applications/calamares
2
0
Fork 0
mirror of https://github.com/parchlinux/calamares.git synced 2025-06-29 18:35:37 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

[initcpio] [initramfs] Allow turning off CVE mitigations

Browse source 
- The mitigations are slightly intrusive, and may clash
   with other, similar mitigations (especially for initramfs,
   the recommended solution is to configure the system with
   the snippet outside of Calamares).
This commit is contained in:
Adriaan de Groot 2019-07-06 00:04:16 +02:00
parent a761bf0280
commit 940c990268
6 changed files with 42 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

17
src/modules/initcpio/InitcpioJob.cpp
View file

@ -59,12 +59,19 @@ InitcpioJob::exec()
{
CalamaresUtils::UMask m( CalamaresUtils::UMask::Safe );
QDir d( CalamaresUtils::System::instance()->targetPath( "/boot" ) );
if ( d.exists() )
if ( m_unsafe )
{
fixPermissions( d );
cDebug() << "Skipping mitigations for unsafe initramfs permissions.";
}
else
{
QDir d( CalamaresUtils::System::instance()->targetPath( "/boot" ) );
if ( d.exists() )
{
fixPermissions( d );
}
}
cDebug() << "Updating initramfs with kernel" << m_kernel;
auto r = CalamaresUtils::System::instance()->targetEnvCommand(
{ "mkinitcpio", "-p", m_kernel }, QString(), QString(), 0 );
@ -94,6 +101,8 @@ InitcpioJob::setConfigurationMap( const QVariantMap& configurationMap )
<< r.getExitCode() << r.getOutput();
}
}
m_unsafe = CalamaresUtils::getBool( configurationMap, "be_unsafe", false );
}
CALAMARES_PLUGIN_FACTORY_DEFINITION( InitcpioJobFactory, registerPlugin< InitcpioJob >(); )