On 06/22/2018 05:15 PM, Chris Adams wrote:
Once upon a time, Matthew Miller <mattdm(a)fedoraproject.org>
said:
> On Fri, Jun 22, 2018 at 03:30:23PM -0400, Kyle Marek wrote:
>> Anaconda in F28 currently claims /boot cannot be vfat. However, this
>> appears to be an artificial limitation, because `grub2-install` works
>> and makes a bootable GRUB with a vfat-typed --boot-directory.
>> I'm not sure why there would be an issue with /boot being vfat. I guess
>> two good questions to ask that might offer some insight:
> Well, currently, we have things in there with different selinux
> labels....
And basic Unix permissions... because there can be privileged content in
GRUB config and even initramfs.
That's interesting. I generally don't see /boot as something that normal
users shouldn't be able to read. Or, in other words, I generally don't
see it as a place where secret data should be stored.
Any particular examples?