Choose style:

Author Topic: Setting up fsprotect  (Read 3272 times)

0 Members and 1 Guest are viewing this topic.

Offline mracz

  • Jr. Member
  • **
  • Posts: 61
  • Karma: 1
  • New Forum User
    • View Profile
  • Peppermint version(s): 7
Setting up fsprotect
« on: June 03, 2017, 04:20:04 am »
I am just wondering how to put P8 on an USB stick that way, that upon booting the whole filesystem is loaded in memory so that contents on the stick might remain ro. Fsprotect seems to do this. But, frankly, I would need some kick to start: is there an itinerary for beginners for this? Or somebody help?    :-\   Thank you.

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 25455
  • Karma: 2798
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: Setting up fsprotect
« Reply #1 on: June 03, 2017, 05:52:51 am »
fsprotect isn't necessary on a "Live" USB because the root of the drive is ISO9660 (CDROM) and unwriteable anyway.

This is why you need a persistence file that is loop mounted if you want to be able to save changes.

So if you want it to be totally immutable, just don't include a persistence file.
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline mracz

  • Jr. Member
  • **
  • Posts: 61
  • Karma: 1
  • New Forum User
    • View Profile
  • Peppermint version(s): 7
Re: Setting up fsprotect
« Reply #2 on: June 03, 2017, 06:29:31 am »
As far as I understand on a "live" system the system itself keeps running on the USB stick or CD. My question is rather for a scenario if I used the stick or CD just for loading the whole system to the memory of the computer which might have some advantages compared to a live system. Hope I am not wrong?

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 25455
  • Karma: 2798
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: Setting up fsprotect
« Reply #3 on: June 03, 2017, 06:44:21 am »
No, from a "Live" CD/USB components are read into memory "as necessary", and flushed when not .. exactly as they would be from an immutable file system on an HDD.

It's why a "Live" system uses more memory than an installed system, because any files that will need to be altered NEED to stay in memory because the ISO 9660 file system is read only and changes cannot be saved back to the USB stick.

This is only not the case if you do a proper FULL install to a USB stick.

Think about it .. a CDROM is unwriteable .. so changes MUST happen only in memory, and are immediately lost upon reboot.
(and a "Live" USB is basically still a CDROM because it uses the same read-only filesystem .. ISO 9660)
« Last Edit: June 03, 2017, 06:49:18 am by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline mracz

  • Jr. Member
  • **
  • Posts: 61
  • Karma: 1
  • New Forum User
    • View Profile
  • Peppermint version(s): 7
Re: Setting up fsprotect
« Reply #4 on: June 03, 2017, 08:15:07 am »
I catch your point. However, if the fs is ro, it does not mean to me as a consequence, that the system is not "run" from the stick. I mean if I start the machine from a live stick and when booted I pull out the stick, the live system will not be able to properly work anymore.

My point is to set up my own P8 "live system", place my persistent things there (my "secrets" e.g. my mailbox imap logins, openvpn keys, rdp access data etc), have a computer "fired up" with my stick so that the complete os, including my home folder  and my private settings go to the memory, pull out the stick, place in a safe part of my pocket and use the computer as long as it is switched on. When I  switch off, all my things are gone. That would probably fit to most computers with 8 GB RAM or more - depends of course on what I need in my OS and how big my home folder is planned.

That is why I associated to fsprotect, but still unsure if this is the way to go.

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 25455
  • Karma: 2798
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: Setting up fsprotect
« Reply #5 on: June 03, 2017, 09:12:28 am »
Okay I'm pretty sure loading it all into a RAM drive would probably be possible (I'd have to spend some time thinking how), but that's

a) probably not the purpose of fsprotect .. which (from what I gather) is to make the root filesystem immutable at the file system level.
and
b) I wouldn't think it the most secure way of doing things .. when you consider that most hacks occur in RAM, and you're holding the ENTIRE OS there instead of just what's necessary at any given moment.
« Last Edit: June 03, 2017, 09:16:48 am by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline Admiral_Smith

  • nOOb
  • *
  • Posts: 21
  • Karma: 0
  • New Forum User
    • View Profile
  • Peppermint version(s): 7
Re: Setting up fsprotect
« Reply #6 on: August 18, 2017, 01:08:13 pm »
Just a little side dish.  There is a project called "parted magic" that loads the whole OS on to RAM and the USB stick can be removed.  I don't think it is in the debian universe anywhere.  I just mention it because of the technique they used not the OS relationship to Linux.

Offline crazyodaz

  • nOOb
  • *
  • Posts: 12
  • Karma: 0
  • New Forum User
    • View Profile
  • Peppermint version(s): SIX - ATE - SE7EN
Re: Setting up fsprotect
« Reply #7 on: September 07, 2017, 01:31:16 am »
Just a little side dish.  There is a project called "parted magic" that loads the whole OS on to RAM and the USB stick can be removed.  I don't think it is in the debian universe anywhere.  I just mention it because of the technique they used not the OS relationship to Linux.

well I'm retarded,  I always thought that was part of grub --- like my "NOMODESET" I gotta add on any distro i pretty experiment with,  I always added that inbetween the QUIET and SPLASH <--- seems to help with allot of these distro's when it comes to my dual nvidia gtx 970's and tripple monitors,  so anyways, sometimes i would throw a TORAM at the end sorta like a HELL MARY, buckle up and hold on,  needless to say after reading this last part of thread i had to do a google search and found a couple wiki's that had listings of linux distro's that supported "TORAM"  like your parted magic, few others listed mainly in the puppy or slack family, but surprisingly a few Debian's listed aswell. wont bore ya with links cause im sure they be a no no, I've been tossing myself around distro land all over the place and I keep coming back to peppermint cause it just freaking works with minimal hassle just wish my i7-2600k did not blow up, had peppermint 6 smoking on that,  this dang skylake just cant seem to order peppermint 6 around very well,  anyways

Quote
tmpfs; by mounting a tmpfs and running files that are placed on this, files and programs can be run from RAM, even on Linux distros that do not run completely in RAM


that was listed on that wiki i was browsing,, kinda lost me there, but might be a good snippet to keep around in the back filing cabnet -- just incase somebody tells you cant -- prolly best bet would be to google TORAM MINT assuming that they be a close relative should end ya up on the wiki below (unless the modderator allows this one link)

either case, looks like there is a few different ways of doing the ram bit with TORAM, TMPFS, or some CASPER SCRIPTS

*** EDIT NOTE  (MODDERATOR CAN EDIT OUT LINK HERE)
HYPER LINK REMAINED INTACT as it was only a helpful wiki link
https://en.wikipedia.org/wiki/List_of_Linux_distributions_that_run_from_RAM

Offline rjm65

  • Veteran
  • ****
  • Posts: 1003
  • Karma: 300
  • I have Peppermint Fresh Breath. :P
    • View Profile
  • Peppermint version(s): Win-98 /Win-7/ Peppermint 9
Re: Setting up fsprotect
« Reply #8 on: September 07, 2017, 08:01:09 am »
Just a little side dish.  There is a project called "parted magic" that loads the whole OS on to RAM and the USB stick can be removed.  I don't think it is in the debian universe anywhere.  I just mention it because of the technique they used not the OS relationship to Linux.
Parted magic is on all Hirens Boot CD's, I have been using Hirens for many years....  I believe Parted magic is Knopix...     :-\
Robert
Peppermint 9 User

Gateway Solo 9300 Pro
IBM T40

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 25455
  • Karma: 2798
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: Setting up fsprotect
« Reply #9 on: September 07, 2017, 10:21:12 am »
Quote
this dang skylake just cant seem to order peppermint 6 around very well

Does disabling hyperthreading in the BIOS make a difference ?
https://forum.peppermintos.com/index.php/topic,5763.0.html
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline crazyodaz

  • nOOb
  • *
  • Posts: 12
  • Karma: 0
  • New Forum User
    • View Profile
  • Peppermint version(s): SIX - ATE - SE7EN
Re: Setting up fsprotect
« Reply #10 on: September 10, 2017, 01:58:37 am »
Quote
this dang skylake just cant seem to order peppermint 6 around very well

Does disabling hyperthreading in the BIOS make a difference ?
https://forum.peppermintos.com/index.php/topic,5763.0.html

be honest, no i did not try that, comes disabled by default and i crank it back on,  maybe i gotta research that, but i use VMWARE Workstation allot, so I just assumed with the skylake i had to re-enable that setting

seriously, its not that big of a deal, it is , but its not,  the Sandybridge had 64gb ram so i was loving how pepermint 6 would boot up so resource friendly / free,  then of course 7 and 8 came out and though still resource friendly, especially when compared to microsoft win7 - 8 - or 10 --- was hooked on peppermint the second i stumbled on it, as for me, it would boot up, maybe 500-700mb ram used out of 64gb, plenty of left over room for virtual machines and the running of such.

seriously i cried when that sandybridge died , at the time, skylake was the only option unless i waited a month or two for the kaby, this is all before AMD finally stepped there game up again, hard to believe that the old Sandybridge was still smokin after 5 years,  growing up this was un-heard of, if you had a CPU for 5 years, you had a slow computer,  seriously, i am so glad AMD got back in the game maybe we will all benifit --- anyways --- Skylake and the DDR4 is now down to 32gb ram -- the 2600k was DDR3 so thats why

dont get me wrong, peppermint still my stong suite, and I thank ALL OF YA for this,  PEPPERMINT 8 still way resource friendly than Win7 or above, just came from format myself as I do like to push the system as much as possible ,  I just dream of the days i would boot up, and only 450-550mb ram was used, then if i ran the system for few hours or few days, Peppermint 6 would not use anything over 1gb unless i was using a virtual machine

when i experianced 700-800mb usage with peppermint 7 (this with skylake) -- i paniced, I tried to install 6, and it worked, but it was not the same  64gb vs 32gb maybe, but i doubt it, just seems that the sandybridge would own peppermint 6 ,  would not even bat a eyelash, ---  this skylake can not say that, atleast not with confidience

again, appreciate your suggestion, esspecially ontop of this thread, i did not mean to hijack it without starting a new topic,  peppermint 6 is getting old, soon that 14.04 going to be history aswell,  of course if memory serves, the 16.04 kernel update offered in peppermint 6 did help allitile  but so many lock ups and freezes, it was time to come back to 7, of course now 8 --- AGAIN, PEPPERMINT ROX!!! i wont lie, i distro-hop allot, but I always come back,  Peppermint just works out of the box with little mess or fuss,  i like that -- I thank Y'all for making my life so much easier ---

thank ya

*** pic of the triple monitor, couple VLC windows open , fiew different things thrown back in,  distro-hopping is not easy with dual GTX 970 sli --- this is just after bootup as told by INXI -- VMWARE not installed yet, but will be soon as i can dig up my licence again -- thank Y'all -- seriously -- not complaining at all -- it is a bummer, but nothing new, i will survive, who knows peppermint 9 is next, then maybe Peppermint X (10) -- maybe that Peppermint X will remind me of Peppermint 6 -- it is all good



Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 25455
  • Karma: 2798
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: Setting up fsprotect
« Reply #11 on: September 10, 2017, 07:54:26 am »
I was thinking more of just disabling hyperthreading temporarily as a test (VMWARE will still work), if it eliminates the freezes we can look into the microcode update that fixes the hyperthreading issue.

[EDIT]

Looking at your pic, you might also want to look into (or start a topic about) solutions for that screen tearing in the video.

Couldn't agree more about sandybridge i7's .. monsters .. and great to see AMD back in the game, which will hopefully drive down prices.
(would be nice to see some Ryzen powered laptops appear)

[EDIT 2]

Maybe even an EPYC laptop (with a battery on a little trailer you drag behind you or a backpack ?) .. okay maybe that's stretching it, Threadripper though..... :)
« Last Edit: September 10, 2017, 08:10:55 am by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline alynur

  • Trusted User
  • Member
  • *****
  • Posts: 993
  • Karma: 54
  • Habitual Forum Browser
    • View Profile
  • Peppermint version(s): P 9R (64bit), P 10
Re: Setting up fsprotect
« Reply #12 on: September 11, 2017, 06:39:48 pm »
Hi mracz, why not just install peppermint into a 32gb USB memory and log into it in any computer you want and then just shut down and remove the memory when you're done?
What was I thinking?

Offline crazyodaz

  • nOOb
  • *
  • Posts: 12
  • Karma: 0
  • New Forum User
    • View Profile
  • Peppermint version(s): SIX - ATE - SE7EN
Re: Setting up fsprotect
« Reply #13 on: September 12, 2017, 05:33:00 am »
I was thinking more of just disabling hyperthreading temporarily as a test (VMWARE will still work), if it eliminates the freezes we can look into the microcode update that fixes the hyperthreading issue.

[EDIT]

Looking at your pic, you might also want to look into (or start a topic about) solutions for that screen tearing in the video.

Couldn't agree more about sandybridge i7's .. monsters .. and great to see AMD back in the game, which will hopefully drive down prices.
(would be nice to see some Ryzen powered laptops appear)

[EDIT 2]

Maybe even an EPYC laptop (with a battery on a little trailer you drag behind you or a backpack ?) .. okay maybe that's stretching it, Threadripper though..... :)

I cried so hard when the Sandybridge died,  and to be honest I dont know if it was the Motherboard or the CPU, I have since bought reconditioned asus 77 board to replace the 67 i had, just havenot had time to play with it,  I am sure we are all in agreement,  no matter if intel or AMD fans , we seriously cant be having CPU's still out-bench other cpu's after 5 years,  thats why i cried, I mean the skylake here prolly could out-bench it, but just barely -- anyways maybe i did something wrong with my skylake peppermint-6 combination -- after you mentioned the bios settings i figured i would give it a go -- specially at looking at that video tear and the memory usage

I understand peppermint 6 is outdated, and i should stop expecting peppermint 7 or 8 to compete with 6,  case in point VLC running, guvcview, and kodi, jarvis -- all hanging around 750-850mb ram --  throw in the browser and she hovers around 1.1gb ram --- this was all this morning before i installed something i shouldnt have or what not, the top buttons on any window disapeared and anyways, i've formated since -- again with peppermint 6

i do see the video tear hard in the pictures, not so much live, VLC always gave me grief though, and such i normally use kodi -- thanx again for your insight, i will start another thread soon as i get everything half-way stable again,


Offline mracz

  • Jr. Member
  • **
  • Posts: 61
  • Karma: 1
  • New Forum User
    • View Profile
  • Peppermint version(s): 7
Re: Setting up fsprotect
« Reply #14 on: October 03, 2018, 02:45:52 pm »
Hi mracz, why not just install peppermint into a 32gb USB memory and log into it in any computer you want and then just shut down and remove the memory when you're done?

Well in a place I spend most of my daytime on weekdays we do have two types of weak-clients to log on the central server with VPN and RDP. None of the clients machines have HDD, SDD or any fixed hard disk. One has got a 2GB SD Card with fsprotect. When switched on the whole content of the SD card is copied to memory and made RW - the minimal Linux install then opens a VPN channel and connects to the server with RDP automatically. The SD card is never written, only read (RO, by the nature of fsprotect). The other one has got an USB stick with a full system which is of course RW. We have never had to repair or replace an SD Card for 5 years. The USB sticks, which are RW, need to be replaced every now and then (ok, not so very often, but when one needs to be replaced it is really annoying). And you do not need to log out of a client with fsprotected SD card - plug just removed and off you go. Next time the same system will be loaded for sure.