[PATCH 24/24] debugfs: Restrict debugfs when the kernel is locked down
David Howells
dhowells at redhat.com
Wed Apr 11 20:09:16 UTC 2018
Greg KH <greg at kroah.com> wrote:
> Why not just disable debugfs entirely? This half-hearted way to sorta
> lock it down is odd, it is meant to not be there at all, nothing in your
> normal system should ever depend on it.
>
> So again just don't allow it to be mounted at all, much simpler and more
> obvious as to what is going on.
Yeah, I agree - and then I got complaints because it seems that it's been
abused to allow drivers and userspace components to communicate.
David
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list