[Fedora-livecd-list] Is automounting of LVM volumes by a livecd dangerous?
Antonio Olivares
olivares14031 at yahoo.com
Sat Aug 2 03:25:02 UTC 2008
> > Dear all,
> >
> > I have asked the following question on
> fedora-list at redhat.com.
> >
> > But then it clicked to me that I should have directed
> the question here on livecd list.
> >
> > Is automounting of LVM volumes by a livecd dangerous?
>
> Probably you've heard this before, but the short answer
> is 'it depends'.
>
> If you believe in the philosophy that a default livecd boot
> should be
> guaranteed to not write any bits on system disk/storage,
> then yes, it is
> dangerous. I'll even go one further- it's even
> dangerous to mount ext3
> filesystems ""read-only"".
>
> When implementing liveusb-persistence, an early variation
> of my
> implementation would attempt to readonly mount every disk,
> looking for
> persistent overlay files to utilize. Ultimately, for the
> first liveusb
> persistence release, I backed off of the flexibility that
> doing so would
> enable, and now the current fedora liveusb mechanism will
> only by
> default look at the booting media (e.g. usbstick) for the
> persistence
> file which is by definition already mounted.
>
> One thing I noticed in that earlier implementation was that
> if you did a
> 'blockdev --setro' on devices before attempting to
> mount them readonly
> (because like me, you are ultra paranoid, and believe that
> users should
> be confident that by default no bits on their disks will be
> twiddled)...
> Anyway, if you do that, and then try to mount readonly an
> ext3 device,
> you'll be confounded by the fact that the mount now
> fails, because for
> some reason mounting an ext3fs readonly is not a purely
> read-only
> operation. I think maybe in some instances it really wants
> to replay
> the journal. I vaguely recall also trying to mount an ext3
> as readonly
> as an ext2 filesystem, but I vaguely recall that not
> working.
>
> Ultimately, for another tool I was working on (viros.org),
> I ended up
> implementing a devicemapper solution. I.e. to be truly
> paranoid, you
> can blockdev --setro, then build up a devicemapper snapshot
> to ram to
> get a virtually writable device, which you can then mount
> readonly (and
> amusingly, get some visibility into which bits get written
> in such a case).
>
> But back to your question- Another very good reason to be
> this
> paranoid, is whether or not you want to support the
> following use-case:
>
> - user has ubuntu(or any distro) installed on their system
> disk.
> - user hibernates
> - user boots your livecd
> - user reboots, and wants to unhibernate
> - user is hosed if you mounted filesystems that were
> mounted in the
> hibernated OS
>
> -dmc
>
By default slax mounts all devices rw including NTFS partitions. Maybe a warning should be placed on the use. Anyhow, I have not seen it be dangerous with regular partitions.
Thank you for your input, I will relay the information to Tomas.
Regards,
Antonio
More information about the Fedora-livecd-list
mailing list