套件:bilibop-lockfs(0.6.3)
lock filesystems and write changes into RAM
Bilibop helps to maintain a Debian GNU/Linux operating system installed on an external media (USB, FireWire, Flash memory, eSATA). It hardens standard rules and policies to make the system more robust in this particular situation.
If the lockfs feature is enabled (in a configuration file, in the boot commandline or by a heuristic), nothing will be written on the filesystems listed in /etc/fstab, except for those that have been whitelisted, or for the encrypted swap devices. More, bilibop-lockfs now is able to detect if the drive has been locked by a physical switch, and then overrides its own settings to unconditionally apply a 'hard' policy.
The root filesystem is locked (set readonly, using either aufs or overlay) by an initramfs script which also modifies the temporary fstab to prepare other filesystems to be locked later by a mount helper script.
bilibop-lockfs provides the following features:
* whitelist based policy: filesystems on which you want to allow persistent changes must be explicitly listed in a configuration file. * swap devices policy: they can be used 'as is', noauto, only if encrypted, only if encrypted with a random key, or not used at all. * not only filesystems are set read-only, but also block devices: this forbids changes of the partition table, boot sectors, LUKS headers and LVM metadata. * plymouth messages to know at boot time if bilibop-lockfs is enabled or not, or if an error occurred. * desktop notifications at startup about filesystems status, to inform the user that volatile or persistent changes are allowed or not, and where.
This package can be used as an alternative to fsprotect or overlayroot, especially for writable operating systems embedded on a USB stick; but it may also be installed on public or personal computers, for daily use, kiosks, testing purposes, or as a tool in anti-forensics strategies.
其他與 bilibop-lockfs 有關的套件
|
|
|
|
-
- dep: bilibop-common (= 0.6.3)
- shell functions for bilibop scripts
-
- dep: initramfs-tools
- generic modular initramfs generator (automation)
-
- dep: udev (>= 242-6)
- /dev/ 及 熱插拔管理伺服程式
-
- rec: cryptsetup
- disk encryption support - startup scripts
-
- sug: aufs-dkms
- 套件暫時不可用
-
- sug: bilibop-device-policy
- 本虛擬套件由這些套件填實: bilibop-rules, bilibop-udev
-
- sug: gnome-icon-theme
- This package contains the default icon theme used by the GNOME
-
- sug: libnotify-bin
- sends desktop notifications to a notification daemon (Utilities)
-
- sug: plymouth
- boot animation, logger and I/O multiplexer
下載 bilibop-lockfs
硬體架構 | 套件大小 | 安裝後大小 | 檔案 |
---|---|---|---|
amd64 | 50。1 kB | 141。0 kB | [檔案列表] |
arm64 | 50。1 kB | 141。0 kB | [檔案列表] |
armel | 50。1 kB | 141。0 kB | [檔案列表] |
armhf | 50。1 kB | 141。0 kB | [檔案列表] |
i386 | 50。1 kB | 141。0 kB | [檔案列表] |
mips64el | 50。1 kB | 141。0 kB | [檔案列表] |
mipsel | 50。1 kB | 141。0 kB | [檔案列表] |
ppc64el | 50。1 kB | 141。0 kB | [檔案列表] |
s390x | 50。1 kB | 141。0 kB | [檔案列表] |