diff --git a/scripts/boot.sh b/scripts/boot.sh index 2fe563e..d2a5c62 100755 --- a/scripts/boot.sh +++ b/scripts/boot.sh @@ -446,9 +446,7 @@ mountroot () Arguments - # make sure all harddisk devices are read-only - # this is important for forensic investigations - case "${READ_ONLY}" in + case "${LIVE_READ_ONLY}" in true) Read_only ;; diff --git a/scripts/boot/arguments.sh b/scripts/boot/arguments.sh index f9e8d33..5f34512 100755 --- a/scripts/boot/arguments.sh +++ b/scripts/boot/arguments.sh @@ -7,16 +7,17 @@ Arguments () for ARGUMENT in $(cat /proc/cmdline) do case "${ARGUMENT}" in + live-boot.read-only|read-only) + LIVE_READ_ONLY="true" + export LIVE_READ_ONLY + ;; + live-boot.verify-checksums|verify-checksums) LIVE_VERIFY_CHECKSUMS="true" export LIVE_VERIFY_CHECKSUMS ;; # parameters below need review - read-only) - READ_ONLY="true" - ;; - skipconfig) NOFASTBOOT="true" NOFSTAB="true" diff --git a/scripts/boot/read-only.sh b/scripts/boot/read-only.sh index c8990df..48aa06c 100755 --- a/scripts/boot/read-only.sh +++ b/scripts/boot/read-only.sh @@ -4,14 +4,30 @@ Read_only () { - # Marking the usual block devices for harddisks read-only - for _DEVICE in /dev/sd* /dev/vd* + # Marking some block devices as read-only to ensure that nothing + # gets written as linux still writes to 'only' read-only mounted filesystems. + _DEVICES="/dev/sd* /dev/vd*" + + for _DEVICE in ${_DEVICES} do - if [ -b "${_DEVICE}" ] + if [ ! -b "${_DEVICE}" ] then - printf "Setting device %-9s to read-only mode:" ${_DEVICE} > /dev/console - - blockdev --setro ${_DEVICE} && printf " done [ execute \"blockdev --setrw %-9s\" to unlock]\n" ${_DEVICE} > /dev/console || printf "failed\n" > /dev/console + continue fi + + echo -n "Setting ${_DEVICE} read-only..." > /dev/console + + blockdev --setro ${_DEVICE} + _RETURN="${?}" + + case "${_RETURN}" in + 0) + echo " done, use 'blockdev --setrw ${_DEVICE}' to set read-write." > /dev/console + ;; + + *) + echo " failed." > /dev/console + ;; + esac done }