[systemd-devel] [PATCH 1/2] kernel-install: avoid using 'cp --preserve'
Kay Sievers
kay at vrfy.org
Wed Sep 25 16:45:21 PDT 2013
On Thu, Sep 26, 2013 at 1:13 AM, Sébastien Luttringer <seblu at seblu.net> wrote:
> On Thu, Sep 26, 2013 at 12:56 AM, Kay Sievers <kay at vrfy.org> wrote:
>> On Thu, Sep 26, 2013 at 12:38 AM, Tom Gundersen <teg at jklm.no> wrote:
>>> Force 0600 and root:root instead, to avoid problems with fat filesystems.
>>
>> Sounds fine to me, to enforce root permissions.
>
> Boot kernel was world readable, and it makes sense. Why making them
> root only readable is a good idea?
Sure, 0644 sounds fine too.
> If your /boot is a FAT filesystem, the world readable rights are
> handled by your mount options.
Right, systemd by default does don't allow to read anything in /boot.
/boot needs to be added to /etc/fstab if it should be readable by
ordinary users.
> On non UEFI systems, world readable rights set by kernel-install matter.
Why would that matter?
>> If people want special permissions, they can always drop-in their own
>> install.d/ callout to mangle them.
> This means maintain it's own generator,
It's not a generator, they are different things in systemd. It would
just be a /usr/lib/kernel/install.d/*.install snippet.
> it's a bit boring for just
> being able to check the size of your installed kernel.
Check the size and file permissions? You don't need access to check
its size, do you?
> The opposite logic seems more appropriate.
0644 sounds good to me too, sure, as long as we have a defined default.
Kay
More information about the systemd-devel
mailing list