On Mon, Oct 3, 2022, at 3:21 PM, Ali Raza wrote: > From: Eric B Munson <munsoner@xxxxxx> > > From: Eric B Munson <munsoner@xxxxxx> > > The UKL process might depend on setup that is to be done by user space > prior to its initialization. We need a way to let userspace signal that it > is ready for the UKL process to run. We will have setup a special name for > this process in the kernel config and if this name is passed to exec that > will start the UKL process. This way, if user space setup is required we > can be sure that the process doesn't run until explicitly started. This is just bizarre IMO. Why is there one single UKL process? How about having a way to start a UKL process and then, if desired, start *another* UKL process? (And obviously there would be a security mode in which only a UKL process that is actually part of the kernel image can run or that only a UKL process with a hash that's part of the kernel image can run.) --Andy
