[Fedora-spins] [Fedora-livecd-list] livecd-tools 032 coming
Daniel J Walsh
dwalsh at redhat.com
Tue Jun 22 12:03:39 UTC 2010
On 06/21/2010 03:51 PM, Martin Dengler wrote:
> On Mon, Jun 21, 2010 at 03:10:38PM -0400, Daniel J Walsh wrote:
>> On 06/21/2010 02:57 PM, Martin Dengler wrote:
>>> [Sorry to reply to GP - I'm not on spins@]
>>>
>>>> On Mon, Jun 21, 2010 at 14:06:18 -0400,
>>>> Daniel J Walsh<dwalsh at redhat.com> wrote:
>>>>>
>>>>> One think I would like to talk about with livecd-creator would be a way
>>>>> to setup the livecd to have uninterrupted boot.
>>>>>
>>>>> The question is, am I the only one who thinks this is interesting?
>>>
>>> IIUC, "uninterrupted" boot is quite useful for Sugar on a Stick[1], at
>>> least on some architectures (XO-1, XO-1.5). If it wasn't present,
>>> we'd have to hack it in[2]
>>>
>>> Martin
>>>
>>> 1. http://spins.fedoraproject.org/soas/
>>> 2. http://cgit.sugarlabs.org/soas/mainline/tree/soas-liveuserscripts-eliminate.ks?h=blueberry
>>
>>
>> My idea is for apps like cash registers/kiosk/demo booths. If I
>> imbed a bootable OS and do not allow external USB/CD. Theoretically
>> people who can touch the box, can not boot their own OS or break
>> into the OS to turn off security features like SELinux/iptables etc.
>
> That sounds like "uninterruptable" boot to me, to be pedantic. Seems
> like plenty of overlap between what I was understanding as
> "uninterrupted" -- no user input / confusing configuration required --
> and what I imagine cash registers/kiosk/demo booths would require to
> be "uniterruptable".
>
> On that basis I'd say:
>
>>>>> The question is, am I the only one who thinks this is
>>>>> interesting?
>
> No, it's plenty interesting. If it was unintentional that
> livecd-tools provided something close to this, please don't take it
> away. Further enhancing livecd-tools in such a way is very useful.
>
> Thanks,
> Martin
My vision is to allow an admin to setup a piece of hardware with a live
OS that a user touching the machine, could not break into. I also want
NO admin password, since I want this thing to be cookie cutter. If pxe
booting the OS worked, that would even be better.
The machine would be setup with bios lock, and no USB/CDROM exposed or
bootable. Then just boot the live OS. Live OS is locked down by
SELinux confined xguest user no access to root, optionally IPTABLES lock
down to a particular IP Address or IP Network. In stead of worrying
about upgrading the Machine, you periodically replace the live OS Image.
More information about the spins
mailing list