On Thu, Jul 16, 2020 at 09:15:09AM +0200, Peter Enderborg wrote: > Since debugfs include sensitive information it need to be treated > carefully. But it also has many very useful debug functions for userspace. > With this option we can have same configuration for system with > need of debugfs and a way to turn it off. This gives a extra protection > for exposure on systems where user-space services with system > access are attacked. > > v2. Removed MOUNT as part of restrictions. Added API's restrictions as > separate restriction. > v3 Updated Documentation after Randy Dunlap reviews and suggestions. > v4 Removed #ifdefs from inode.c and using internal.h for configuration > and now using BIT() for that. Function is now always on, and are > instead selected by a built in default or command line parameter. > Changed return value on debug_mount > Reported-by: kernel test robot <lkp@xxxxxxxxx> > Im not sure about that it is right > v5 Added notes to config help suggested by GregKH. > Removed _BIT from names, white-space and tab. > (checkpatch did not complain). > v6 Using ALLOW instead of ACCESS as name on BIT's. Change the fs to > mount to make it clear and easy to understand. > v7 Updated Kconfig.debug with Randy Dunlap corrections. > v8 Spell fixes from Randy and using else-if for command argument > parser. > > Thanks for sticking with this, now queued up! greg k-h
