On 25/04/16 17:34, Christian Seiler wrote: > Am 2016-04-25 17:24, schrieb Daniel Pocock: >> On 25/04/16 16:23, Holger Levsen wrote: >>> On Mon, Apr 25, 2016 at 04:03:26PM +0200, Daniel Pocock wrote: >>>> I had already made up some live CDs for ready-to-run VoIP and >>>> remote hands purposes, so I can probably do some of what is >>>> required, but it seems like a good idea to avoid duplicating any >>>> other efforts in this area too. >>> >>> shouldn't most of the functionality of this go into (a) dedicated >>> package(s) which then can be used by several, eg by tails and grml and >>> debian live-cds? >>> >> Some parts of such a project could probably be packaged >> >> One of the ideas I had is that it should have a kernel compiled without >> any networking support, then it may not make sense to mix bits of the >> solution with other live CDs > > Well, as Debian kernels are modularized, why not simply create a > package that blacklists all network drivers? Then you don't have > to compile an own kernel, but just make sure that the list of > networking-related kernel modules is up to date, which seems to > me to be a lot less work (especially since you can potentially > automate that by looking for stuff in drivers/net). > > Plus a tool that looks at the list of loaded modules and checks > that there isn't any network driver loaded. >
I agree that is probably easier for development, although from a security point of view the strategy would be to avoid having any networking code in the environment at all I've progressed the whole concept from vapourware to wikiware now: https://wiki.debian.org/OpenPGP/CleanRoomLiveEnvironment Does the workflow make sense?
