On 01/24/2018 10:55 AM, Yuraeitha wrote:
All 3 suggestions are you guys brought up are really intriguig, I'm pretty excited about this, these ideas are excellent, even better than I hoped for. I'm using Qubes 4, so I assume I can't give the beta setup a try until or if it becomes available on Qubes 4. But I from my initial understanding I like the extra security it provides, although I've yet to better grasp its full potential. It seems like a pretty cool project you're working on there Chris. Unfortunately I don't have much experience as a coder either, so I can't make such a script Alex, I can at most read scripts or make simple ones. But it's a pretty good idea as well, it'd be amazing if someone would want to make such a bookmark-manager and contribute it to Qubes. Maybe even take it further and storing the bookmarks outside the VM until a single bookmark is needed? Similar to keeping i.e. KeePassX in an offline VM? Though I imagine that would add further complicity, which is definitely outside my skill-set.
I'm going to test the Qubes-VM-hardening service on Qubes 4 tonight to see if it needs any adjustment for the whitelisting feature to work. I'll also expand on the (admittedly sparse) instructions.
If it works then its probably easier to add a service and maintain a single whitelist file.
For now I'll try dwell down into the /usr/lib/qubes/init/setup-rw.sh re-mounting suggestion. It's the only one I have the skill-set and current-means to pull off on my own. It's been some long exhausting days, so hopefully I'll get around to try this tomorrow. I'm currently pondering about how to change the mount points correctly though. It seems like it has similar logic to traditional Linux mounting logic, and when combined with Qubes template/appVM logic, then it seems like I can solve it with some trial and error and exploring-testing, using your post as an initial starting point. I have some leads now, it'll be interesting to look into. I'll post pack on how it goes.
Actually, you don't even need to change the mountpoint, which is done by mount-dirs.sh, BTW. One example is to change the line that starts 'initialize_home' to:
rm -rf /rw/home-old mv /rw/home /rw/home-old initialize_home "/rw/home" unconditionally ...and then cp or mv files from /rw/home-old as needed. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/72a47f39-2576-9fdb-1c62-db6e320604d8%40posteo.net. For more options, visit https://groups.google.com/d/optout.
