To Tux or not to Tux

Brian Cluff brian at snaptek.com
Tue Apr 19 20:48:12 MST 2016 

Yup, you can do essentially that, you'll want to use the vboxmanage to 
set or clear it immutable bit rather than just using the file system's 
immutable bit since they aren't the same thing.  The system's immutable 
command will just cause virtualbox to throw an error that it can't write 
to the hard drive.  The virtualbox immutable command will signal 
virtualbox to create a temporary snapshot that then gets thrown away 
every single load, but the command to do it isn't too much more 
difficult than just setting or clearing a file level immutable bit.
Sorry I can't look it up right now, I'm at Stammtisch and my laptop 
doesn't have virtualbox installed.

Brian Cluff

On 04/19/2016 08:26 PM, Wayne D wrote:
> Ya know, I got to thinking.  Couldn't I simply revert to 
> NON-IMMUTABLE, update, then IMMUTABLE again?  It IS a flag is it not?
>
> chattr +i /path/to/filename
>
>
> On 04/19/2016 06:24 PM, Brian Cluff wrote:
>> Correct, but you have to ask yourself, do you really need updates for 
>> a box that even if it gets infected can't hold onto an
>> infection between loads of the VM.
>>
>> That being said, getting something like cryptolocker would really 
>> suck, so you might want to come up with a procedure so that the
>> machine gets updated periodically but goes right back to being locked 
>> down, but if he's only using the system for strictly the bare
>> minimum, the likelihood of getting an infection is slim to none.
>>
>> Brian Cluff
>>
>> On 04/19/2016 05:04 PM, Wayne D wrote:
>>> Just so (I) am clear on this:  A VM setup this way cannot get 
>>> winblows updates either... correct? It would literally be frozen in
>>> time.
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>

More information about the PLUG-discuss mailing list