diff options
| author | Lennart Poettering <lennart@poettering.net> | 2024-02-28 13:17:03 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2024-02-28 16:17:40 +0100 |
| commit | f4a63ce25f1b672fa2e5b52462ac925bb0027291 (patch) | |
| tree | 54e4ca1a63ad547e098a06756faea8fa7f18b614 /src/sysusers | |
| parent | Merge pull request #31444 from bluca/semaphore (diff) | |
| download | systemd-f4a63ce25f1b672fa2e5b52462ac925bb0027291.tar.xz systemd-f4a63ce25f1b672fa2e5b52462ac925bb0027291.zip | |
dissect-image: add flag for explicitly enabling userspace verity signature checking
let's make userspace verity signature checking optional. This adds a
dissection flag to enable the logic and patches through all our users to
enable it by default, thus effectively not changing anything from the
status quo ante. However, know we have a knob to turn this off in
certain scenarios.
Diffstat (limited to 'src/sysusers')
| -rw-r--r-- | src/sysusers/sysusers.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/sysusers/sysusers.c b/src/sysusers/sysusers.c index 6e28b1cf8f..cc1c0a0205 100644 --- a/src/sysusers/sysusers.c +++ b/src/sysusers/sysusers.c @@ -2247,7 +2247,8 @@ static int run(int argc, char *argv[]) { DISSECT_IMAGE_VALIDATE_OS | DISSECT_IMAGE_RELAX_VAR_CHECK | DISSECT_IMAGE_FSCK | - DISSECT_IMAGE_GROWFS, + DISSECT_IMAGE_GROWFS | + DISSECT_IMAGE_ALLOW_USERSPACE_VERITY, &mounted_dir, /* ret_dir_fd= */ NULL, &loop_device); |