bilibop-lockfs - lock filesystems and write changes into RAM

Property Value
Distribution Debian 7 (Wheezy)
Repository Debian Backports Main amd64
Package filename bilibop-lockfs_0.4.21~bpo70+1_amd64.deb
Package name bilibop-lockfs
Package version 0.4.21~bpo70+1
Package release -
Package architecture amd64
Package type deb
Homepage -
License -
Maintainer -
Download size 45.45 KB
Installed size 85 B
Bilibop helps to maintain a Debian GNU/Linux operating system installed
on an external media (USB, FireWire, Flash memory, eSATA). It hardens
standard rules and policies to make the system more robust in this
particular situation.
If the lockfs feature is enabled (in a configuration file, in the boot
commandline or by a heuristic), nothing will be written on the filesystems
listed in /etc/fstab, except for those that have been whitelisted, or for
the encrypted swap devices. More, bilibop-lockfs now is able to detect if
the drive has been locked by a physical switch, and then overrides its own
settings to unconditionally apply a 'hard' policy.
The root filesystem is locked (set readonly, using aufs) by an initramfs
script which also modifies the temporary fstab to prepare other filesystems
to be locked later by a mount helper script.
bilibop-lockfs provides the following features:
* whitelist based policy: filesystems on which you want to allow persistent
changes must be explicitly listed in a configuration file.
* swap devices policy: they can be used 'as is', noauto, only if encrypted,
only if encrypted with a random key, or not used at all.
* not only filesystems are set read-only, but also block devices: this
forbids changes of the partition table, boot sectors, LUKS headers and
LVM metadata.
* plymouth messages to know at boot time if bilibop-lockfs is enabled or
not, or if an error occured.
* desktop notifications at startup about filesystems status, to inform the
user that volatile or persistent changes are allowed or not, and where.
This package can be used as an alternative to fsprotect or overlayroot,
especially for writable operating systems embedded on a USB stick; but it
may also be installed on public or personal computers, for daily use,
kiosks, testing purposes, or as a tool in anti-forensics strategies.
Some features may require Linux kernel 2.6.37 or higher to work properly.


Package Version Architecture Repository
bilibop-lockfs_0.4.21~bpo70+1_i386.deb 0.4.21~bpo70+1 i386 Debian Backports Main
bilibop-lockfs - - -


Name Value
bilibop-common = 0.4.21~bpo70+1
initramfs-tools -
initscripts >= 2.88dsf-13.3


Type URL
Binary Package bilibop-lockfs_0.4.21~bpo70+1_amd64.deb
Source Package bilibop

Install Howto

  1. Add the following line to /etc/apt/sources.list:
    deb wheezy-backports main
  2. Update the package index:
    # sudo apt-get update
  3. Install bilibop-lockfs deb package:
    # sudo apt-get install bilibop-lockfs




2014-03-24 - Yann Amar <>
bilibop (0.4.21~bpo70+1) wheezy-backports; urgency=low
* Rebuild for wheezy-backports.
* Revert commit 1a504a0e9489e0dfee149798843312ef39cc8dba (2013-09-17).
Reintroduce the trailing ${Newline} in the "Description" variable in
debian/substvars, due to the fact that the dpkg-dev version used to build
the bpo is still affected by #659814 (fixed in 1.17.0). This makes the
extended descriptions of the binary packages more pretty.
2014-02-12 - Yann Amar <>
bilibop (0.4.21) unstable; urgency=low
* bilibop-common: in find_mountpoint(), replace the two piped sed commands
by only one.
* bilibop-rules: add translations for the debconf templates:
+ spanish: thanks to CamaleĆ³n <>. Closes: #733867.
+ german: thanks to Chris Leick <>. Closes: #738781.
* Modify debian/*: in sed commands, replace the
undocumented -E option by the standard -r option.
* Remove debian/source.lintian-overrides (newer-standards-version 3.9.5):
after new lintian release (2.5.20), this file is no more needed. This
reverts commit e32bff8f93a9175900a5c80516e18788abc8704e (2013-11-24).

See Also

Package Description
bilibop-rules_0.4.21~bpo70+1_amd64.deb device management rules for OS running from external media
bilibop-udev_0.4.21~bpo70+1_amd64.deb minimal udev rule for Debian GNU/Linux running from external media
bilibop_0.4.21~bpo70+1_amd64.deb run Debian GNU/Linux from external media - metapackage
bind9-doc_9.9.5.dfsg-4~bpo70+1_all.deb Documentation for BIND
bind9-host_9.9.5.dfsg-4~bpo70+1_amd64.deb Version of 'host' bundled with BIND 9.X
bind9_9.9.5.dfsg-4~bpo70+1_amd64.deb Internet Domain Name Server
bind9utils_9.9.5.dfsg-4~bpo70+1_amd64.deb Utilities for BIND
bindechexascii_0.0+20140524.git7dcd86-1~bpo70+1_amd64.deb simple ASCII,binary,decimal and hex converter
bip_0.8.9-1~bpo70+1_amd64.deb multiuser irc proxy with conversation replay and more
bird-bgp_1.4.5-1~bpo70+1_amd64.deb Internet Routing Daemon [BGP-only version]
bird-doc_1.4.5-1~bpo70+1_all.deb Internet Routing Daemon - documentatio
bird6_1.4.5-1~bpo70+1_all.deb Internet Routing Daemon [transitional packages]
bird_1.4.5-1~bpo70+1_amd64.deb Internet Routing Daemon
bittwist_2.0-3~bpo70+1_amd64.deb libpcap based Ethernet packet generator
bladerf_0.2014.09~rc2-5~bpo70+1_amd64.deb nuand bladeRF software-defined radio device (tools)