I am trying to make sense of something I observe in my QubesOS.
Core tenet: AppVM copies the root directory (basically everything outside of /home/user dir) from the TemplateVM, upon AppVM’s boot. From then on, any changes to the AppVM’s root directories are ephemeral. They do not survive an AppVM restart. You can do sudo apt install btop -y inside the AppVM’s terminal, and you will install the btop program in /usr/bin/btop but once you restart the same AppVM, you won’t find /usr/bin/btop there. If you want to get btop installed permanently, you should do the sudo apt install command inside the TemplateVM terminal.
Very well and so far so good.
Now, however, I am seeing a behaviour that’s strange according to this tenet above. Recently I setup an onion server inside a whonix-17 AppVM. This tor hidden onion server hosts my monero daemon’s restricted-rpc server. So, I had to enable the whonix firewall inside the AppVM allow incoming connections from the Whonix-Gateway. To do this, I edited the /usr/local/etc/whonix_firewall.d/50_user.conf using a terminal window INSIDE the whonix AppVM.
So, even though I edited a root directory file (ie, /usr/local/etc/whonix_firewall.d/50_user.conf) INSIDE an AppVM, the changes survived a reboot. Moreover, I am also seeing the same 50_user.conf file replicated under the same AppVM’s /rw/usrlocal/etc/whonix_firewall.d/50_user.conf file.
Questions:
-
I didn’t copy the
50_user.confso how did it get there? -
So contrary to most other root file directories, changes in
/usr/local/etcsurvive a reboot in AppVM? I know about the/rwdirectory, but the/usr/local/etcstuff was new to me. I checked the QubesOS docs but couldn’t see an explanation for this (and perhaps other such directories which survive a reboot).
So I am having some confusions regarding how my QubesOS works. If someone can shed some light and explain, that would be nice.