Hi,
intrigeri wrote (10 Jun 2013 16:25:14 GMT) :
>> 2. the only one relevant file in bilibop-udev is 66-bilibop.rules; so it
>> is possible to modify it again (+2 lines), or even not install
>> bilibop-udev (but only bilibop-common), and add a specific rules file in
>> the amnesia git repository (I think in
>> config/chroot_local-includes/etc/udev/rules.d/). Additionally, you could
>> merge it with the existing 99-hide-TailsData.rules. In that case, this
>> could give: [...]
>> What do you think about that ?
> Great, I do like it! It allows us to externalize the bulk of the work
> to bilibop (which is great), while at the same time giving us
> fine-grained control on what exactly we want it to do.
>> If needed I can help to write what you need.
> I'll give it a try ASAP, and will get back to you if I need help.
> Thanks for the offer :)
I've tried it, and what you suggested in your out-of-thread forwarded
email worked fine (UDISKS_SYSTEM_INTERNAL was set for the Tails boot
medium). However, it is not effective in practice as Squeeze's udisks
does not support this property yet.
So, I guess this specific protection will have to wait until Tails is
based on Wheezy, unless someone can think of a way to implement
per-device udisks-level write access protection with udisks
1.0.1+git20100614-3.
One more reason to work on porting to Wheezy!
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc