live: added use/live/privacy

This target is responsible for providing isolation of local hard drives and networking from the system running off the LiveCD/Flash.
2015-04-17 14:25:56 +03:00 · 2015-04-17 14:25:56 +03:00 · e63c5e9333
commit e63c5e9333
parent 71caf44aa3
1 changed files with 16 additions and 0 deletions
--- a/features.in/live/config.mk
+++ b/features.in/live/config.mk
@ -89,3 +89,19 @@ use/live/sound: use/live
 # prepare bootloader for software suspend (see also install2)
 use/live/suspend: use/live
 	@$(call add,LIVE_PACKAGES,installer-feature-desktop-suspend-stage2)
+
+# deny network/local drive access for security reasons
+use/live/privacy: use/services use/memclean use/deflogin
+	@$(call add,DEFAULT_SERVICES_ENABLE,livecd-nodisks)
+	@$(call add,LIVE_PACKAGES,livecd-nodisks)
+	@$(call add,LIVE_CLEANUP_KDRIVERS,kernel/net/)
+	@$(call add,LIVE_CLEANUP_KDRIVERS,kernel/drivers/net/)
+	@$(call add,LIVE_CLEANUP_KDRIVERS,kernel/drivers/ata/)
+	@$(call add,LIVE_CLEANUP_KDRIVERS,kernel/drivers/scsi/)
+	@$(call add,LIVE_CLEANUP_KDRIVERS,kernel/drivers/block/)
+	@$(call add,LIVE_CLEANUP_KDRIVERS,kernel/drivers/cdrom/)
+	@$(call add,LIVE_CLEANUP_KDRIVERS,kernel/drivers/firewire/)
+	@$(call add,LIVE_CLEANUP_KDRIVERS,kernel/drivers/bluetooth/)
+	@$(call set,STAGE1_MODLISTS,stage2-ata stage2-drm stage2-hid)
+	@$(call add,STAGE1_MODLISTS,stage2-mmc stage2-usb)
+	@$(call add,USERS,altlinux:::)