mirror of
https://github.com/flatcar/scripts.git
synced 2025-08-08 05:26:58 +02:00
build_image: disable module restrictions in factory image
The factory test image uses third party kernel modules from /usr/local. Since it builds with verity enabled, the module restrictions must be disabled in the command line instead of via run-time sysctl values (which are not available if verity is enabled). BUG=chromium-os:34134 TEST=parrot build, manual testing Change-Id: Ibfc3332eac88e3748f2c81d6dce1a595dd16c055 Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-on: https://gerrit.chromium.org/gerrit/34321 Reviewed-by: Hung-Te Lin <hungte@chromium.org> Reviewed-by: Liam McLoughlin <lmcloughlin@chromium.org> Reviewed-by: Joseph Shyh-In Hwang <josephsih@chromium.org>
This commit is contained in:
Kees Cook
Gerrit
parent
8b82f358ed
commit
8df86b24fa
@ -122,6 +122,12 @@ if should_build_image ${CHROMEOS_FACTORY_INSTALL_SHIM_NAME}; then
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if should_build_image ${CHROMEOS_FACTORY_TEST_IMAGE_NAME}; then
|
||||||
|
# Disable module restrictions on factory test image to allow for
|
||||||
|
# external third party drivers in /usr/local.
|
||||||
|
FLAGS_boot_args="${FLAGS_boot_args} lsm.module_locking=0"
|
||||||
|
fi
|
||||||
|
|
||||||
# TODO: </prebuild hook>
|
# TODO: </prebuild hook>
|
||||||
|
|
||||||
# If we are creating a developer image, also create a pristine image with a
|
# If we are creating a developer image, also create a pristine image with a
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user