projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: fb78d1c) | patch
tracefs: Restrict tracefs when the kernel is locked down
authorMatthew Garrett <matthewgarrett@google.com>
Wed, 31 Jul 2019 22:16:15 +0000 (15:16 -0700)
committerSalvatore Bonaccorso <carnil@debian.org>
Sat, 7 Dec 2019 12:24:06 +0000 (12:24 +0000)
commite11b7c29df7604ef7e8a942d63c65447865e7081
treefe227a2b566f8454ced00ba5876e036b60a7809ctree | snapshot
parentfb78d1c1afe62baabcdd05023170a9de47bcb660commit | diff
tracefs: Restrict tracefs when the kernel is locked down

Tracefs may release more information about the kernel than desirable, so
restrict it when the kernel is locked down in confidentiality mode by
preventing open().

Signed-off-by: Matthew Garrett <mjg59@google.com>
Reviewed-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
[bwh: Convert back to the non-LSM lockdown API]

Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0031-tracefs-Restrict-tracefs-when-the-kernel-is-locked-d.patch
fs/tracefs/inode.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.