Lennart Poettering on Nostr: Primarily this means: the DDI *must* come with valid dm-verity data and a signature ...
Primarily this means: the DDI *must* come with valid dm-verity data and a signature recognized by the system's keyring (well, if this is missing a polkit authorization is attempted – the user might possibly allow this anyway, if polkit is letting them). And the client must also pass in a user namespace fd (which cannot be the system's main one) to which the mount is restricted.
Published at
2024-05-01 06:04:54Event JSON
{
"id": "80fc74b883ac1d15773405146b8664426686b2f7547d3e163961ef566ca5e044",
"pubkey": "1d95c32d9a9d95a54f98eb2eaa156f3d3a71dc49eca2c960b2b89962758f1cc0",
"created_at": 1714543494,
"kind": 1,
"tags": [
[
"e",
"480e212a9020799f2ec56ac6ef1cb35be55d0dffc3c058c8ce44e6c93c895e8e",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://mastodon.social/users/pid_eins/statuses/112364322422776522",
"activitypub"
]
],
"content": "Primarily this means: the DDI *must* come with valid dm-verity data and a signature recognized by the system's keyring (well, if this is missing a polkit authorization is attempted – the user might possibly allow this anyway, if polkit is letting them). And the client must also pass in a user namespace fd (which cannot be the system's main one) to which the mount is restricted.",
"sig": "d295bc2e912af65025cdc4b6d7b5d01e94ee2643ca89e1da5f6aeb3e3d0c072fed9295f3db0cf4b3e78218dce219a0e820d071b7239a1eee8d373d6f8c294e89"
}
