Qubes-VM-hardening
Qubes-VM-hardening copied to clipboard
Published
20 hours ago •
tasket
tasket
Whonix: vm-boot-protect cannot mount volume as read-write
Using whonix-gw-15:
The vm-boot-protect service is failing to run properly for sys-whonix. It looks like its not able to re-mount private volume as read-write:
user@host:~$ sudo journalctl -u vm-boot-protect
-- Logs begin at Sat 2019-07-13 11:52:30 UTC, end at Sat 2019-07-13 11:54:39 UTC. --
Jul 13 11:52:30 host systemd[1]: Starting Protect Qubes VM execution environment at startup...
Jul 13 11:52:30 host vm-boot-protect.sh[293]: Good read-only mount.
Jul 13 11:52:30 host vm-boot-protect.sh[293]: mkdir: cannot create directory ‘bin’: Read-only file system
Jul 13 11:52:30 host vm-boot-protect.sh[293]: mkdir: cannot create directory ‘.local/bin’: Read-only file system
Jul 13 11:52:30 host vm-boot-protect.sh[293]: mkdir: cannot create directory ‘.config/autostart’: Read-only file syst
Jul 13 11:52:30 host vm-boot-protect.sh[293]: mkdir: cannot create directory ‘.config/plasma-workspace’: Read-only fi
Jul 13 11:52:30 host vm-boot-protect.sh[293]: mkdir: cannot create directory ‘.config/autostart-scripts’: Read-only f
Jul 13 11:52:30 host vm-boot-protect.sh[293]: mkdir: cannot create directory ‘.config/systemd’: Read-only file system
Jul 13 11:52:30 host vm-boot-protect.sh[293]: touch: cannot touch '.bashrc': Read-only file system
Jul 13 11:52:30 host vm-boot-protect.sh[293]: touch: cannot touch '.bash_profile': Read-only file system
Jul 13 11:52:30 host vm-boot-protect.sh[293]: touch: cannot touch '.bash_login': Read-only file system
Jul 13 11:52:30 host vm-boot-protect.sh[293]: touch: cannot touch '.bash_logout': Read-only file system
Jul 13 11:52:30 host vm-boot-protect.sh[293]: touch: cannot touch '.profile': Read-only file system
Jul 13 11:52:30 host vm-boot-protect.sh[293]: touch: cannot touch '.xprofile': Read-only file system
Jul 13 11:52:30 host vm-boot-protect.sh[293]: touch: cannot touch '.xinitrc': Read-only file system
Jul 13 11:52:30 host vm-boot-protect.sh[293]: touch: cannot touch '.xserverrc': Read-only file system
Jul 13 11:52:30 host vm-boot-protect.sh[293]: touch: cannot touch '.xsession': Read-only file system
Jul 13 11:52:30 host systemd[1]: vm-boot-protect.service: Succeeded.
Jul 13 11:52:30 host systemd[1]: Started Protect Qubes VM execution environment at startup.
There is also a (related?) quirk that causes sys-whonix to re-connect to Tor once, soon after the first connection is made.
cc @adrelanos
