Read Only System

kYd · 2009-06-23 02:24:44

Hey, I'm trying to set up a partition containing a read only linux system to live along my normal day to day use Arch setup; mainly for use when giving the netbook for others to use, not being able to write to the system except a tempory home folder, surfing and downloading privately thus leaving no traces on the harddrive itself.

I understand I can use a live-usb and that works great but I'd like to be able to boot into a similar environment without the usb.

Any one know of any reading I can take a look at?
thanks

Xyne · 2009-06-23 02:44:52

If you need a "read-only system" that still allows use of a temporary home directory then why don't you just create a guest user that you could switch to when handing over your netbook to someone else? Setting up a full second system seems unnecessary to me.

If you really want to take that path, you could run a virtualized system that you could treat as a sandbox. Read up on KVM, Virtualbox and VM software.

You might also be able to use bindfs to create a full system chroot that's read-only. I haven't used chroot for anything so I don't know how practical/secure this would be, but I think it should work.

You could create a ramdisk to keep everything off of the disk or use encryption to keep the plaintext off of the disk (encfs, ecryptfs, truecrypt, luks, etc). With a VM, you would encrypt the disk image on your host system, not the files in the guest system (although you could do both, but that would be overkill).

If you just want an easy way to create a disposable encrypted sandbox for session browsing and working with sensitive files, you can use quixand. If you're worried about things leaking onto the disk, you should set up an encrypted swap partition too (using a random key at boot to ensure that it's (practically) unrecoverable after the system shuts down).

eldragon · 2009-06-23 03:19:09

just mount / as ro, but seems quite overkill for the average user...which should not have write permissions there anyway...

mount /home with noexec too. and of course /var and /tmp

im not quite sure what can happen with /home as noexec. just try it and see if it works

FSM · 2009-06-23 15:27:24

You can start a OS from an iso-image via Grub. It should work for your idea, but you have to google for it, it's a while ago, so i don't know how to do it exactly anymore (you need some files outside the disk, vmlinux and initrd.img, if i am right).

schuay · 2009-06-23 17:41:19

FSM wrote:

You can start a OS from an iso-image via Grub. It should work for your idea, but you have to google for it, it's a while ago, so i don't know how to do it exactly anymore (you need some files outside the disk, vmlinux and initrd.img, if i am right).

I tried doing that a while ago.. Never got it working

FSM · 2009-06-23 21:23:50

I just can say what I see now on my filesystem... So, first on my archlinux root filesystem there is a folder /Sidux (as I used a sidux image).

fsm@archLinux:/sidux$ ls
initrd.img  sidux-04-2008.iso  vmlinuz

I think initrd.img and vmlinuz is copied from inside the .iso, but I'm not sure.

fsm@archLinux:/sidux$ cat /boot/grub/menu.lst
# ...more entries 
title sidux from ISO
kernel (hd0,0)/sidux/vmlinuz boot=fll quiet vga=791 fromiso=/sidux/sidux-04-2008.iso
initrd (hd0,0)/sidux/initrd.img

Maybe it is helpfull for you in any way.

Edit:
Maybe this is just for sidux... anyway, I found the "install" instructions.

Last edited by FSM (2009-06-23 21:30:21)

Arch Linux

#1 2009-06-23 02:24:44

Read Only System

#2 2009-06-23 02:44:52

Re: Read Only System

#3 2009-06-23 03:19:09

Re: Read Only System

#4 2009-06-23 15:27:24

Re: Read Only System

#5 2009-06-23 17:41:19

Re: Read Only System

#6 2009-06-23 21:23:50

Re: Read Only System

Board footer