Commit 0c1f3193 authored by John Keeping's avatar John Keeping Committed by Mike Snitzer

dm verity: fix require_signatures module_param permissions

The third parameter of module_param() is permissions for the sysfs node
but it looks like it is being used as the initial value of the parameter
here.  In fact, false here equates to omitting the file from sysfs and
does not affect the value of require_signatures.

Making the parameter writable is not simple because going from
false->true is fine but it should not be possible to remove the
requirement to verify a signature.  But it can be useful to inspect the
value of this parameter from userspace, so change the permissions to
make a read-only file in sysfs.
Signed-off-by: default avatarJohn Keeping <john@metanate.com>
Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
parent c4681547
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
#define DM_VERITY_VERIFY_ERR(s) DM_VERITY_ROOT_HASH_VERIFICATION " " s #define DM_VERITY_VERIFY_ERR(s) DM_VERITY_ROOT_HASH_VERIFICATION " " s
static bool require_signatures; static bool require_signatures;
module_param(require_signatures, bool, false); module_param(require_signatures, bool, 0444);
MODULE_PARM_DESC(require_signatures, MODULE_PARM_DESC(require_signatures,
"Verify the roothash of dm-verity hash tree"); "Verify the roothash of dm-verity hash tree");
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment