Re: [PATCH v2] lockdown: Only log restrictions once

From: Nicolas Bouchinet
Date: Tue Nov 25 2025 - 05:25:22 EST

Next message: Jon Hunter: "Re: [PATCH V2 3/3] arm64: dts: nvidia: Add nodes for CMDQV"
Previous message: David Hildenbrand (Red Hat): "Re: [PATCH v2] mm, hugetlb: implement movable_gigantic_pages sysctl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

> Currently lockdown does not support the audit function, so I believe the
> logs here serve a purpose similar to auditing. Based on this, I think
> this change will meaningfully degrade the quality of the logs, making it
> hard for users to find out what happens when lockdown is active，
> especially after a long time running.
I agree with Xiu.
I'm not sure to understand how this is a kernel issue. I mean beside
that we do not support hibernation in Lockdown for now.
Can't you just disable hibernation with systemd-logind using someting like
'AllowHibernation=no' ?

Best regards,

Nicolas

Next message: Jon Hunter: "Re: [PATCH V2 3/3] arm64: dts: nvidia: Add nodes for CMDQV"
Previous message: David Hildenbrand (Red Hat): "Re: [PATCH v2] mm, hugetlb: implement movable_gigantic_pages sysctl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]