Hello. in 90overlay-root creates /live/image file system for live mode
#!/bin/sh
# make a read-only nfsroot writeable by using overlayfs
# the nfsroot is already mounted to $NEWROOT
# add the parameter rootovl to the kernel, to activate this feature
. /lib/dracut-lib.sh
if ! getargbool 0 rootovl ; then
return
fi
modprobe overlay
# a little bit tuning
mount -o remount,nolock,noatime $NEWROOT
# Move root
# --move does not always work. Google >mount move "wrong fs"< for
# details
mkdir -p /live/image
mount --bind $NEWROOT /live/image
umount $NEWROOT
# Create tmpfs
mkdir /cow
mount -n -t tmpfs -o mode=0755 tmpfs /cow
mkdir /cow/work /cow/rw
# Merge both to new Filesystem
mount -t overlay -o noatime,lowerdir=/live/image,upperdir=/cow/rw,workdir=/cow/work,default_permissions overlay $NEWROOT
# Let filesystems survive pivot
mkdir -p $NEWROOT/live/cow
mkdir -p $NEWROOT/live/image
mount --bind /cow/rw $NEWROOT/live/cow
umount /cow
mount --bind /live/image $NEWROOT/live/image
umount /live/image
is it possible to add a mount and launch virtual disk /var/lib/libvirt/images/debian.qcow2 (file itself is in /live/image) that it is launched in flows without consumption of additional memory? it will make a kicksecure a fantastically secure system (much cooler than qubes). live mode is perfectly launched by live-ISO, but how to avoid a load on memory with an already installed system, as is done with podman containers? solving this problem of memory load will help strengthen anti-forensicism. I use live mode every day, but even 32g of memory is not enough for working with VMs
I am interested in your opinion. What is safer for a disc with personal data - Qubes OS or Kicksecure Live Mode + security-misc? How is easier to hack dm0 host disk. Virtualization gives serious protection, but live mode + security-misc is protection against hacking and forensics.
I used Qubes and Secureblue. These systems are very cool, but both do nothing against forensics, but this is important. And it seems to me that Kicksecure can become the coolest OS if solve problem of virtualization without using 64g ram. I understand, live mode is more vulnerable than Tails USB. Or am I adding too much meaning and it is enough to use live VM (for example, Kicksecure live VM in Qubes) and shred a journal against forensics?
I think Kicksecure is better than Qubes. You can run VMs in virtualbox in ova images and it will consume less disk space in live mode. You can run Kicksecure VMs in live mode in virtualbox with 16 GB of RAM. If you have 32 GB of RAM, you can run Whonix and another machine in live mode. This is much more secure than Qubes - isolation and anti-forensic. In Qubes, even disposable qubes do not run from RAM by default and leave a lot of logs. Qubes is very picky about hardware and this is a big problem. Qubes greatly limits possibilities for designers and gamers. Kicksecure does not have these problems. If Kicksecure launches sandbox and user isolation in a new version, + using virtualbox images, this will be the most secure and convenient OS (and much more convenient and flexible than Secureblue). I love Kicksecure and Whonix