LTSP Kiosk
Introduction

Basic Setup
Server-side Changes
Client-side Changes
Adding New Clients

Additional Features
Locking FireFox
PDF Support
Background Image
Printing

Advanced Issues
Securing Connection
Client Firewall
Detect Kiosk Idle
Booting Clients Remotely

Tailored Tools

Compiling netfilter-aware kernel

Main source: http://www.ltsp.org/contrib/customkernel.html (referred below as CK)

Get Everything

  • everything you need for building a kernel
  • ltsp_initrd_kit for buildk script
  • kernel sources and possible patches (below no patches are mentioned since we don't need LPP or NFS swap)
  • mknbi is not needed, since our project uses GRUB/TFTP to boot

Setting Things Up

  • Unpack the kernel sources to /usr/src as suggested in CK
  • Skip the mknbi stuff
  • Skip the patch stuff
  • Copy the config file from the ltsp_initd_kit to /usr/src/linux* (or from another source, like config-hykiosk-2.4.25)
  • If your kernel version is higher than the config's make sure that you run make oldconfig before proceeding
  • You might want to add some tag to kernel's version by editing the EXTRAVERSION in linux/Makefile. I suggest that you use "-kiosk" or something to separate the installed modules from your current (those that are used by the maching you're using to compile kernel) ones. The tag is used when the modules are installed (see Exporting Modules below).

Configuring the Kernel

The LTSP Documentation gives you pretty straightforward documentation for compiling the kernel. Make sure that your configuration satisfies the requirements (devfs, NFS etc.).

  • For netfilter use Networking / Network packet filtering and its configuration (Networking / IP: Netfilter configuration)
    • Include IP tables support
    • Include Packet filtering
    • Include Reject target support

Compile

Compile the kernel and modules

make dep
make bzImage
make modules
make modules_install

Although the last command might surprise you, the buildk script looks for the kernel modules from the standard location. Therefore, they have to be installed.

Make bzImage and initrd

The bzImage and initrd files are compiled by the buildk script, which is bundled in ltsp_initrd_kit. If your DHCP does not provide a ROOTPATH value for you, you need to edit the linuxrc file in the initrd as described in client-side setup. You can do this in two different ways:

  1. Edit the linuxrc before running buildk. You find it in the file from the ltsp_initrd_kit/root/linuxrc. Edit the file as suggested and run buildk. This option saves you from mounting/unmounting the initrd image.
  2. Run the buildk and edit the linuxrc file later as suggested in client-side setup. This option teachs you how to edit initrd files.

As a result of this step you should get a renamed bzImage and initrd files that can be put acailable in your TFTP directory.

Exporting Modules

The bzImage and initrd are delivered by TFTP, but your server should provide the modules in the clients /lib directory. There might be more elegant way to do it, but here is my solution:

  1. Install the modules by make modules_install (you may have done that already)
  2. tar, zip or pack the new modules directory from your /lib/modules/2.4.x-whatever (use the EXTRAVERSION tag you specified in the linux/Makefile)
  3. Put the stuff to the NFS server for the client

Installing iptables

iptables does not use any dynamic libraries that would not already be available for your client, but make sure you copy the iptables libraries from /lib/iptables to the client's tree.

Updated: 25-FEB-2004