Re: [PATCH v8 0/2] debugfs: Add access restriction option

[Greg Kroah-Hartman]

On Thu, Jul 16, 2020 at 09:15:09AM +0200, Peter Enderborg wrote:
> Since debugfs include sensitive information it need to be treated
> carefully. But it also has many very useful debug functions for userspace.
> With this option we can have same configuration for system with
> need of debugfs and a way to turn it off. This gives a extra protection
> for exposure on systems where user-space services with system
> access are attacked.
> 
> v2. Removed MOUNT as part of restrictions. Added API's restrictions as
>     separate restriction.
> v3  Updated Documentation after Randy Dunlap reviews and suggestions.
> v4  Removed #ifdefs from inode.c and using internal.h for configuration
>     and now using BIT() for that. Function is now always on, and are
>     instead selected by a built in default or command line parameter.
>     Changed return value on debug_mount
>     Reported-by: kernel test robot <lkp@xxxxxxxxx>
>     Im not sure about that it is right
> v5  Added notes to config help suggested by GregKH.
>     Removed _BIT from names, white-space and tab.
>     (checkpatch did not complain).
> v6  Using ALLOW instead of ACCESS as name on BIT's. Change the fs to
>     mount to make it clear and easy to understand.
> v7  Updated Kconfig.debug with Randy Dunlap corrections.
> v8  Spell fixes from Randy and using else-if for command argument
>     parser.
>     
> 

Thanks for sticking with this, now queued up!

greg k-h