Actions
action #81721
closed[sle][security][sle15sp3][Feature][Automation]QA: /etc/grub.d/10_linux grub should support authorization
Start date:
2021-01-22
Due date:
% Done:
100%
Estimated time:
60.00 h (Total: 120.00 h)
Difficulty:
hard
Description
Jira ticket:
https://jira.suse.com/browse/SLE-14812
As documented in Authentication and authorisation in GRUB
grub2 supports restricting access to boot menu entries with the --unrestricted and --users options.
When building their images/appliances, our customer is configuring restrictions in the boot menu entries, so that only specified users can boot selected menu entries.
To implement this, they have been utilizing the editbootconfig feature of kiwi (see https://jira.suse.com/browse/PM-1969), which has recently been deprecated (around kiwi-9.20.4) .
The current solution to configure custom boot menu entries is to use grub capabilities, but this fails as the /etc/grub.d/10_linux script used for generating the bootloader configuration (especially in kiwi images) does not support the --unrestricted and --users options (that implement the authorization).¶
Manual test steps:
https://bugzilla.suse.com/tr_show_case.cgi?case_id=1768659
Actions