[PATCH v2 0/3] initramfs: add support for xattrs in the initial ram disk
Mimi Zohar
zohar at linux.ibm.com
Sun May 12 12:52:47 UTC 2019
On Sun, 2019-05-12 at 11:17 +0200, Dominik Brodowski wrote:
> On Thu, May 09, 2019 at 01:24:17PM +0200, Roberto Sassu wrote:
> > This proposal consists in marshaling pathnames and xattrs in a file called
> > .xattr-list. They are unmarshaled by the CPIO parser after all files have
> > been extracted.
>
> Couldn't this parsing of the .xattr-list file and the setting of the xattrs
> be done equivalently by the initramfs' /init? Why is kernel involvement
> actually required here?
It's too late. The /init itself should be signed and verified.
Mimi
More information about the Linux-security-module-archive
mailing list