-
Demi Marie Obenour authored
All files in the dom0-provided kernel images should be owned by root:root, not user:mock! They also need to have proper SELinux contexts to be bootable with SELinux enforcing. Furthermore, an SELinux relabel can still damage the filesystem if the policy changes in the future; prevent that by marking the files immutable. Fixes QubesOS/qubes-issues#4278 Fixes QubesOS/qubes-issues#5765
Demi Marie Obenour authoredAll files in the dom0-provided kernel images should be owned by root:root, not user:mock! They also need to have proper SELinux contexts to be bootable with SELinux enforcing. Furthermore, an SELinux relabel can still damage the filesystem if the policy changes in the future; prevent that by marking the files immutable. Fixes QubesOS/qubes-issues#4278 Fixes QubesOS/qubes-issues#5765
Loading