projects / live-boot-grml.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d2a2771)
Adapting a patch from Michael Prokop <mika@grml.org> to set all harddisk devices...
authorDaniel Baumann <daniel@debian.org>
Mon, 26 Oct 2009 11:51:22 +0000 (12:51 +0100)
committerDaniel Baumann <daniel@debian.org>
Wed, 9 Mar 2011 16:48:06 +0000 (17:48 +0100)
hooks/live patch | blob | history
scripts/live-premount/readonly [new file with mode: 0755] patch | blob

diff --git a/hooks/live b/hooks/live
index a940846..aa7b020 100755 (executable)
--- a/hooks/live
+++ b/hooks/live
@@ -174,6 +174,12 @@ then
        copy_exec /usr/bin/wget /bin
 fi
 
+# Program: blockdev
+if [ -x /sbin/blockdev ]
+then
+       copy_exec /sbin/blockdev /sbin
+fi
+
 # FUSE kernel module
 manual_add_modules fuse
 
diff --git a/scripts/live-premount/readonly b/scripts/live-premount/readonly
new file mode 100755 (executable)
index 0000000..8bed733
--- /dev/null
+++ b/scripts/live-premount/readonly
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+#set -e
+
+# initramfs-tools header
+
+PREREQ="udev"
+
+prereqs()
+{
+       echo "${PREREQ}"
+}
+
+case "${1}" in
+       prereqs)
+               prereqs
+               exit 0
+               ;;
+esac
+
+# live-initramfs script
+
+# make sure all harddisk devices are read-only
+# this is important for forensic investigations
+if grep -qe forensic -qe readonly /proc/cmdline
+then
+       for device in /dev/hd* /dev/sd* /dev/vd*
+       do
+               if [ -b "$device" ]
+               then
+                       printf " * Setting device %-9s to read-only mode: " $device >/dev/console
+                       blockdev --setro $device && printf "done [ execute \"blockdev --setrw %-9s\" to unlock]\n" $device >/dev/console || printf "failed\n" >/dev/console
+               fi
+       done
+fi
Grml's version of live-boot