於 四,2013-08-08 於 21:48 -0700,Greg KH 提到:
On Fri, Aug 09, 2013 at 12:37:45PM +0800, Lee, Chun-Yi wrote:
From: Matthew Garrett
Secure boot adds certain policy requirements, including that root must not be able to do anything that could cause the kernel to execute arbitrary code. The simplest way to handle this would seem to be to add a new capability and gate various functionality on that. We'll then strip it from the initial capability set if required.
Signed-off-by: Matthew Garrett
Acked-by: Lee, Chun-Yi --- include/uapi/linux/capability.h | 6 +++++- I know this has been submitted upstream, do you know what the status of it being accepted it?
As I know this patch and derivative patches are still pending on upstream.
Oh, and nice job on this whole patchset. I might not agree that it's something we should care about, but some people might, so the option to have it is nice.
thanks,
greg k-h
I understood! Thanks for your quick response! Joey Lee -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org