Git-Mirrors/Qubes-VM-hardening
1
0
Fork 0
mirror of https://github.com/tasket/Qubes-VM-hardening.git synced 2025-08-13 08:55:42 -04:00
Code Issues Projects Releases Packages Wiki Activity

fix comment

Browse source
This commit is contained in:
tasket 2017-04-21 00:17:55 -04:00 committed by GitHub
parent 066ec6e67d
commit b92423e096
1 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
usr/lib/qubes/init/vm-sudo-protect.sh
View file

@ -19,11 +19,13 @@ else
fi fi
# Experimental: Remove /rw root startup files and copy defaults. # Experimental: Remove /rw root startup files and copy defaults.
# Activated by presence of /etc/defaults/vms/vms.all dir. # Activated by presence of vm-sudo-protect-root Qubes service.
# Contents of vms/vms.all and vms/hostname will be copied. # Contents of vms/vms.all and vms/hostname will be copied.
defdir="/etc/default/vms" defdir="/etc/default/vms"
rootdirs="$rw/config $rw/usrlocal $rw/bind-dirs" rootdirs="$rw/config $rw/usrlocal $rw/bind-dirs"
if [ -e /var/run/qubes-service/vm-sudo-protect-root ] && [ `qubesdb-read /qubes-vm-persistence` = "rw-only" ]; then
if [ -e /var/run/qubes-service/vm-sudo-protect-root ] \
&& [ `qubesdb-read /qubes-vm-persistence` = "rw-only" ]; then
rm -rf $rootdirs rm -rf $rootdirs
# make user scripts temporarily mutable, in case 'rw/home/user' # make user scripts temporarily mutable, in case 'rw/home/user'
# files exist in defdir... # files exist in defdir...