lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1497388685-31207-6-git-send-email-longman@redhat.com>
Date:   Tue, 13 Jun 2017 17:18:05 -0400
From:   Waiman Long <longman@...hat.com>
To:     Tejun Heo <tj@...nel.org>, Li Zefan <lizefan@...wei.com>,
        Johannes Weiner <hannes@...xchg.org>,
        Peter Zijlstra <peterz@...radead.org>,
        Ingo Molnar <mingo@...hat.com>
Cc:     cgroups@...r.kernel.org, linux-kernel@...r.kernel.org,
        kernel-team@...com, pjt@...gle.com, luto@...capital.net,
        efault@....de, torvalds@...ux-foundation.org,
        Waiman Long <longman@...hat.com>
Subject: [PATCH-cgroup 5/5] cgroup: Enable debug controller only with cgroup_debug boot option

As suggested by Tejun, the debug controller will be activated only when
the "cgroup_debug" option is specified in the kernel boot command line.
Hopefully, that will discourage people from using the debug controller
for any purpose other than cgroup core debugging.

Signed-off-by: Waiman Long <longman@...hat.com>
---
 kernel/cgroup/debug.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/kernel/cgroup/debug.c b/kernel/cgroup/debug.c
index 82e5cbd..be901c0 100644
--- a/kernel/cgroup/debug.c
+++ b/kernel/cgroup/debug.c
@@ -320,3 +320,23 @@ struct cgroup_subsys debug_cgrp_subsys = {
 	.dfl_cftypes	= debug_files,
 	.threaded	= true,
 };
+
+/*
+ * Disable the debug controller by hiding the debug cgroup control files
+ * if the kernel boot parameter "cgroup_debug" isn't set.
+ */
+static bool cgroup_debug_enable __initdata;
+static int __init enable_cgroup_debug(char *str)
+{
+	cgroup_debug_enable = true;
+	return 1;
+}
+__setup("cgroup_debug", enable_cgroup_debug);
+
+static int __init debug_init(void)
+{
+	if (!cgroup_debug_enable)
+		debug_files[0].name[0] = '\0';
+	return 0;
+}
+core_initcall(debug_init);
-- 
1.8.3.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ