@0x1eef's personal website

About

This post documents how to modify a hardenedBSD virtual machine image, and follows my first post that documented how to build a hardenedBSD virtual machine image where we produced image with a standard installation that this post intends to modify and customize.

Phase 1

Overview

In the first post we produced a raw virtual machine image (vm.ufs.raw). In this post we intend to use mdconfig(8) to create a memory device from our raw image file. This will allow us to mount the device with mount(8). Afterwards we can modify the mount point to either add, modify or remove files from the image itself. Once we're done making edits, we can unmount the device and the changes that were made will have persisted to the image file (vm.ufs.raw).

What files could we add ? A good start could be /etc/rc.conf. Another candidate might be /etc/rc.local. The latter would allow us execute a shell script at boot time towards the end of the boot process. /boot/loader.conf is another file we may we want to add to load certain kernel modules early in the process. These are just ideas and food for thought.

First let's mount the virtual machine image to /mnt:

mdconfig -f vm.ufs.raw -u 0
mount /dev/md0p4 /mnt

Explanation

mdconfig -f vm.ufs.raw -u 0
Attach vm.ufs.raw as a memory disk. A breakdown:
- -f vm.ufs.raw The file we want to attach as a memory disk.
- -u 0 The memory disk unit (eg md0)
mount /dev/md0p4 /mnt
Mount the root partition at /mnt so files can be edited.

Phase 2

Overview

The next step is where the reader may know what they want to do better than I do. For the purposes of this post, we're going to add three files to the image. The contents of these files could be anything you like, however, the hardenedbsd-builder repository has a realistic example of what the contents could be. These are the files we will be working with:

/etc/rc.conf
/etc/rc.local
/boot/loader.conf

cp config/etc/rc.conf /mnt/etc/
cp config/etc/rc.local /mnt/etc/
cp config/boot/loader.conf /mnt/boot/

Explanation

cp config/etc/rc.conf /mnt/etc/
Copies the file onto the image.
cp config/etc/rc.local /mnt/etc/
Copies the file onto the image.
cp config/boot/loader.conf /mnt/boot/
Copies the file onto the image.

Phase 3

Overview

This phase is the last phase, and it is where we unmount disks, and detach the memory device. Afterwards, the process is complete and we can take our modified image and potentially deploy it to the cloud:

umount /mnt
mdconfig -d -u 0

Explanation

umount /mnt
Unmounts the mountpoint
mdconfig -d -u 0
Detaches memory disk md0

Conclusion

mdconfig(8) is an awesome tool that does one thing well, and cooperates with mount(8) rather than trying to be two tools at once. It is a great example of the UNIX philosophy. That's what stood out to me most. I'm grateful to have tools like it, and for the people who have worked on them.