removing debugfs
Stefan Bader
stefan.bader at ubuntu.com
Thu Jan 27 09:52:27 UTC 2011
On 01/27/2011 06:38 AM, Ben Hutchings wrote:
> On Tue, 2011-01-25 at 12:03 +0100, Stefan Bader wrote:
> [...]
>> Just to add my 1cent: I also would rather prefer to only disable the acpi part
>> and not the whole of debugfs. Not to mount it by default ok, but there is just
>> too much useful things in there to track gpu hangs or trace usb traffic that
>> helps a lot to debug issues and to have to provide a debug enabled kernel just
>> for that seems more waste than the security risk I see from having it there.
>> (the paranoid can delete or blacklist the module).
>
> That won't work, as any driver that uses debugfs would not be loadable.
> The paranoid will need some way to prevent mounting debugfs even when
> the module is loaded. Could be done with a module parameter.
>
> Ben.
>
You are right. I did not think of all the stubs that get added when debugfs
support is on. I guess the problem with a module parameter is that this again
could be modified in the running system via sysfs. Of course this can/would be
limited to root. But on the other hand, if debugfs is not in fstab and mountable
by the user, one needs to be root to mount it anyway.
-Stefan
More information about the kernel-team
mailing list