Re: [PATCH v4 3/3] tracefs: make root directory world-traversable

Next message: David Howells: "Re: [PATCH] rxrpc: Fix read+write past skb_headlen in soft-ACK parser"
Previous message: Jarkko Sakkinen: "Re: [PATCH v16 03/38] tpm: Move TPM2 specific definitions to the command header"
In reply to: Anubhav Shelat: "[PATCH v4 3/3] tracefs: make root directory world-traversable"
Next in thread: Anubhav Shelat: "[PATCH v4 2/3] perf: enable unprivileged syscall tracing with perf trace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Steven Rostedt

Date: Fri May 15 2026 - 19:16:54 EST

On Fri, 15 May 2026 15:40:07 -0400
Anubhav Shelat <ashelat@xxxxxxxxxx> wrote:

> Change the default tracefs mount mode from 0700 to 0755. This allows
> unprivileged users to access the eventfs directories underneath which
> already use 0755.
>
> Tracing data files use mode 0440 and 0640 so they are not exposed by
> this change. Only the format and id files, which have been marked as
> work-readable, become accessible.
>
> Directory listings of kprobes and uprobes, which contain functions or
> binaries, become visible to unprivileged users but do not contain kernel
> addresses. Admins using probes can restore the previous behavior with
> chmod or mount -o mode=700.
>

I've been thinking about this and I believe a better approach is to
make a eventfs that is mounted at:

/sys/kernel/events

and be the same directory structure as /sys/kernel/tracing/events but
only contain read only files like "id" and "format". This directory
would be mounted as 555 and readable by all.

-- Steve