Jonathan Carter wrote: > Ah great, having a "/etc/initramfs-tools/conf.d/initramfs-permissions" > that contains "UMASK=0077" and running "update-initramfs -u" does fix > that for me locally, I think it should be reasonable to add that to the > calamares-settings package for Debian. > > Does anyone know of a reason why this can't be universally a default in > Debian? Is there a use case where a regular user needs read access to > the initramfs?
Booting a virtual system, using the same kernel and initramfs as the host. It seems perfectly reasonable to make the initramfs use mode 0600 if and only if it contains keys/passphrases, though.
