[PATCH V32 01/27] Add the ability to lock down access to the running kernel image

Matthew Garrett mjg59 at google.com
Thu Apr 18 19:35:36 UTC 2019


On Tue, Apr 16, 2019 at 1:40 AM Andrew Donnellan
<andrew.donnellan at au1.ibm.com> wrote:
> I'm thinking about whether we should lock down the powerpc xmon debug
> monitor - intuitively, I think the answer is yes if for no other reason
> than Least Astonishment, when lockdown is enabled you probably don't
> expect xmon to keep letting you access kernel memory.

The original patchset contained a sysrq hotkey to allow physically
present users to disable lockdown, so I'm not super concerned about
this case - I could definitely be convinced otherwise, though.



More information about the Linux-security-module-archive mailing list