Re: [Fedora-livecd-list] Is automounting of LVM volumes by a livecd dangerous?

> Dear all, > > I have asked the following question on fedora-list(a)redhat.com. > > But then it clicked to me that I should have directed the question here on livecd list. > > Is automounting of LVM volumes by a livecd dangerous? Probably you've heard this before, but the short answer is 'it depends'. If you believe in the philosophy that a default livecd boot should be guaranteed to not write any bits on system disk/storage, then yes, it is dangerous. I'll even go one further- it's even dangerous to mount ext3 filesystems ""read-only"". When implementing liveusb-persistence, an early variation of my implementation would attempt to readonly mount every disk, looking for persistent overlay files to utilize. Ultimately, for the first liveusb persistence release, I backed off of the flexibility that doing so would enable, and now the current fedora liveusb mechanism will only by default look at the booting media (e.g. usbstick) for the persistence file which is by definition already mounted. One thing I noticed in that earlier implementation was that if you did a 'blockdev --setro' on devices before attempting to mount them readonly (because like me, you are ultra paranoid, and believe that users should be confident that by default no bits on their disks will be twiddled)... Anyway, if you do that, and then try to mount readonly an ext3 device, you'll be confounded by the fact that the mount now fails, because for some reason mounting an ext3fs readonly is not a purely read-only operation. I think maybe in some instances it really wants to replay the journal. I vaguely recall also trying to mount an ext3 as readonly as an ext2 filesystem, but I vaguely recall that not working. Ultimately, for another tool I was working on (viros.org), I ended up implementing a devicemapper solution. I.e. to be truly paranoid, you can blockdev --setro, then build up a devicemapper snapshot to ram to get a virtually writable device, which you can then mount readonly (and amusingly, get some visibility into which bits get written in such a case). But back to your question- Another very good reason to be this paranoid, is whether or not you want to support the following use-case: - user has ubuntu(or any distro) installed on their system disk. - user hibernates - user boots your livecd - user reboots, and wants to unhibernate - user is hosed if you mounted filesystems that were mounted in the hibernated OS -dmc