Re: [PATCH 24/24] debugfs: Restrict debugfs when the kernel is locked down

From: David Howells
Date: Wed Apr 11 2018 - 16:09:25 EST

Next message: Mimi Zohar: "Re: [PATCH 06/24] kexec_load: Disable at runtime if the kernel is locked down"
Previous message: Greg Kroah-Hartman: "[PATCH 4.9 051/310] arm64: perf: Ignore exclude_hv when kernel is running in HYP"
In reply to: David Howells: "Re: [PATCH 24/24] debugfs: Restrict debugfs when the kernel is locked down"
Next in thread: Greg KH: "Re: [PATCH 24/24] debugfs: Restrict debugfs when the kernel is locked down"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Greg KH <greg@xxxxxxxxx> wrote:

> Why not just disable debugfs entirely? This half-hearted way to sorta
> lock it down is odd, it is meant to not be there at all, nothing in your
> normal system should ever depend on it.
>
> So again just don't allow it to be mounted at all, much simpler and more
> obvious as to what is going on.

Yeah, I agree - and then I got complaints because it seems that it's been
abused to allow drivers and userspace components to communicate.

David

Next message: Mimi Zohar: "Re: [PATCH 06/24] kexec_load: Disable at runtime if the kernel is locked down"
Previous message: Greg Kroah-Hartman: "[PATCH 4.9 051/310] arm64: perf: Ignore exclude_hv when kernel is running in HYP"
In reply to: David Howells: "Re: [PATCH 24/24] debugfs: Restrict debugfs when the kernel is locked down"
Next in thread: Greg KH: "Re: [PATCH 24/24] debugfs: Restrict debugfs when the kernel is locked down"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]