As an application firewall, opensnitch is designed to run automatically out-of-the-box, so has to be explicitly disabled in the template to prevent it from running there. However, I still want it to run automatically in a dispVM based on the template. Here’s what I have so far:
in dom0:
qvm-run -u root --pass-io --no-gui debian-12-template 'apt install opensnitch -y'
qvm-run -u root --pass-io --no-gui debian-12-template 'systemctl stop opensnitch && systemctl disable opensnitch'
qvm-run -u root --pass-io --no-gui debian-12-dvm 'systemctl enable opensnitch'
After opening a dispVM (based on debian-12-dvm) a grey icon appears in the tray, implying opensnitch is enabled, but not operational.
qvm-run -u root --pass-io --no-gui disp#### 'systemctl start opensnitch'
turns the tray icon turns black, indicating that opensnitch is operational, but manually enabling opensnitch each time is really not tenable. I’m wondering what the best approach would be to automating the final step?
In general, how can one disable an app in the template, while enabling it to start automatically in the appVMs based on that template?