdown) is probably not sane and nothing can be done about that.

Any ideas on how to overcome any of these?

on github:

https://github.com/marmarek/qubes-core-agent-linux/blob/master/vm-systemd/bind-dirs.sh

Credits:

The original concept was created by nrgaway and specific to Whonix. Made
generic and mostly rewritten by me.

Cheers,
Patrick

[5] https://github.com/adrelanos/vpn-firewall/issues/12
[6] https://github.com/marmarek/qubes-core-agent-linux/pull/58