On Mon, Jun 25, 2018 at 06:04:54AM -0400, Simo Sorce wrote: > On Fri, 2018-06-22 at 16:30 -0500, Chris Adams wrote: > > Once upon a time, Kyle Marek <pspps...@gmail.com> said: > > > On 06/22/2018 05:15 PM, Chris Adams wrote: > > > > And basic Unix permissions... because there can be privileged > > > > content in > > > > GRUB config and even initramfs. > > > > > > That's interesting. I generally don't see /boot as something that > > > normal > > > users shouldn't be able to read. Or, in other words, I generally > > > don't > > > see it as a place where secret data should be stored. > > > > > > Any particular examples? > > > > GRUB can have passwords to protect booting, menu options, and > > changing > > config. The initramfs can have network and iSCSI config for mounting > > the root filesystem. > > And /boot can be mounted (and probably should be) only readable to root
That would break applications like libguestfs which run as non-root and have valid need to access /boot/vmlinuz* Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/2QOZP2KD6KUOT7U6ZCJFC3ZVMYLWK2DH/
