On Wed, Mar 27, 2019 at 10:42:18AM -0700, Matthew Garrett wrote: > On Wed, Mar 27, 2019 at 10:40 AM Andy Lutomirski <luto@xxxxxxxxxx> wrote: > > As far as I'm concerned, preventing root from crashing the system > > should not be a design goal of lockdown at all. And I think that the > > "integrity" mode should be as non-annoying as possible, so I think we > > should allow reading from debugfs. > > I have no horse in this game - I'm happy to bring back the previous > approach for integrity mode and block reads entirely in > confidentiality mode, but I'd rather not spend another release cycle > arguing about it. I really do not care either way about any of this :) greg k-h
