Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: How to limit LiveCD persistency to home/data only and have an immutable system?

  1. #1
    Join Date
    Oct 2020
    Beans
    10

    How to limit LiveCD persistency to home/data only and have an immutable system?

    I managed to create a ubuntu 20.04 liveCD on usb drive. When I booted it up with PC, it automatically creates a 3rd partition, "writable", and turns on persistency. That is great!

    However, for security reasons I like to restrict persistency to user data only (e.g., wifi credential, app files). I don't want to allow any changes to system programs (at least not persistently). Nor do I want any downloaded executables.

    I suppose this is similar to previous "home-rw" partition, right? How do I do that now? What are ways to achieve my overall purpose of having an immutable system?

  2. #2
    Join Date
    Nov 2011
    Location
    /dev/root
    Beans
    Hidden!

    Re: How to limit LiveCD persistency to home/data only and have an immutable system?

    Try by changing the label 'writable' to 'home-rw' for the ext4 partition.

  3. #3
    Join Date
    Jun 2007
    Location
    Hikkaduwa, Sri Lanka
    Beans
    3,295
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: How to limit LiveCD persistency to home/data only and have an immutable system?

    "casper-rw" was changed to "writable" in 20.04.
    "home-rw" is still "home-rw"
    The only thing in the home-rw partition is the users home directory.
    The user is "ubuntu" until changed in settings/users.*
    A mkusb persistent drive is ideal for your needs. The OS partition is read only ISO9660, there is an easy to mount persistence partition, an optional NTFS data partition and the USB has an option for backing up and restoring.

    Edit
    *My error, It looks like a New User is not persistent without a casper-rw or writable partition, and mkusb backup option does not work for home-rw.

    @sudodus: Any chance of adding home-rw to backup options?
    Last edited by C.S.Cameron; October 20th, 2020 at 02:55 PM.

  4. #4
    Join Date
    Nov 2011
    Location
    /dev/root
    Beans
    Hidden!

    Re: How to limit LiveCD persistency to home/data only and have an immutable system?

    General description

    It works for with the standard user to have only home-rw (and not writable alias casper-rw).
    Code:
    $ sudo parted -s "/dev/sdc" print
    Model: OCZ-AGIL ITY3 (scsi)
    Disk /dev/sdc: 60,0GB
    Sector size (logical/physical): 512B/512B
    Partition Table: gpt
    Disk Flags: 
    
    Number  Start   End     Size    File system  Name     Flags
     2      1000kB  2000kB  1000kB               primary  bios_grub
     3      2000kB  258MB   256MB   fat32        primary  boot, esp
     4      258MB   2064MB  1806MB               primary
     5      2064MB  60,0GB  58,0GB  ext2         primary
     1      60,0GB  60,0GB  1464kB               primary  msftdata
    
    $ lsblk -o MODEL,NAME,FSTYPE,LABEL,MOUNTPOINT,SIZE "/dev/sdc"
    MODEL            NAME   FSTYPE  LABEL                     MOUNTPOINT   SIZE
    ITY3             sdc                                                  55,9G
                     |-sdc1                                                1,4M
                     |-sdc2                                                977K
                     |-sdc3 vfat    usbboot                              244,1M
                     |-sdc4 iso9660 Lubuntu 20.04.1 LTS amd64              1,7G
                     `-sdc5 ext4    writable                                54G
    
    $ sudo tune2fs -L home-rw /dev/sdc5
    tune2fs 1.44.1 (24-Mar-2018)
    See the first attached screenshot from a persistent live session by mkusb-dus with Lubuntu 20.04.1 LTS. There is memory of a previous session in BIOS mode, while the current sessions is in UEFI mode. You can also see how the persistent partition is mounted at /home.



    Backup/Restore

    There are backup/restore options for /home the via the starter menu of mkusb-dus. See the second attached screenshot. I have not tested if/how they work for a separate home partition. Maybe they don't work in this case.

    But you can do it manually [when booted live-only] by creating a tarball of the whole content of the partition of persistence. This is straightforward at least for a user who wants to tweak a persistent live drive as described here. Restoring from the tarball is also straightforward.
    Attached Images Attached Images
    Last edited by sudodus; October 20th, 2020 at 04:50 PM. Reason: Details added and modified about backup/restore

  5. #5
    Join Date
    Oct 2020
    Beans
    10

    Re: How to limit LiveCD persistency to home/data only and have an immutable system?

    Quote Originally Posted by sudodus View Post
    Try by changing the label 'writable' to 'home-rw' for the ext4 partition.
    Changing the label seems to do the trick. Thanks.

    However, wifi setting is not persistent. Any way to make it persistent?

    Also, is there a way to tell liveCD to create "home-rw" partition instead of "writable" partition at the first place?

  6. #6
    Join Date
    Oct 2020
    Beans
    10

    Re: How to limit LiveCD persistency to home/data only and have an immutable system?

    My understanding is mkusb is a tool that makes bootable and persistent usb drive from ISO image, right? I think it only runs on linux - correct me if I'm wrong. I'm targeting average users who can use windows/mac/linux. I'm hoping to distribute a ISO image they can burn with Etcher on any machine without any tech details.

    The liveCD seems pretty close at this point. See my other follow-up message. Right now I only have wifi setting persistence and creating "home-rw" at the first place 2 issues. Would appreciate any pointers there.

  7. #7
    Join Date
    Nov 2011
    Location
    /dev/root
    Beans
    Hidden!

    Re: How to limit LiveCD persistency to home/data only and have an immutable system?

    Wifi settings belongs to the system, and you would have to store the relevant file(s) in your home and copy files to where they belong in the system for this to happen. Maybe not easy, but should be possible.

    You can create an own tool or modify an existing tool to do exactly what you want, for example "home-rw" partition instead of "writable" partition at the first place. I don't think there is a short-cut for this particular purpose, but it is not that difficult to use tune2fs.

  8. #8
    Join Date
    Oct 2020
    Beans
    10

    Re: How to limit LiveCD persistency to home/data only and have an immutable system?

    Thanks for such a quick reply, sudodus!

    Quote Originally Posted by sudodus View Post
    Wifi settings belongs to the system, and you would have to store the relevant file(s) in your home and copy files to where they belong in the system for this to happen. Maybe not easy, but should be possible.
    The problem is during the process of creating LiveCD, I could not find the /home/ubuntu on the chroot/ directory. Do you know where is the template/source for ubuntu, the default user, home directory? Once I get that, I could easily create a system dir under /home/ubuntu to hold anything system data files that I want to persistent. I will just make the original system data files as symbolic links.

    Quote Originally Posted by sudodus View Post
    You can create an own tool or modify an existing tool to do exactly what you want, for example "home-rw" partition instead of "writable" partition at the first place. I don't think there is a short-cut for this particular purpose, but it is not that difficult to use tune2fs.
    What is the "existing tool" you are referring to? What is the package specifically? I'm already building the ISO from scratch. So it might not be hard to hack a little here.

    My goal is to give a very smooth end user experience. Even though tune2fs is not hard (and I can could even hide it behind a script), but it will involve a reboot and some oddities during the process to an average user. (for example, if user has already modified some data. After changing the label, all will be lost.)

  9. #9
    Join Date
    Nov 2011
    Location
    /dev/root
    Beans
    Hidden!

    Re: How to limit LiveCD persistency to home/data only and have an immutable system?

    If you first loop mount the iso file, then casper/filesystem.squashfs in the iso file, you will find /home. I guess you have extracted all this, so it should be possible to put some files in the home directory.

    One existing tool is mkusb-plug, and I think it would be rather easy for you to modify it. You could go directly into mkusb-sedd, which is part of mkusb-plug. These modules are 'only' bash shellscripts, nothing fancy.

  10. #10
    Join Date
    Oct 2020
    Beans
    10

    Re: How to limit LiveCD persistency to home/data only and have an immutable system?

    The casper/filesystem.squashfs is created from deboostrap'ed chroot. The home/ is empty. So if we put anything there, it is likely be overridden later when we mount home-rw partition on top of it.

    It would be nice to know how /home/ubuntu directory come from. I also have another pending question on automatically starting an app, which would also require adding a startup file to ~ubuntu/.config/autostart directory.

Page 1 of 2 12 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •