On Wed, 2013-03-20 at 12:41 -0400, Mimi Zohar wrote: > Matthrew, perhaps you could clarify whether this will be tied to MAC > security. Based on the kexec thread, I'm under the impression that is > not the intention, or at least not for kexec. As root isn't trusted, > neither is the boot command line, nor any policy that is loaded by root, > including those for MAC.
The work done on signed initramfs fragments would seem to be the best option here so far? -- Matthew Garrett | [email protected] _______________________________________________ kexec mailing list [email protected] http://lists.infradead.org/mailman/listinfo/kexec
