Tomster/Arch-Setup-Script
1
0
Fork 0
mirror of https://github.com/tommytran732/Arch-Setup-Script synced 2024-09-19 15:14:43 -04:00
Code

Update README.md

Browse Source
This commit is contained in:
TommyTran732 2021-06-23 13:19:03 -04:00 committed by tommytran732
parent df4c1f1f65
commit 3b53f87359
No known key found for this signature in database
GPG Key ID: 060B29EB996BD9F2
1 changed files with 1 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
README.md
View File

@ -34,15 +34,6 @@ The partition layout I use rallows us to replicate the behavior found in openSUS
9. Blacklisted Firewire SBP2 (As recommended by https://www.ncsc.gov.uk/collection/end-user-device-security/platform-specific-guidance/ubuntu-18-04-lts)
10. Kernel security settings
### Why so many @var_xxx subvolumes?
Most of these subvolumes come from SUSE's partition layout prior to 2018, before they simply made @var its own subvolume. We cannot blindly do this however, since pacman
stores its database in /var/lib/pacman/local, which needs to be excluded and rolled back accordingly to the rest of the system.
Other than that, /var/lib/gdm and /var/lib/AccountsService must have their own read-write subvolume in order to boot GNOME from a read only snapshot.
### Why GNOME?
I only use GNOME and I know that I have to explicitly create a seperate a subvolume for /var/lib/gdm, /var/cache, /var/tmp and so on for a full desktop to boot from a read-only snapshot. I don't know how other desktop environments behave and which directories we need to create a seperate subvolume for. We will also change the partitioning scheme according to the DE selection as well, since it doesn't make any sense to create @var_lib_gdm on a KDE system. Any help with adding more DE options would be appreciated.
### Partitions layout
| Partition/Subvolume | Label | Mountpoint | Notes |
@ -60,9 +51,7 @@ I only use GNOME and I know that I have to explicitly create a seperate a subvol
| 11 | @/var_cache | /var/cache | Encrypted BTRFS (nodatacow) |
| 12 | @/var_tmp | /var/tmp | Encrypted BTRFS (nodatacow) |
| 13 | @/var_spool | /var/spool | Encrypted BTRFS (nodatacow) |
| 14 | @/var_lib_gdm | /var/lib/gdm | Encrypted BTRFS |
| 15 | @/var_lib_AccountService | /var/lib/AccountsService | Encrypted BTRFS |
| 16 | @/var_lib_libvirt_images | /var/lib/libvirt/images | Encrypted BTRFS (nodatacow) |
| 14 | @/var_lib_libvirt_images | /var/lib/libvirt/images | Encrypted BTRFS (nodatacow) |
### To do
1. Automate wheel user setup