Lennart Poettering
Lennart Poettering
how would we notice though given that we use mmap writes? and how does one trigger this condition anyway? "mount -o remount,ro …" doesn't work...
hmm, why does this need pbkdf? wouldn't a simple hmac suffice?
(the question i am asking is that for hmac we have a non-openssl implementation around)
by "discard" you mean zero out? You are running systemd-veritysetup format client-side on a partition block device, after systemd-import pulled some file into it? And because veritysetup will include the...
Hmm, so this is about giving unpriv users access to CLOCK_REALTIME_ALARM, which currently needs CAP_WAKE_ALARM, as enforced by the kernel. I am not entirely sure how this could look best....
Quite frankly, I am coming back to this in my head over and over again, and I always end up thinking we should just give CAP_WAKE_ALARM to all human users...
(btw, because the implications of just giving all human users that cap aren't entirely clearly to me, i asked twitter about it: https://twitter.com/pid_eins/status/1334253187176468483
Not a fan of fscaps... i.e. caps should be passed down the tree, and not something we can acquire through suid/fscaps. if you ask me it's a hacky misdesign of...
I posted this now: https://github.com/linux-pam/linux-pam/issues/317 maybe the PAM devs want to make us a belated christmas present, so I figured it might be worth to just ask for the feature...
humm, what's the usecase here? The assumption was that the "kernel-install" with its plugins is responsible for this. Why replicate that in bootctl?