On Tue, Oct 20, 2020 at 05:00:02PM -0400, Konrad Rzeszutek Wilk wrote: > Disallow opening of debugfs files that might be used to muck around when ..snip.. > [Backport: > Since UEK5 by default is confidentiality we have to outright > disallow debugfs if the default mode is selected. Hence the > call to __kernel_is_confidentiality_mode to help us. > > If we are in integrity lockdown mode, we can enable debugfs > IF they match with the above 1-3 criteria] <sigh> And that is what I get for _not_ doing --suppress-cc=all My apologies for spamming you all! <goes to hide in the corner of shame>
