Hi, On 10/20/20 11:08 PM, Konrad Rzeszutek Wilk wrote: > On Tue, Oct 20, 2020 at 05:00:02PM -0400, Konrad Rzeszutek Wilk wrote: >> Disallow opening of debugfs files that might be used to muck around when > > ..snip.. > >> [Backport: >> Since UEK5 by default is confidentiality we have to outright >> disallow debugfs if the default mode is selected. Hence the >> call to __kernel_is_confidentiality_mode to help us. >> >> If we are in integrity lockdown mode, we can enable debugfs >> IF they match with the above 1-3 criteria] > > <sigh> > > And that is what I get for _not_ doing --suppress-cc=all > > My apologies for spamming you all! Actually I find this a quite interesting patch, I think it would be good to get something like this done upstream, rather then relying on a downstream distro specific patch. Are there any plans to submit this upstream ? Regards, Hans
