[PATCH V31 25/25] debugfs: Disable open() when kernel is locked down

Matthew Garrett mjg59 at google.com
Wed Mar 27 17:42:18 UTC 2019

On Wed, Mar 27, 2019 at 10:40 AM Andy Lutomirski <luto at kernel.org> wrote:
> As far as I'm concerned, preventing root from crashing the system
> should not be a design goal of lockdown at all.  And I think that the
> "integrity" mode should be as non-annoying as possible, so I think we
> should allow reading from debugfs.

I have no horse in this game - I'm happy to bring back the previous
approach for integrity mode and block reads entirely in
confidentiality mode, but I'd rather not spend another release cycle
arguing about it.

More information about the Linux-security-module-archive mailing list