How to allow persistent app settings while preventing malware persistence via /rw/config/rc.local?
Body:
I understand that /rw is persistent across reboots, which is necessary for saving application configurations (e.g., in /home/user/.config). However, this also means that if an attacker compromises an AppVM, they can add malicious commands to /rw/config/rc.local, which will be executed as root at every subsequent boot, giving them persistence.
I want to keep my app settings intact, but eliminate the risk of a persistent malicious rc.local. What are the recommended approaches?
· Is making rc.local immutable (chattr +i) after setup a secure and practical solution?
· Could we move the startup commands to a read-only location (e.g., a script in the template) and configure the system to ignore /rw/config/rc.local?
· Are there any built-in Qubes mechanisms to verify the integrity of /rw/config/rc.local at boot and restore a safe copy if tampered with?
· How do you personally balance persistence for user data with the risk of malware persistence?
Thank you.