Re: [PLUG] SteadyState/DriveShield for Ubuntu?

Jack Hill on 12 Jul 2012 08:32:22 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] SteadyState/DriveShield for Ubuntu?

From: Jack Hill <jackhill@jackhill.us>
To: plug@lists.phillylinux.org
Subject: Re: [PLUG] SteadyState/DriveShield for Ubuntu?
Date: Thu, 12 Jul 2012 11:32:11 -0400
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: plug-bounces@lists.phillylinux.org

On Thu, 12 Jul 2012 11:04:15 -0400
Rich Freeman <r-plug@thefreemanclan.net> wrote:

> On Thu, Jul 12, 2012 at 10:43 AM, Jack Hill <jackhill@jackhill.us>
> wrote:
> > I would look at putting the filesystem on LVM (I donât think Linux
> > btrfs or zfs support is there yet) and taking a snapshot when a user
> > logs in. All changes made during that session go to the snapshot
> > which can be thrown away when he or she logs out. Of course if you
> > need data to persist across sessions then you need to set up some
> > kind of persistent store.
> 
> I don't think LVM lets you revert a snapshot.  That's the whole
> frustration with it.

But you donât need to. Suppose you have the LV home on VG vg0. When
a user logs in you

lvcreate -n home-temp -s home -L some-reasonable-size
mount /dev/vg0/home-temp /home

All the change the user makes get copy-on-written by disk block changed
to home-temp. When the user logs out simply

lvremove /dev/vg0/home-temp.

The tricky part is making sure a user canât prevent any parts of this
from running. A more robust solution might be to run user sessions in a
VM. The hypervisor/privileged operating system passes all input to the
user sessions vm, except for one key combination (say ctrl-alt-del).
When this combination is the currently running user session VM is
destroyed, an new snapshot of itâs disk is made, and it is booted.
With this method you can give users root access to their VM, while
still giving some level of guarantee to users that when they walk up to
the machine and press the magic keystroke they will have a pristine/not
tampered with system. C.E. Your hypervisor should be free of security
bugs.

Jack

Attachment: signature.asc
Description: PGP signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] SteadyState/DriveShield for Ubuntu?
  - From: Rich Freeman <r-plug@thefreemanclan.net>

References:
- [PLUG] SteadyState/DriveShield for Ubuntu?
  - From: Adam Zion <azion1995@gmail.com>
- Re: [PLUG] SteadyState/DriveShield for Ubuntu?
  - From: "Eric H. Johnson" <ejohnson@camalytics.com>
- Re: [PLUG] SteadyState/DriveShield for Ubuntu?
  - From: Jack Hill <jackhill@jackhill.us>
- Re: [PLUG] SteadyState/DriveShield for Ubuntu?
  - From: Rich Freeman <r-plug@thefreemanclan.net>

Prev by Date: Re: [PLUG] SteadyState/DriveShield for Ubuntu?
Next by Date: Re: [PLUG] SteadyState/DriveShield for Ubuntu?
Previous by thread: Re: [PLUG] SteadyState/DriveShield for Ubuntu?
Next by thread: Re: [PLUG] SteadyState/DriveShield for Ubuntu?
Index(es):
- Date
- Thread