reading /etc/crypto-policies from host
smitna at gmail.com
smitna at gmail.com
Wed Nov 25 04:41:28 UTC 2020
Fedora 33 ships with tooling that enables central control of policy for
various crypto libs:
* https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2
* crypto-policies(7)
It writes configuration for supported crypto libs (openssl, gnutls,
etc.) in /etc, and I'd like my installed flatpaks to honor that
configuration but this seems impossible. For example, a filesystem
override is not effective; quoting flatpak-metadata(5):
host-etc
The host operating system's configuration from /etc.
To avoid conflicting with the Flatpak runtime, this is mounted
in the sandbox at /run/host/etc.
Is there a feature available in flatpak to address this? The option "-
-add-policy=SUBSYSTEM.KEY=VALUE" from flatpak-run(1) might be relevant
here but I'm not certain.
More information about the Flatpak
mailing list