• Peter Enderborg's avatar
    debugfs: Add access restriction option · a24c6f7b
    Peter Enderborg authored
    Since debugfs include sensitive information it need to be treated
    carefully. But it also has many very useful debug functions for userspace.
    With this option we can have same configuration for system with
    need of debugfs and a way to turn it off. This gives a extra protection
    for exposure on systems where user-space services with system
    access are attacked.
    
    It is controlled by a configurable default value that can be override
    with a kernel command line parameter. (debugfs=)
    
    It can be on or off, but also internally on but not seen from user-space.
    This no-mount mode do not register a debugfs as filesystem, but client can
    register their parts in the internal structures. This data can be readed
    with a debugger or saved with a crashkernel. When it is off clients
    get EPERM error when accessing the functions for registering their
    components.
    Signed-off-by: default avatarPeter Enderborg <peter.enderborg@sony.com>
    Link: https://lore.kernel.org/r/20200716071511.26864-3-peter.enderborg@sony.comSigned-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    a24c6f7b
kernel-parameters.txt 204 KB