On 13/01/2012 14:09, Harald Hoyer wrote: > On 13.01.2012 15:06, Harald Hoyer wrote: >> On 13.01.2012 12:55, Alastair Scobie wrote: >>> Apologies if this is the incorrect mailing list to discuss this issue.. >>> >>> Does anyone know if there is a way to configure dracut such that >>> it will not attempt to mount USB mass-storage devices at boot time, >>> but will still allow mounting of such devices once a system (in our >>> case ScientifcLinux6) is fully booted? >>> >>> Why do we want to do this? We run several large teaching labs running >>> SL6 desktops. We mount filesystems by UUID. We are concerned that our >>> students could install a USB memory stick, at boot time, with a >>> filesystem with the same UUID as the "official" root filesystem so >>> fooling dracut into mounting a trojan filesystem. >>> >>> Thanks, in advance, for any ideas.. >>> >>> Alastair Scobie >>> >>> >> >> specifying "root=UUID=<uuid> rd.shell=0" will do exactly what you want. Then >> you >> also want to secure grub (or any other bootloader) with a password. > > Ah, sorry, only read half of it. You might want to blacklist the USB storage > kernel driver then. > > "rd.driver.blacklist=usb-storage"
Would that blacklist apply only during dracut - would the usb-storage module still be loadable if a user inserted a USB stick after login? ... > or choose one of the by-path symlinks with e.g. > "root=/dev/disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0-part1" ... otherwise, this looks like the best approach. Thanks -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. -- To unsubscribe from this list: send the line "unsubscribe initramfs" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
