Hi all, What I'm trying to do is to create a bunch of Fedora USB sticks for use in practical examinations at uni. The existing Windows setup in the labs is pretty woeful, and the only way I can be in control of the environment is to boot up off something else.
I have it working pretty nicely, but I have a few issues I'm not sure how to resolve. (1) I want to stop non-root users from being able to mount other drives, e.g., other USB sticks. How do I do that? (It's not enough to kill off the auto-mounting if people will still be able to mount from the command line.) (2) On a more relevant point for this list, I've noticed that all users have access to the base FAT32 filesystem of the bootable USB stick, on /mnt/live. How do I get this mounted so that only root can read /mnt/live? I don't want someone to be able to write code to unpick the squashfs image, etc. These are programming exams, so they have a compiler available, and a few of them can probably use it... (3) The write cache is good, and makes the whole system feel very responsive, but if a machine crashes or there's a power cut, I'm in danger of them losing lots of work. Is there a way of decreasing the maximum "dirty" time for writes to the USB stick? I have found lots of info on doing this for vm paging, but not for the filesystem itself. All I've found is how to turn off the cache altogether (mount with 'sync'), but that's not an option because everything will run much too slowly. I'd far rather set an option to ensure that everything gets written at most a minute after entering the cache. It would be really handy to solve these without resorting to selinux. I have had some trouble with selinux and the USB sticks, and I would prefer to leave it disabled. But if selinux is by far the easiest solution, I can probably work with it. (I don't know if it's relevant, but currently I have to build this as Fedora 11, because my first go is a 3D graphics exam, and they need the proprietary ATI driver.) Thanks for the help! James -- livecd mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/livecd
