[SOLVED] How can I mount /dev/sda1 read only?

[gerald_clark]

I think you are putting too much trust in read-only.
If it is locked down, why do you need read-only.
If it is not locked down, the user can remount it read-write.

If you are worried about someone changing boot options you can boot off sda1 and have your TCE=sda2.
This way the boot partition won't be mounted at all.
It still won't stop a determined user with a shell that can obtain root privileges.

--- edit ---
You can also use chattr to make directories and files immutable.

[andyj]

I'm doing plenty of other things too:

Xorg.conf:

        Option          "DontVTSwitch" "true"
        Option          "DontZap" "true"

inittab:

tty1::once:/sbin/getty -nl /sbin/autologin 38400 tty1
::ctrlaltdel:/bin/true

.profile

nohup startx >/dev/null 2>&1 &

.xsession:

$(grep -q nosuders /proc/cmdline) && sudo sed -i -e 's/^tc/#tc/' /etc/sudoers

There is no window manager loaded, and Xprogs.tcz isn't loaded either. Because getty runs once, startx keeps running after the shell exits, the three-finger salute is disabled, VT switching is disabled, X zapping is disabled, and su is disabled getting to a session with privs will be hard. Oh, and there's no keyboard either, just a touchscreen.

Making it read only is just part of locking it down. I like the chattr idea, but this is a FAT32 file system so it's not an option for this project.

Andy