[Fedora-livecd-list] Preventing access to /mnt/live (inter alia)
Alexander Boström
abo at root.snowtree.se
Fri Mar 5 18:39:03 UTC 2010
fre 2010-03-05 klockan 10:11 +0000 skrev James Heather:
> (2) On a more relevant point for this list, I've noticed that all users
> have access to the base FAT32 filesystem of the bootable USB stick,
> on /mnt/live. How do I get this mounted so that only root can
> read /mnt/live? I don't want someone to be able to write code to unpick
> the squashfs image, etc. These are programming exams, so they have a
> compiler available, and a few of them can probably use it...
Maybe you should just install Fedora to the USB stick instead of using
the Live tools. (Oups, sorry list. :) )
I'd suggest manually partitioning the stick using parted to make sure
partitions are properly aligned (by even 128KiB is probably best),
before booting into Anaconda. Also parted needs "units B" to make it
actually follow what the user enters. (Anaconda is supposed to align
partitions according to hints from the drive, but if the drive doesn't
hint, you're on your own, it seems.)
> (I don't know if it's relevant, but currently I have to build this as
> Fedora 11, because my first go is a 3D graphics exam, and they need the
> proprietary ATI driver.)
The experimental MESA driver (r600_dri) works very well for me, at least
for driving Compiz. (I switched back to composited Metacity though.)
More information about the livecd
mailing list