2 # Filename: forensic-mark-readonly
3 # Purpose: force block devices to read-only mode when booting with boot option read-only
4 # Authors: grml-team (grml.org), (c) Michael Prokop <mika@grml.org>
5 # Bug-Reports: see http://grml.org/bugs/
6 # License: This file is licensed under the GPL v2 or any later version.
7 ################################################################################
9 # check for read-only bootoption
10 if ! grep -q read-only /proc/cmdline ; then
14 # see linux source -> Documentation/admin-guide/sysfs-rules.rst
16 for dir in /sys/subsystem/block/ /sys/class/block/ /sys/block/ ; do
17 [ -d "${dir}" ] && echo "${dir}" && return
30 [ "$(blockdev --getro "$1")" = "1" ] && return 0 || return 1
33 if [ -z "${1:-}" ] ; then
34 echo "Error: usage: <$0> <blockdevice>" >&2
38 # accept /dev/foo from command line but also just "foo" from udev
44 BLOCK_DEVICE="/dev/$1"
48 SYS_DIR="$(get_blockdev_dir)"
50 # support configuration file
51 if [ -r /etc/grml/forensic.conf ] ; then
55 . /etc/grml/forensic.conf
57 if [ "${READONLY_MODE:-}" = "disable" ] ; then
58 logger -t forensic-mark-readonly "not setting '${BLOCK_DEVICE}' to read-only as disabled via config"
62 if [ -n "${READONLY_IGNORE:-}" ] ; then
63 case ${READONLY_IGNORE:-} in
65 logger -t forensic-mark-readonly "not setting '${BLOCK_DEVICE}' to read-only as present in ignore list"
72 base_device=$(base "${BLOCK_DEVICE}")
73 if [ -n "${SYS_DIR}" ] && [ -n "${base_device}" ] ; then
74 tmp_parent="${SYS_DIR}/*/${base_device}"
75 if [ -d "${tmp_parent}" ] ; then
76 parent_device=$(dir "${tmp_parent}")
77 parent_device=$(base "${parent_device}")
78 parent_device="/dev/${parent_device}"
83 if is_ro "${BLOCK_DEVICE}" ; then
84 logger -t forensic-mark-readonly "device ${BLOCK_DEVICE} already set to read-only mode, nothing to do"
85 elif [ -n "${parent_device}" ] && ! is_ro "${parent_device}" ; then
86 logger -t forensic-mark-readonly "parent device ${parent_device} is set read-write, not modifying"
87 logger -t forensic-mark-readonly "use blockdev --setro ${BLOCK_DEVICE} to set it manually"
89 logger -t forensic-mark-readonly "setting ${BLOCK_DEVICE} [${ID_SERIAL}] to read-only"
91 if blockdev --setro "${BLOCK_DEVICE}" ; then
92 logger -t forensic-mark-readonly "|-> done; execute 'blockdev --setrw ${BLOCK_DEVICE}' to unlock"
94 logger -t forensic-mark-readonly "|-> error while executing blockdev: $(blockdev --setro "${BLOCK_DEVICE}" 2>&1)"
98 ## END OF FILE #################################################################