On 8/3/20 4:11 AM, [email protected] wrote:
Your Qubes-VM-Hardening tool was one of the first things installed into my first Qubes, but I'm still not very familiar with how it works. I think vm-boot-protect might be blocking me from adding a .desktop file into ~/.config/autostart, as Steve suggested (Steve: does this need to be done in templates? If done in an appVM, wouldn't it get purged upon restart?).
BTW, I think the appVM is the right place to make the .config/autostart change if the custom .desktop file is being applied on a per-VM basis.
If you want it for _all_ VMs based on that template, that's a little harder. Putting the .desktop file in /etc/skel would only make the change when an appVM is first created, so existing VMs using that template would not benefit. However, vm-boot-protect-root has the ability to copy or "deploy" files into /home on each boot; you would have to save the .desktop file under /etc/default/vms/vms.all/rw/home/user/.config/autostart in the template.
Another idea is to use rc.local to launch the app via 'systemd-run' using its "timer" features or some other way to delay execution. Or you could even try adding the .desktop file to /home using rc.local.
-- Chris Laprise, [email protected] https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/66360ea5-43f8-5b53-1114-f613ac039629%40posteo.net.
