projects / ostree.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8f98143) | patch
prepare-root: Disallow hotfixes if using signed composefs images
authorAlexander Larsson <alexl@redhat.com>
Thu, 22 Feb 2024 11:10:41 +0000 (12:10 +0100)
committerAlexander Larsson <alexl@redhat.com>
Thu, 22 Feb 2024 11:10:41 +0000 (12:10 +0100)
commit41fd55aa794809c759fdeb25052b5322ad87e524
treebc6953eef8aa18f91d6bec15fdbcfef1278e1bb4tree | snapshot
parent8f98143d64489f0f9c4fcfcaf5d179006c213d63commit | diff
prepare-root: Disallow hotfixes if using signed composefs images

As mentioned in https://github.com/ostreedev/ostree/issues/3187, we
can't allow a hotfix overlay of /usr when using signed composefs
images as that would allow an attacker to persist something used
across boots.
src/switchroot/ostree-prepare-root.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.