diff options
| author | Lennart Poettering <lennart@poettering.net> | 2024-02-28 13:17:03 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2024-02-28 16:17:40 +0100 |
| commit | f4a63ce25f1b672fa2e5b52462ac925bb0027291 (patch) | |
| tree | 54e4ca1a63ad547e098a06756faea8fa7f18b614 /src/kernel-install | |
| parent | Merge pull request #31444 from bluca/semaphore (diff) | |
| download | systemd-f4a63ce25f1b672fa2e5b52462ac925bb0027291.tar.xz systemd-f4a63ce25f1b672fa2e5b52462ac925bb0027291.zip | |
dissect-image: add flag for explicitly enabling userspace verity signature checking
let's make userspace verity signature checking optional. This adds a
dissection flag to enable the logic and patches through all our users to
enable it by default, thus effectively not changing anything from the
status quo ante. However, know we have a knob to turn this off in
certain scenarios.
Diffstat (limited to 'src/kernel-install')
| -rw-r--r-- | src/kernel-install/kernel-install.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/kernel-install/kernel-install.c b/src/kernel-install/kernel-install.c index 2523d43944..273c1d9c47 100644 --- a/src/kernel-install/kernel-install.c +++ b/src/kernel-install/kernel-install.c @@ -1699,7 +1699,8 @@ static int run(int argc, char* argv[]) { DISSECT_IMAGE_GENERIC_ROOT | DISSECT_IMAGE_REQUIRE_ROOT | DISSECT_IMAGE_RELAX_VAR_CHECK | - DISSECT_IMAGE_VALIDATE_OS, + DISSECT_IMAGE_VALIDATE_OS | + DISSECT_IMAGE_ALLOW_USERSPACE_VERITY, &mounted_dir, /* ret_dir_fd= */ NULL, &loop_device); |