Re: [Tails-dev] Using VMs in Tails

This message is part of the following thread:
M\the complete thread tree sorted by date
MMintrigeri at <-
MM 
Delete this message

Reply to this message
Author: intrigeri
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Using VMs in Tails
Hi,

David Wolinsky wrote (03 Jan 2014 18:58:52 GMT) :
> If we want Tails host and guest VM to share the same image, we need to
> figure out a means to get the VM running without loading Tor and having
> applications reference the http proxy as well as other anonymity
> components, such as ttdnsd (Tor DNS daemon). This isn't an easy task as
> there are many means by which Tails works in order to prevent accidental
> leakage. So I've been thinking about two possible mechanisms for making
> this happen:

> - Use a union file system whiting out network.d scripts, rc.d scripts, and
> configs scripts as necessary, as well as replacing config scripts where
> possible

That's probably doable. Hopefully it would play nicely with our
persistence feature.

> - Make a snapshot of the /etc directory prior to executing any of the
> config/chroot_local-hooks and use that within the VM
> Neither of these are ideal. The first will create a monolithic file
> containing information from many of the different setup files in config,
> the latter might exclude something that actually offers utility for even
> the VM.

I don't think the second approach is viable: one should *not* assume
that the set of changes made in chroot_local-hooks is equal to the set
of changes of would have to revert in the guest. chroot_local-hooks is
a very generic facility, and we use it e.g. to load GConf and dconf
settings. Also, one should *not* assume than reverting the changes in
/etc only produces a system with a sane behaviour.

> Another, two much more complex approach would be:
> - In each file, have flags that specify if these are VM actions, host
> actions, or both (I don't know how exactly this would work, but there
> should be some means of doing this)
> - Have a duplicate set of config files for the VM

I'm almost convinced that it will be the easiest to maintain on the
long run, but I have a hard time reasoning on this *before* the
differences between the host and the guest have been listed.

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc

This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-[Tails-dev] Tails build broken?Re: [Tails-dev] Tails build broken?->
lists.autistici.org administrated by postmasterLurker (version 2.3)