Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New custom-persist feature #551

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

New custom-persist feature #551

wants to merge 9 commits into from

Conversation

Guiiix
Copy link
Member

@Guiiix Guiiix commented Jan 28, 2025

This PR adds a new feature custom-persist described in QubesOS/qubes-issues#1006

Guiiix added 2 commits January 28, 2025 23:10
@Guiiix
custom-persist: ignore /rw/config bind-dirs if custom-persist enabled
1d16aea 
When the custom-persist feature is enabled, we no longer need to worry about the bind directories configured in /rw/config/qubes-bind-dirs.d.
@Guiiix
custom-persist: systemd mount units for /home and /usr/local and serv…
8389e70 
…ices start dependencies

The custom-persist feature should disable /home and /usr/local mounts by default.
To do this, we can use SystemD drop-ins which requires to remove fstab entries and
convert them to regular SystemD units as drop-ins does not seem to work with units generated
by systemd-fstab-generator.
Mount command in mount_dirs.sh is not required anymore and need to be deleted as it causes issues. Instead, a we can use
SystemD unit options to ensure /home and /usr/local are mounted before loading user bind dirs
@codecov Codecov
Copy link

codecov bot commented Jan 28, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 70.46%. Comparing base (664df47) to head (3583fca).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #551      +/-   ##
==========================================
- Coverage   70.57%   70.46%   -0.12%     
==========================================
  Files           3        3              
  Lines         469      474       +5     
==========================================
+ Hits          331      334       +3     
- Misses        138      140       +2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@Guiiix Guiiix mentioned this pull request Jan 29, 2025
Open
DemiMarie
DemiMarie reviewed Jan 29, 2025
View reviewed changes
init/functions Outdated Show resolved Hide resolved
init/functions Outdated Show resolved Hide resolved
init/functions Outdated Show resolved Hide resolved
qubesagent/firewall.py Show resolved Hide resolved
vm-systemd/mount-dirs.sh Outdated Show resolved Hide resolved
Guiiix added 2 commits January 29, 2025 22:15
@Guiiix
custom-persist: mount binds configured in qubes-db
5c155b6 
Config is read from qubes database and every bind directory is mounted excepted /home and /usr/local which need to be handled differently
@Guiiix
custom-persist: disable /home and /usr/local mounts
5a3f40c 
If not explicitly configured, /rw/home and /rw/usrlocal must not be bind mounted to /home and /usr/local.
Instead, the original /home and /usr/local is mounted.
SystemD drop-ins are used to override the resource to mount (What= option in unit)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marmarek marmarek marmarek left review comments

@DemiMarie DemiMarie DemiMarie left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Guiiix @marmarek @DemiMarie