On Wed, Mar 27, 2019 at 10:40 AM Andy Lutomirski <luto@xxxxxxxxxx> wrote: > As far as I'm concerned, preventing root from crashing the system > should not be a design goal of lockdown at all. And I think that the > "integrity" mode should be as non-annoying as possible, so I think we > should allow reading from debugfs. I have no horse in this game - I'm happy to bring back the previous approach for integrity mode and block reads entirely in confidentiality mode, but I'd rather not spend another release cycle arguing about it.
