[Fedora-spins] [Fedora-livecd-list] livecd-tools 032 coming

Daniel J Walsh dwalsh at redhat.com
Tue Jun 22 12:03:39 UTC 2010 

On 06/21/2010 03:51 PM, Martin Dengler wrote:
> On Mon, Jun 21, 2010 at 03:10:38PM -0400, Daniel J Walsh wrote:
>> On 06/21/2010 02:57 PM, Martin Dengler wrote:
>>> [Sorry to reply to GP - I'm not on spins@]
>>>
>>>> On Mon, Jun 21, 2010 at 14:06:18 -0400,
>>>>    Daniel J Walsh<dwalsh at redhat.com>   wrote:
>>>>>
>>>>> One think I would like to talk about with livecd-creator would be a way
>>>>> to setup the livecd to have uninterrupted boot.
>>>>>
>>>>> The question is, am I the only one who thinks this is interesting?
>>>
>>> IIUC, "uninterrupted" boot is quite useful for Sugar on a Stick[1], at
>>> least on some architectures (XO-1, XO-1.5).  If it wasn't present,
>>> we'd have to hack it in[2]
>>>
>>> Martin
>>>
>>> 1. http://spins.fedoraproject.org/soas/
>>> 2. http://cgit.sugarlabs.org/soas/mainline/tree/soas-liveuserscripts-eliminate.ks?h=blueberry
>>
>>
>> My idea is for apps like cash registers/kiosk/demo booths.  If I
>> imbed a bootable OS and do not allow external USB/CD.  Theoretically
>> people who can touch the box, can not boot their own OS or break
>> into the OS to turn off security features like SELinux/iptables etc.
>
> That sounds like "uninterruptable" boot to me, to be pedantic.  Seems
> like plenty of overlap between what I was understanding as
> "uninterrupted" -- no user input / confusing configuration required --
> and what I imagine cash registers/kiosk/demo booths would require to
> be "uniterruptable".
>
> On that basis I'd say:
>
>>>>> The question is, am I the only one who thinks this is
>>>>> interesting?
>
> No, it's plenty interesting.  If it was unintentional that
> livecd-tools provided something close to this, please don't take it
> away.  Further enhancing livecd-tools in such a way is very useful.
>
> Thanks,
> Martin

My vision is to allow an admin to setup a piece of hardware with a live 
OS that a user touching the machine, could not break into.  I also want 
NO admin password, since I want this thing to be cookie cutter.  If pxe 
booting the OS worked, that would even be better.

The machine would be setup with bios lock, and no USB/CDROM exposed or 
bootable.  Then just boot the live OS.  Live OS is locked down by 
SELinux confined xguest user no access to root, optionally IPTABLES lock 
down to a particular IP Address or IP Network.  In stead of worrying 
about upgrading the Machine, you periodically replace the live OS Image.

More information about the spins mailing list