[PATCH 25/27] debugfs: Restrict debugfs when the kernel is locked down

Matthew Garrett mjg59 at google.com
Tue Mar 26 00:38:09 UTC 2019

On Mon, Mar 25, 2019 at 5:35 PM Greg Kroah-Hartman
<gregkh at linuxfoundation.org> wrote:
> On Mon, Mar 25, 2019 at 03:09:52PM -0700, Matthew Garrett wrote:
> > Normal device interaction should be done through configfs, sysfs or a
> > miscdev, not debugfs.
> Then why not just not allow debugfs at all if it is such a "big
> problem"?

Previous attempts to do so have resulted in strong pushback from
various maintainers. If you're happy just having any complaints
reassigned to you then I'm more than happy to turn it off entirely.

More information about the Linux-security-module-archive mailing list