I’m not sure if my approach is good in this situation, but this is i’ve found and could implement.
The situation:
I’m trying to customize firefox in disposable VM. I’ve taken the idea from this thread: [link]. I’ve created a policies.json file for firefox. I’ve created a gitlab repo to store the file, and made an entry in the AppVM’s /rw/config/rc.local file to download and copy to the right place the json file every startup. This is working fine. I even wanted to add some host entries to /etc/hosts from various github repos, like stevenblack hosts. I’ve added some wget commands to download the host files into the rc.local file, merged them into 1 file, and i wanted to copy the contents of this file to the /etc/hosts file. Unfortunately the copy of the contents to /etc/hosts does not happen, beause it has no permission to do it. This is how it looks in the rc.local file:
And the last command is not good. I’ve tried it out in a dispVM, and it can’t copy to /etc/hosts because of permissions problem. I was able to copy the contents to /etc/hosts if i changed to root user with sudo -i command.
Maybe my approach is not the best, but i hope someone can help me how to resolve the copy issues to /etc/hosts.
You can have things persistently in disposableVMs (that get reset upon every reboot). What you need to understand well is how pesistence works in Qubes)
The following is my current understanding of it.
Persistence in /home/user/ or /rw/
To make stuff persist in /home/user/ or /rw/ Let’s say we’re customizing debian-10-dvm. The easiest way to customize disposableVMs is to:
Open qube settings for debian-10-dvm
Untick Disposable VM template (temporarily)
Start debian-10-dvm like any other AppVM
Apply all customizations
Tick Disposable VM template (temporarily)
Persistence elsewhere
To make things persist in /etc/ and other locations you need to either do that in the template or play around with bind-dirs to make it persist.
You can either customize stuff in a base template (debian-10 or fedora-33) or you can clone and customize that new clone instead (qvm-clone fedora-33 fedora-33-custom-browser)
My first attempt to customize firefox was the one you suggested. Run debian-10-dvm, install addons and make some changes in preferences in firefox etc., poweroff the AppVM and you’re good to go (if i understand correctly what you mean). I’ve done this with the following commands: onequbesuser@dom0:~ qvm-run debian-10-dvm gnome-terminal user@debian-10-dvm:~ firefox make changes in firefox user@debian-10-dvm:~ sudo poweroff
It worked perfectly. Than I’ve read this thread: [link] where @Qubicroot said if firefox will be open in the AppVM a profile is created and than that particular profile will rotate in every disposable VM you open. He linked to a google group, where @mekken1et’s opening post was the one why i tried the approach through /rw/config/rc.local with the policies.json. If i understand it correctly, in this case a firefox profile won’t be created directly in the AppVm, only a random profile will be created if i open firefox in dispVM, but with the settings you wrote in to the policies.json (addons, preferences, etc.). Correct me if i’m wrong about it. And the commands written into /rw/config/rc.local survive every reboot of the AppVM (when a new dispVM is opened), and everything is downloaded to the place where i wanted to download it. In this case every hosts file i download with wget from github will be the latest, while if i’m creating a folder and files elsewhere with the possibility of bind-dirs, (while i don’t figure out how to make a script to update all hostfiles, i’m not so good in scripting) i’ll have to update them manually.
I’m just don’t know how to make a command in /rw/config/rc.local to copy to /etc/hosts without the permission denied error.
But thanks for the answer, i will read more about the bind-dir option!
Sorry for my bad english, i hope i’m understanable though!
The problem is that the redirection is done by the shell not by
sudo. So, your command: sudo cat /tmp/hosts/hosts_4_dispVM >> /etc/hosts
breaks down to sudo cat /tmp/hosts/hosts_4_dispVM and then the
redirect.
There are different approaches that you could use in this case, but the
simplest is to create a script in /rw/config to cat the file and run
the script with sudo.
I think the issue with the redirection permission only applies to your test environment, not /rw/config/rc.local, which runs as root.
I’m not sure why your /rw/config/rc,local script fails, but I don’t think it’s the last command. Maybe /rw/config/rc.local is executed prior internet being available in the VM, so the wget fails? Nah, wget works for me in rc.local.
So you say in rc.local i shouldn’t give sudo permissions to commands because it runs as root? I haven’t found anything about this in the documentation. There is a redirection in the examples, i think i’m gonna try it out.
For now i changed the cat /tmp/hosts/hosts_4_dispVM >> /etc/hosts command with deleting /etc/hosts and copying /tmp/hosts/hosts_4_dispVM to replace /etc/hosts: