Re: [Tails-dev] Feature #5301 - Clone or Backup Persistent V…

Supprimer ce message

Répondre à ce message
Auteur: intrigeri
Date:  
À: The Tails public development discussion list
Sujet: Re: [Tails-dev] Feature #5301 - Clone or Backup Persistent Volume
anonym wrote (08 Jan 2016 17:43:04 GMT) :
> I leave it to sajolida and u to decide on how the backup tool should
> integrate into the installer (or if it should be separate),


Same here.

> and for u and intrigeri to clarify the privileges separation situation
> in the installer (I think it's run as a normal users, and udisks is used
> to partition, format, luksOpen etc without any risky setuid business).


This is correct. There's no luksOpen involved since Tails Installer
does not handle encrypted partitions, though.

In Tails, we also directly access the block device as the amnesia
user, since
/etc/udev/rules.d/99-make-removable-devices-user-writable.rules allows
us to do that.

On Debian/Ubuntu, we are more limited so we use some operations that
require administrator credentials:

* opening the block device with udisks2, to get a filehandle for
writing the MBR;
* running syslinux as root, using pkexec.

Cheers!
--
intrigeri