> for the virtual machines and continue the chain. Note that you're > already half-way there with KVM, since most of its code runs in the > kernel itself.
Not really. Chunks of kvm run in userspace so you'll now have to sign libc, qemu, every file qemu uses, ld.so , ... This is a general problem with signed systems, even ones when you own the key. The amount you need to sign explodes rapidly in the real world, and it keeps exploding further as people poke holes in your system in the real world. You get all sots of problems just trying to work out and decide if something is a config file or not and if it should be signed. Alan -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
