With bind-dirs.sh you can make selected files persistent in
What is it useful for?
For example, it is useful for Whonix, sys-whonix. Tor's data dir
/var/lib/tor has been made persistent in the TemplateBased ProxyVM
sys-whonix. So sys-whonix does not require to be a StandaloneVM. And
therefore can benefit from the Tor anonymity feature 'persistent Tor
entry guards' without the overhead of a StandaloneVM.
When will bind-dirs.sh be available?
bind-dirs.sh will likely come with Qubes R3.2. It is not available from
any testing repositories at the moment. Only available by manual
modifications / from source. 
What is the purpose of this posting?
- announce bind-dirs.sh
- document it
- encouragement of review by the community
- discussing current limitations
- brainstorming of potential solutions to these limitations
- fixing limitation  would help implementing a TemplateBased sys-vpn.
(By using VPN-Firewall. - A project maintained by me that could
theoretically in future provide a bulletproof sys-vpn implementation,
that (in development branch) also defeats 'fixed shared VPN/Tor server
leak bug' - There will be a separate thread about vpn-firewall soon.)
- help is welcome!
How the configuration for some directory binding would look like?
binds+=( '/var/lib/tor' )
binds+=( '/var/lib/whonix' )
binds+=( '/var/lib/whonixcheck' )
binds+=( '/var/cache/whonix-setup-wizard' )
binds+=( '/var/cache/qubes-whonix' )
binds+=( '/etc/tor' )
binds+=( '/etc/hosts' )
binds+=( '/etc/testfile' )
binds+=( '/etc/testsymlink' )
Other config folders are sourced in order (lowest priority)
/rw/config/qubes-bind-dirs.d (highest priority).
 Files that exist in the TempalteVM root image cannot be made deleted
in the TemlateBasedVMs root image using bind-dirs.sh.
 Does not work if the file / folder in question does not already
exist in the root image. I.e. a file that does not exist in the root
image cannot be bind mounted in the TemplateBasedVM.
 Re-running /usr/lib/qubes/bind-dirs.sh without previous umount does
not work yet.
 Running '/usr/lib/qubes/bind-dirs.sh umount' after boot (before
shutdown) is probably not sane and nothing can be done about that.
Any ideas on how to overcome any of these?
The original concept was created by nrgaway and specific to Whonix. Made
generic and mostly rewritten by me.