Git-Mirrors/Qubes-VM-hardening
1
0
Fork 0
mirror of https://github.com/tasket/Qubes-VM-hardening.git synced 2024-10-01 06:35:42 -04:00
Code Issues Packages Projects Releases Wiki Activity

add vm_boot_finish hook

Browse Source
This commit is contained in:
Christopher Laprise 2019-07-30 23:43:32 -04:00
parent 55181dc2dd
commit d877085494
No known key found for this signature in database
GPG Key ID: 448568C8B281C952
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
vm-boot-protect.sh
View File

@ -44,6 +44,11 @@ chdirs_add=""
privdirs=${privdirs:-"/rw/config /rw/usrlocal /rw/bind-dirs"} privdirs=${privdirs:-"/rw/config /rw/usrlocal /rw/bind-dirs"}
privdirs_add="" privdirs_add=""
# Placeholder function: Runs at end
vm_boot_finish() { }
# Run rc file commands if they exist # Run rc file commands if they exist
if [ -e $defdir/vms.all.rc ]; then if [ -e $defdir/vms.all.rc ]; then
. $defdir/vms.all.rc . $defdir/vms.all.rc
@ -136,6 +141,7 @@ if qsvc vm-boot-protect || qsvc vm-boot-protect-root; then
# Don't bother with root protections in template or standalone # Don't bother with root protections in template or standalone
if ! is_rwonly_persistent; then if ! is_rwonly_persistent; then
vm_boot_finish
make_immutable make_immutable
exit 0 exit 0
fi fi
@ -256,6 +262,7 @@ fi
rm -rf "$defdir" rm -rf "$defdir"
if qsvc vm-boot-protect || qsvc vm-boot-protect-root; then if qsvc vm-boot-protect || qsvc vm-boot-protect-root; then
vm_boot_finish
make_immutable make_immutable
umount $rw umount $rw
fi fi