Re: [PATCH-RFC] code for raceless /sys/fs/foofs/*

From: Valdis . Kletnieks
Date: Thu May 06 2004 - 12:17:43 EST


On Thu, 06 May 2004 20:35:37 +0400, Nikita Danilov said:

> But isn't this a problem with sysfs in general? Restricted process still
> observes all devices, busses, etc. through /sys. If such information is
> sensitive, shouldn't there be some way to selectively mount only
> portions of kobject trees?

Alternatively, there's a nice security module infrastructure - use that to
restrict who can view given subtrees of /sys. Currently, SELinux is able
to slice-n-dice the /proc filesystem for different accesses, but code
would need to be written to do it for /sys.

Attachment: pgp00000.pgp
Description: PGP signature