Porteus 32-bit v09 kernel modifications

New features which should be implemented in Porteus; suggestions are welcome. All questions or problems with testing releases (alpha, beta, or rc) should go in their relevant thread here, rather than the Bug Reports section.
DoomUs
White ninja
White ninja
Posts: 21
Joined: 06 Jun 2011, 17:04
Location: New Mexico

Porteus 32-bit v09 kernel modifications

Post#1 by DoomUs » 13 Jun 2011, 17:38

First off, I'm willing to move to "rc2" if it makes a difference, my only marriage to v09 is that I have some modules for it already.

In light of my other posts regarding removing HDD mounting functionality (http://forum.porteus.org/viewtopic.php?f=53&t=573), as well as a goal to remove network device support, my best option sounds like re-compiling the kernel, excluding modules providing 1. Network device drivers, and 2. Filesystem support (except for iso because it's a live-cd).


When I use porteus.config as the configuration, my kernel (2.6.37) compiles just fine. I try to modify porteus.config via "make menuconfig" and I remove all of the networking and fs support that I don't want, but I really don't understand which packages contain what. Predictably, when I try to compile, I run into compilation errors from "undefined variable" or some such error. I've tried a couple of different configurations, but I run into the same errors.
(btw is 2.6.37 the kernel that v09 uses? somewhere I thought I saw 2.6.39, but "uname" says 2.6.37)

I'd rather not re-compile after every package/module exclusion to figure out by process of elimination which one is causing my errors. I would be greatly appreciative if someone could help me understand which modules should be excluded to acheive my goals.

My goals, again are to:
(1) Remove network drivers. I don't want the computer used with the live-cd to be able to connect to a local or wireless network, or even sniff the wireless medium.

(2) Remove the ability to access local hard drives. Whether this is by removing interface support, i.e. ata/sata/usb, etc, or by removing support for File Systems, or any other mechanism. One suggestion was to remove FS support, which seems reasonable, and I see the options for it in the menuconfig.

THANKS

User avatar
brokenman
Site Admin
Site Admin
Posts: 6105
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v4 all desktops
Location: Brazil

Re: Porteus 32-bit v09 kernel modifications

Post#2 by brokenman » 13 Jun 2011, 18:05

but "uname" says 2.6.37
Believe uname

Personally i don't think you need to go as low as the kernel to remove this functionality. If you want to remove some kernel options, have a look under the help option for each thing you want to remove. It will say there if it is reliant on another module.

I would guess that the error you get comes from removing file system support. I've never attempted to remove them. You will most certainly need fuse & aufs (union) and i would also leave at least one other such as ext3. I think you could disable the mounting of file systems, this would be sufficient for you.

You will then want to remove network support from initrd and 001. Hope that helps a little.
How do i become super user?
Wear your underpants on the outside and put on a cape.

DoomUs
White ninja
White ninja
Posts: 21
Joined: 06 Jun 2011, 17:04
Location: New Mexico

Re: Porteus 32-bit v09 kernel modifications

Post#3 by DoomUs » 13 Jun 2011, 18:12

brokenman wrote:but "uname" says 2.6.37I would guess that the error you get comes from removing file system support. I've never attempted to remove them. You will most certainly need fuse & aufs (union) and i would also leave at least one other such as ext3. I think you could disable the mounting of file systems, this would be sufficient for you.

You will then want to remove network support from initrd and 001. Hope that helps a little.
When you say "disable the mounting of file systems", what are you referring to? Are we talking about the /bin, /sbin swap of "mount" command?
If so, I'd like to restrict mounting for root too.
If not, please elaborate on how to disable mounting of file systems.

As for removing network support from initrd and 001. I apologize for my ignorance, but how is this done, what am I looking for, how/why does it work? How easy, and how is this measure circumvented?

Thanks @brokenman

beny
Full of knowledge
Full of knowledge
Posts: 2086
Joined: 02 Jan 2011, 11:33
Location: italy

Re: Porteus 32-bit v09 kernel modifications

Post#4 by beny » 13 Jun 2011, 22:34

maybe i am wrong but you can use no hd cheatcode to hidden the hard disk and you don't surf into it,i am not shure if work on porteus,but you can try

DoomUs
White ninja
White ninja
Posts: 21
Joined: 06 Jun 2011, 17:04
Location: New Mexico

Re: Porteus 32-bit v09 kernel modifications

Post#5 by DoomUs » 15 Jun 2011, 13:39

beny wrote:maybe i am wrong but you can use no hd cheatcode to hidden the hard disk and you don't surf into it,i am not shure if work on porteus,but you can try
Yeah, I tried the cheatcode, and that's nice, the only issue is that you only need to hit "tab" during boot, and you can remove it if you want.

I'm not too concerned with making it "impossible" to mount or anything, but I don't want it completely trivial, like removing a cheatcode.

BTW, if I'm misunderstanding the mechanism you're describing, let me know.

beny
Full of knowledge
Full of knowledge
Posts: 2086
Joined: 02 Jan 2011, 11:33
Location: italy

Re: Porteus 32-bit v09 kernel modifications

Post#6 by beny » 16 Jun 2011, 03:01

if you use a file permission only for root or so, you can use cheatcode like a password, only you can use this option no guest can use this boot chance,i think, maybe i can wrong,but in linux if you decide to do something and only you ,no one can do the same,if you use a cd live better way to do this.

User avatar
brokenman
Site Admin
Site Admin
Posts: 6105
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v4 all desktops
Location: Brazil

Re: Porteus 32-bit v09 kernel modifications

Post#7 by brokenman » 16 Jun 2011, 03:28

You can add your nohd cheatcode to porteus.cfg instead of hitting tab at start. This file contains all the boot options. Change the permissions so guest can't edit this. There isn't a lot you can do to stop root from having his way. This is why root exists. Root will always need the mount function ... the first lines in linuxrc involve mounting. Short of removing the hard drive altogether you won't stop root from finding a way to mount ... there are ways, but nothing fool proof.

You could add a line to the end of the booting sequence that deletes the mount file. I assume you will be using 'always fresh' mode and not saving changes if you want to protect a system this much. Mount will available at next boot, but missing for all users after it has done it's job of getting the system up. You then have to modify the shutdown files because they need to unmount stuff. Maybe you could hide it somewhere until shutdown. Replace it with a dialog that says mount has been removed ... and while the user is wondering how this is possible, club them over the head from behind so they can't mount anything.

As for removing the network functionality, this would not be too difficult at all. Look for fanthoms tutorial on updating the kernel, and then go through it and remove the /lib/modules/`uname -r`/kernel/net drivers from initrd. Open up 000-kernel.xzm and look inside /var/log/packages/broadcom* and ndiswrapper. There is a list of files that belong to these packages and you can use the xmodtools to remove the packages. You'll also want to remove the bluetooth from this module.

If you are looking for a tutorial, you'll have to wait until after this weekend. I wrote a tutorial (a while back on slax) on creating a public kiosk which may give you some ideas ... but it is not as foolproof as what i am thinking you want:

http://ibj.co.nz/slax/slax-kiosk-setup.html
How do i become super user?
Wear your underpants on the outside and put on a cape.

Post Reply