tracefs: Restrict tracefs when the kernel is locked down
Tracefs may release more information about the kernel than desirable, so restrict it when the kernel is locked down in confidentiality mode by preventing open(). (Fixed by Ben Hutchings to avoid a null dereference in default_file_open()) Signed-off-by: Matthew Garrett <mjg59@google.com> Reviewed-by: Steven Rostedt (VMware) <rostedt@goodmis.org> Cc: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
Matthew Garrett
committed by
James Morris
James Morris
parent
5496197f9b
commit
ccbd54ff54
@@ -121,6 +121,7 @@ enum lockdown_reason {
|
||||
LOCKDOWN_KPROBES,
|
||||
LOCKDOWN_BPF_READ,
|
||||
LOCKDOWN_PERF,
|
||||
LOCKDOWN_TRACEFS,
|
||||
LOCKDOWN_CONFIDENTIALITY_MAX,
|
||||
};
|
||||
|
||||
|
||||
Reference in New Issue
Block a user