Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp3756099img; Mon, 25 Mar 2019 17:39:55 -0700 (PDT) X-Google-Smtp-Source: APXvYqxIr7znT2g8JEvpPmYzMdD9khcA7p6ixJFcNs2UjIjdAZ+VuIPf071TMErT4jDImf/ihL5+ X-Received: by 2002:a65:5a81:: with SMTP id c1mr24651297pgt.391.1553560795704; Mon, 25 Mar 2019 17:39:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553560795; cv=none; d=google.com; s=arc-20160816; b=y1bQRXMcMjR73w+0QWV3OEsoGKY5fm+viQwFQtWeaMe8ixbZfes3Ink3ODxlZ8VgcS GcyEv7FVyI+D01kK2Vaykaen1XJqxJ5sz32Qf4LBooDcd7+4RartJrlhFtjboVkRd/GQ GTEr6ZvVi0d87C+QElerdzD1TpZUanQyJ/FdJdh2RDU8yDX2sKd5tGxzxdBT2pCFcNDT VDzNZREAZzKY1Yx9r/bmJlUbXfAxEHv1dCx+aYlxIvt3ockcLVK6aq+PSu4hv0m1Uphw bRw/oPzmyX3Vv18MzxaS9JJJpBeMQrkULTOIMtb5F6vyuYZckae9EP79Yt/29Rug27Nz lKxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=BPFcO/E0+04cgg8r2G+LaaIoJHN1RftgmR0rilCvvGI=; b=j4f17qYLNI3/4ZjLLmYOj6Z6PHleZB8Aj1H0p5K2/fq7954Jx/XDS2z1sekvoWtwrS owZ/gUElUPQ05k66dkwg7Zh1XTI4PpFPDnijV5iYbcMuoljmMM0NMg1xApnBzuOk7x+w tQc7Cy6IeMBOKE+5lt/mcibkFzXXq8yKm/2Diavp2LLb+e77YELI642FJSslCFOqOZcL iQbk70eTELjTXQ2OqVpg3UbDAJWLWiU0AFtHqoiDkWfgGdcQzOclJ9VchQn1dNVwJNXD lEn/GflmQraQaEcK3Kf3bSx4zXC6XXdQjretNjHmqVqu1phJRFCJuW6k7Rjg/JtobMLP J4QA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=ggKewme8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e25si4718531pgl.514.2019.03.25.17.39.38; Mon, 25 Mar 2019 17:39:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=ggKewme8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730273AbfCZAiX (ORCPT + 99 others); Mon, 25 Mar 2019 20:38:23 -0400 Received: from mail-it1-f195.google.com ([209.85.166.195]:51884 "EHLO mail-it1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727092AbfCZAiX (ORCPT ); Mon, 25 Mar 2019 20:38:23 -0400 Received: by mail-it1-f195.google.com with SMTP id e24so16934460itl.1 for ; Mon, 25 Mar 2019 17:38:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=BPFcO/E0+04cgg8r2G+LaaIoJHN1RftgmR0rilCvvGI=; b=ggKewme8pwCcQlqbJgVAc1WM0ojxcdndr8sFQjWW2PFGLLP6eLq4Nd+rOmOKU/zDgp dHYfX6RWEsWqgYu8E1ZfRWybzTiEscgTZXDSXapFb6fLh5Nklc/NdVtf07wwdLT4HsdT Aenwq1arAG/ubWo4gOVfOk5lxiojZfdJ7VZXJJZmxX25AZd5lQLIVspVstDxMHpRExzz JBEaxYfApb4DydPsMnqQbmV/xdAsk/8V72CZh/kmiJz/0y6wJqghlQ70LEjeF1Aom/8e oR5YAMiD4rqf24DVCoMWTPnSH0sgtwRNHOS+Evn78GT5kqXyVHOUT58SRplygsgm75JW 0+NA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=BPFcO/E0+04cgg8r2G+LaaIoJHN1RftgmR0rilCvvGI=; b=YykVOiD/gbuolWkfPRe7vYSVvdZMpPfftGWeZbTl8Ty6TvUJWQCZAJqZQwIkTtXedD SiSdjfeuS/b+533V5phJYglZ41LZrcunM/WiylJ6oX1Ku38mceucIxTOKUx7Rq/FtihO h1OV88zMUN/GpHSEFc92+fzUb2q/Tscn7MZD55/ppw4DYlNjh//utj3PqUfCWYvuDR79 diFCsrPIJ2YKkDtzbJsxkknK4bD6thsywzYT717OjFcxBzEy8d7IFPdENrSssIJ6+M95 w5uJLoRaTk4iPgIH8hBAUUnqu0/T+vUQWUJiZU7OFVF9ilPZRf+ipG4+lNr0sv1KJ8bA ayTw== X-Gm-Message-State: APjAAAXX4dcgdCmSs5RLlVsCidMiTxqADObh/WbaimvObWewe7gSmPkm 8GGwRrhxdw8F/GW4c0KnzpX9K5HqVxBWWq4dM5jlNQ== X-Received: by 2002:a24:4e91:: with SMTP id r139mr6552606ita.118.1553560702121; Mon, 25 Mar 2019 17:38:22 -0700 (PDT) MIME-Version: 1.0 References: <20190325220954.29054-1-matthewgarrett@google.com> <20190325220954.29054-26-matthewgarrett@google.com> <20190326003137.GB5112@kroah.com> In-Reply-To: <20190326003137.GB5112@kroah.com> From: Matthew Garrett Date: Mon, 25 Mar 2019 17:38:09 -0700 Message-ID: Subject: Re: [PATCH 25/27] debugfs: Restrict debugfs when the kernel is locked down To: Greg Kroah-Hartman Cc: James Morris , LSM List , Linux Kernel Mailing List , David Howells , Andy Shevchenko , acpi4asus-user@lists.sourceforge.net, platform-driver-x86@vger.kernel.org, Matthew Garrett , Thomas Gleixner Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Mar 25, 2019 at 5:35 PM Greg Kroah-Hartman wrote: > On Mon, Mar 25, 2019 at 03:09:52PM -0700, Matthew Garrett wrote: > > Normal device interaction should be done through configfs, sysfs or a > > miscdev, not debugfs. > > Then why not just not allow debugfs at all if it is such a "big > problem"? Previous attempts to do so have resulted in strong pushback from various maintainers. If you're happy just having any complaints reassigned to you then I'm more than happy to turn it off entirely.