[Fedora 09/19] binfmt_elf: Elf executable signature verification
Matthew Garrett
matthew.garrett at nebula.com
Thu Sep 5 15:53:45 UTC 2013
On Thu, 2013-09-05 at 11:50 -0400, Vivek Goyal wrote:
> On Thu, Sep 05, 2013 at 11:06:10AM -0400, Eric Paris wrote:
> > And it's just plain wrong. CONFIG_IMA requires CONFIG_TCG_TPM. But
> > select is not recursive. So can end up with a config where IMA is on,
> > but TPM is off...
>
> I fail to understand that why it is wrong.
>
> - If select is not recursive, then it is limitation of select. Either
> it needs to be fixed or as a workaround one can put explicit select
> for nested dependencies here.
It is a limitation of select. It's not changing. You can put explicit
selects for dependencies of dependencies, but then when someone adds an
additional dependency to one of your dependencies your code suddenly
breaks. It's a bad idea. Don't do it.
--
Matthew Garrett <matthew.garrett at nebula.com>
More information about the kernel
mailing list