diff options
| author | Lennart Poettering <lennart@poettering.net> | 2024-02-28 13:17:03 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2024-02-28 16:17:40 +0100 |
| commit | f4a63ce25f1b672fa2e5b52462ac925bb0027291 (patch) | |
| tree | 54e4ca1a63ad547e098a06756faea8fa7f18b614 /src/sysext | |
| parent | Merge pull request #31444 from bluca/semaphore (diff) | |
| download | systemd-f4a63ce25f1b672fa2e5b52462ac925bb0027291.tar.xz systemd-f4a63ce25f1b672fa2e5b52462ac925bb0027291.zip | |
dissect-image: add flag for explicitly enabling userspace verity signature checking
let's make userspace verity signature checking optional. This adds a
dissection flag to enable the logic and patches through all our users to
enable it by default, thus effectively not changing anything from the
status quo ante. However, know we have a knob to turn this off in
certain scenarios.
Diffstat (limited to 'src/sysext')
| -rw-r--r-- | src/sysext/sysext.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/sysext/sysext.c b/src/sysext/sysext.c index 82255ebe99..2329081992 100644 --- a/src/sysext/sysext.c +++ b/src/sysext/sysext.c @@ -1382,7 +1382,8 @@ static int merge_subprocess( DISSECT_IMAGE_MOUNT_ROOT_ONLY | DISSECT_IMAGE_USR_NO_ROOT | DISSECT_IMAGE_ADD_PARTITION_DEVICES | - DISSECT_IMAGE_PIN_PARTITION_DEVICES; + DISSECT_IMAGE_PIN_PARTITION_DEVICES | + DISSECT_IMAGE_ALLOW_USERSPACE_VERITY; r = verity_settings_load(&verity_settings, img->path, NULL, NULL); if (r < 0) |