Re: [PATCH 15/24] asus-wmi: Restrict debugfs interface when the kernel is locked down

From: David Howells
Date: Tue Apr 18 2017 - 11:30:56 EST

Next message: Masahiro Yamada: "Re: [PATCH] kbuild: avoid conflict between -ffunction-sections and -pg on gcc-4.7"
Previous message: Gilad Ben-Yossef: "Re: [PATCH 0/4] staging: add ccree crypto driver"
In reply to: David Howells: "Re: [PATCH 15/24] asus-wmi: Restrict debugfs interface when the kernel is locked down"
Next in thread: Ben Hutchings: "Re: [PATCH 15/24] asus-wmi: Restrict debugfs interface when the kernel is locked down"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ben Hutchings <ben@xxxxxxxxxxxxxxx> wrote:

> So it's generally not going to be OK to turn off debugfs. There will
> probably need to be a distinction between believed-safe and unsafe
> directories/files.

Any suggestion on how to mark this distinction? I'd prefer not to modify
every read/write op associated with a debugfs file. Modify
DEFINE_DEBUGFS_ATTRIBUTE() maybe? And provide lockable variants of
debugfs_create_u8() and co.?

David

Next message: Masahiro Yamada: "Re: [PATCH] kbuild: avoid conflict between -ffunction-sections and -pg on gcc-4.7"
Previous message: Gilad Ben-Yossef: "Re: [PATCH 0/4] staging: add ccree crypto driver"
In reply to: David Howells: "Re: [PATCH 15/24] asus-wmi: Restrict debugfs interface when the kernel is locked down"
Next in thread: Ben Hutchings: "Re: [PATCH 15/24] asus-wmi: Restrict debugfs interface when the kernel is locked down"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]