diff options
| author |   Matthew Garrett <matthewgarrett@google.com> | 2019-08-19 17:18:03 -0700 |
|---|---|---|
| committer |   James Morris <jmorris@namei.org> | 2019-08-19 21:54:17 -0700 |
| commit | ccbd54ff54e8b1880456b81c4aea352ebe208843 (patch) | |
| tree | 86b2e1acc2014eea41ceb006e17459b0878bd764 /include/linux | |
| parent | debugfs: Restrict debugfs when the kernel is locked down (diff) | |
| download | linux-dev-ccbd54ff54e8b1880456b81c4aea352ebe208843.tar.xz linux-dev-ccbd54ff54e8b1880456b81c4aea352ebe208843.zip | |
tracefs: Restrict tracefs when the kernel is locked down
Tracefs may release more information about the kernel than desirable, so
restrict it when the kernel is locked down in confidentiality mode by
preventing open().
(Fixed by Ben Hutchings to avoid a null dereference in
default_file_open())
Signed-off-by: Matthew Garrett <mjg59@google.com>
Reviewed-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Cc: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'include/linux')
| -rw-r--r-- | include/linux/security.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 152824b6f456..429f9f03372b 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -121,6 +121,7 @@ enum lockdown_reason { LOCKDOWN_KPROBES, LOCKDOWN_BPF_READ, LOCKDOWN_PERF, + LOCKDOWN_TRACEFS, LOCKDOWN_CONFIDENTIALITY_MAX, }; |