Use variable localhome to determines whether the localhome module is installed.
Default: localhome=false
Further changes:
- Move pam-exec from common-auth to common-session
- Move pam-mkhomedir before pam-mount to avoid double login on first use
on localhome devices
In Linux socket paths are limited to 108 char length.
/var/tmp/vm/$UID/.config will be too long in some cases.
So we use /var/tmp/vm/$UID
/var/tmp/vm must be
- cleaned on startup
- created with sticky-bit (used by different users)
For working exam-mode we need to block direct internet access by firewall.
Users have to use squid-proxy on firewall, which can be disabled for exam-users.
To allow VM-traffic (anonymous user), we use a local squid server with users
kerberos-ticket to authenticate on the parent squid.
When using VMs on teacherdevices offsite, the local squid has to use direct internet access.
So we need two squid configs. When switching between offsite and onsite,
the squid has to be restartet with corresponding config.
Some Windows programs have problems with virtiofsd drives.
So that the appropriate SMB shares can be mounted directly in Windows,
a corresponding list of network drives is created before the VM starts.
- The new virtiofsd provides the ability to map a specified
UID and GID to that of the user when running in user mode.
As a result, virtiofsd is moved to userland for VMs and
the new -uid and -gid options are introduced that specify
the IDs on the guest.New v
- The drives no longer have to be mounted with the group ID 1010.
Therefore, the mount options are changed to the real group ID
Systemd-networkd is no longer used.
NetworkManager creates a MACVTAP device for each physical Ethernet device.
When calling vm-run with option macvtap, all macvtap-devices are passed to the VM.
- user-home is on local disk
- additional entry in dolphin: home@server
- display info about localhome on login-screen
- provide unison-config for sync home with home@server
- force user to be logged out immediately after first login, because
home-dir must exists for bind-mounts on /lmn/media
