Lennart Poettering
Lennart Poettering
> Awesome. Do we expect this to be limited at any point to restrict entries or not? i don't see why we would. UKIs are signed, measured hyper-privileged constructs, no...
> As far as I understood the measurements include the full uki file. With different profiles possible, the measurements will be different for each profile. How would that fit into...
> Just an idea, but if we practically just want to have profiles for `.cmdline` sections, then why not having multiple addons for each profile? Ie having either 1 big...
I have now prepped an extension for the UKI spec formalizing the multi-profile UKI concept a bit: https://github.com/uapi-group/specifications/pull/108
This is ready for review now, btw. PTAL!
Closing, since all commits of this PR have now been merged separately.
> Hmm, this means various places where inode_hash_ops is used need such treatment too? some of them, probably yes. So inodes are still unique on specific file systems, hence if...
> Checking that is a bit tricky, since argument validation currently happens before we take any action. I see 3 ways: > > 1. During validation (in `int run(int argc,...
i am fine with checking an env var for this btw, that overrides the check.
/cc @keszybz