summaryrefslogtreecommitdiffstats
path: root/system-boot/components/0020-read-only
diff options
context:
space:
mode:
Diffstat (limited to 'system-boot/components/0020-read-only')
-rwxr-xr-xsystem-boot/components/0020-read-only72
1 files changed, 72 insertions, 0 deletions
diff --git a/system-boot/components/0020-read-only b/system-boot/components/0020-read-only
new file mode 100755
index 0000000..f56b8cf
--- /dev/null
+++ b/system-boot/components/0020-read-only
@@ -0,0 +1,72 @@
+#!/bin/sh
+
+#set -e
+
+Read_only ()
+{
+ for _PARAMETER in ${LIVE_BOOT_CMDLINE}
+ do
+ case "${_PARAMETER}" in
+ live-boot.read-only=*|read-only=*)
+ LIVE_READ_ONLY="true"
+ LIVE_READ_ONLY_DEVICES="${_PARAMETER#*read-only=}"
+ ;;
+
+ live-boot.read-only|read-only)
+ LIVE_READ_ONLY="true"
+ ;;
+ esac
+ done
+
+ case "${LIVE_READ_ONLY}" in
+ true)
+ ;;
+
+ *)
+ return 0
+ ;;
+ esac
+
+ # Marking some block devices as read-only to ensure that nothing
+ # gets written as linux still writes to 'only' read-only mounted filesystems.
+ LIVE_READ_ONLY_DEVICES="${LIVE_READ_ONLY_DEVICES:-/dev/sd* /dev/vd*}"
+
+ for _DEVICE in $(echo ${LIVE_READ_ONLY_DEVICES} | sed -e 's|,| |g')
+ do
+ if [ ! -b "${_DEVICE}" ]
+ then
+ continue
+ fi
+
+ echo -n "live-boot: Setting ${_DEVICE} read-only..." > /dev/console
+
+ blockdev --setro ${_DEVICE}
+ _RETURN="${?}"
+
+ case "${_RETURN}" in
+ 0)
+ echo " done, use 'blockdev --setrw ${_DEVICE}' to set read-write." > /dev/console
+ ;;
+
+ *)
+ echo " failed." > /dev/console
+ ;;
+ esac
+ done
+
+ if grep -qw persistence /proc/cmdline
+ then
+ printf " * Persistence mode enabled, searching for persistency related devices to unlock\n" >/dev/console
+
+ for label in custom-ov home-rw home-sn live-rw live-sn persistence
+ do
+ if blkid -t LABEL="$label" | grep -q '.'
+ then
+ device=$(blkid -t LABEL="$label" | awk -F: '{print $1}')
+ printf " - Setting device %-9s with label '%s' to write mode for persistence mode: " "$device" "$label" >/dev/console
+ blockdev --setrw $device && printf "done\n" >/dev/console || printf "failed\n" >/dev/console
+ fi
+ done
+ fi
+
+}