On Tue, Sep 10, 2013 at 11:02 PM, Dave Young <dyoung@xxxxxxxxxx> wrote: > On 09/04/13 at 09:56pm, Vivek Goyal wrote: >> With secureboot enabled, we don't even trust root. And when kexec is launched >> it might happen that root has already rigged /proc and /sys which kexec >> reads to get important data. >> >> So create a private mount namespace which is not visible to root, unmount >> old /proc and /sys and remount these to get to actual data kernel exported. > > Hello Vivek > > kexec will also use /sys/kernel/debug/boot_params, I want to copy efi_info from > there for efi runtime support. So could you remount debugfs as well? Hm. That might actually be a bad thing. The debugfs filesystem is intentionally not something userspace is supposed to rely on. The files provided and the content within the files can and will change significantly from kernel to kernel. it might be better to export boot_params in something that is considered more stable than debugfs. josh _______________________________________________ kernel mailing list kernel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kernel
