[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200622083019.15479-1-peter.enderborg@sony.com>
Date: Mon, 22 Jun 2020 10:30:17 +0200
From: Peter Enderborg <peter.enderborg@...y.com>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
<linux-kernel@...r.kernel.org>,
"Rafael J . Wysocki" <rafael@...nel.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Jonathan Corbet <corbet@....net>, <linux-doc@...r.kernel.org>,
Randy Dunlap <rdunlap@...radead.org>,
Steven Rostedt <rostedt@...dmis.org>,
Ingo Molnar <mingo@...hat.com>
Subject: [PATCH v4 0/2] debugfs: Add access restriction option
Since debugfs include sensitive information it need to be treated
carefully. But it also has many very useful debug functions for userspace.
With this option we can have same configuration for system with
need of debugfs and a way to turn it off. This gives a extra protection
for exposure on systems where user-space services with system
access are attacked.
v2. Removed MOUNT as part of restrictions. Added API's restrictions as
separate restriction.
v3 Updated Documentation after Randy Dunlap reviews and suggestions.
v4 Removed #ifdefs from inode.c and using internal.h for configuration
and now using BIT() for that. Function is now always on, and are
instead selected by a built in default or command line parameter.
Added preparation patch that removes check debugfs is initialised.
Reported-by: kernel test robot <lkp@...el.com>
Powered by blists - more mailing lists