On Mo, 25.06.18 11:23, Daniel P. Berrangé (berrange@xxxxxxxxxx) wrote: > That would break applications like libguestfs which run as non-root and > have valid need to access /boot/vmlinuz* Hmm, can you elaborate on that? What precisely do they need there? If it's just the kernel image itself then they shouldn't really use /boot anyway I figure, but instead the kernel in /usr/lib/modules/`uname -r`/vmlinux. It's the same thing really. Generally I think it'd be a good idea to ensure that only the boot loader and tools setting up the boot loader would access /boot. Lennart -- Lennart Poettering, Red Hat _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/3A4BQDWXSA2SQQSNIVEJR7EA5GG3YNGI/
