Better internal hard disks lockdown
Tails user can currently access their local hard disks. It is only possible when an administrative password is set at boot time, but still it would be better to make internal drives read-only at kernel level to prevent anything bad from happening, unless explicitly desired. The later is useful to wipe a file or the whole device.
About implementation: live-boot's
readonly option does the read-only part, but it does that for every device, including removable ones, which is painful when using persistence (#5910) stored on the USB stick Tails is running from. We need to add a
readonly=fixed option to live-boot that would do that only for fixed (internal) disks.
Once that is done, an option must be added to get write access back. Either in Tails Greeter or on the command-line.