Re: [PATCH] block: Add config option to not allow writing to mounted devices

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jun 14, 2023 at 12:17:26AM -0700, Christoph Hellwig wrote:
> On Tue, Jun 13, 2023 at 08:09:14AM +0200, Dmitry Vyukov wrote:
> > I don't question there are use cases for the flag, but there are use
> > cases for the config as well.
> > 
> > Some distros may want a guarantee that this does not happen as it
> > compromises lockdown and kernel integrity (on par with unsigned module
> > loading).
> > For fuzzing systems it also may be hard to ensure fine-grained
> > argument constraints, it's much easier and more reliable to prohibit
> > it on config level.
> 
> I'm fine with a config option enforcing write blocking for any
> BLK_OPEN_EXCL open.  Maybe the way to it is to:
> 
>  a) have an option to prevent any writes to exclusive openers, including
>     a run-time version to enable it

I really would wish we don't make this runtime configurable. Build time
and boot time yes but toggling it at runtime makes this already a lot
less interesting.



[Index of Archives]     [Linux RAID]     [Linux SCSI]     [Linux ATA RAID]     [IDE]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Device Mapper]

  Powered by Linux