- Replace bind-mounts on /lmn/media/$USER with separate
mounting for Home and Share SMB shares in the VM.
- Update vm-run to start virtiofsd with /lmn/media/$USER
(/home/$USER on localhome machines).
- Use vm-vminfo to generate a JSON file containing user
information, including Username, Groups, printer list
krb5-ticket and some more
- Configure vminfo.service (systemd-timer) to periodically
call vm-vminfo.
- Ensure krb5-ticket (TGT) is injected into the Windows VM.
- Mount SMB-Home and SMB-Share shares as part of the new structure.
Use variable localhome to determines whether the localhome module is installed.
Default: localhome=false
Further changes:
- Move pam-exec from common-auth to common-session
- Move pam-mkhomedir before pam-mount to avoid double login on first use
on localhome devices
In Linux socket paths are limited to 108 char length.
/var/tmp/vm/$UID/.config will be too long in some cases.
So we use /var/tmp/vm/$UID
/var/tmp/vm must be
- cleaned on startup
- created with sticky-bit (used by different users)
For working exam-mode we need to block direct internet access by firewall.
Users have to use squid-proxy on firewall, which can be disabled for exam-users.
To allow VM-traffic (anonymous user), we use a local squid server with users
kerberos-ticket to authenticate on the parent squid.
When using VMs on teacherdevices offsite, the local squid has to use direct internet access.
So we need two squid configs. When switching between offsite and onsite,
the squid has to be restartet with corresponding config.
Systemd-networkd is no longer used.
NetworkManager creates a MACVTAP device for each physical Ethernet device.
When calling vm-run with option macvtap, all macvtap-devices are passed to the VM.
- user-home is on local disk
- additional entry in dolphin: home@server
- display info about localhome on login-screen
- provide unison-config for sync home with home@server
- force user to be logged out immediately after first login, because
home-dir must exists for bind-mounts on /lmn/media
