On Tue, 2015-12-29 at 07:06 -0500, Mimi Zohar wrote: > On Tue, 2015-12-29 at 16:21 +0800, Dave Young wrote:
> This policy flexibility is needed at least until all files come from > software providers with file signatures. (RPM has been modified to > include file signatures.) Even then, in terms of kexec, some distros > generate the initramfs on the target host and, therefore, can not sign > the initramfs. The local user could, however, sign the initramfs on > their own system. Sorry, instead of "local user" the "local system/host owner" would be more appropriate. Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
