Skip to content
This repository has been archived by the owner. It is now read-only.

Support locking down grub with a password #1597

Closed
marineam opened this issue Oct 5, 2016 · 2 comments
Closed

Support locking down grub with a password #1597

marineam opened this issue Oct 5, 2016 · 2 comments

Comments

@marineam
Copy link

@marineam marineam commented Oct 5, 2016

From email:

I am using coreos on vSphere ESXi and I'm trying to prevent edits to grub menu entries.
One of the use cases is to prevent a user with access to console from setting coreos.autologin.

After securing grub (/usr/share/oem/grub.cfg) with a password, I'm noticing that even executing the menu entries requires authentication.
I'm looking to secure grub such that editing via grub menu is prevented but executing is not. In other words, I should be able to boot to coreos without having to authenticate.

After some further digging, perhaps the grub menu entries are missing a --unrestricted option?

Restricting access to editing the command line would also be applicable to systems locked down by secure boot.

@jhawkins1
Copy link

@jhawkins1 jhawkins1 commented Jan 23, 2017

Any timeline on when this issue may get resolved? If this just needs a Developer to do the fix, we can do this and request a pull.

@bgilbert
Copy link
Member

@bgilbert bgilbert commented May 23, 2018

This should be fixed in 1786.0.1, due shortly. Thanks for reporting.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants