summaryrefslogtreecommitdiff
path: root/include/linux/security.h
diff options
context:
space:
mode:
authorMatthew Garrett <matthewgarrett@google.com>2019-08-20 03:18:03 +0300
committerJames Morris <jmorris@namei.org>2019-08-20 07:54:17 +0300
commitccbd54ff54e8b1880456b81c4aea352ebe208843 (patch)
tree86b2e1acc2014eea41ceb006e17459b0878bd764 /include/linux/security.h
parent5496197f9b084f086cb410dd566648b0896fcc74 (diff)
downloadlinux-ccbd54ff54e8b1880456b81c4aea352ebe208843.tar.xz
tracefs: Restrict tracefs when the kernel is locked down
Tracefs may release more information about the kernel than desirable, so restrict it when the kernel is locked down in confidentiality mode by preventing open(). (Fixed by Ben Hutchings to avoid a null dereference in default_file_open()) Signed-off-by: Matthew Garrett <mjg59@google.com> Reviewed-by: Steven Rostedt (VMware) <rostedt@goodmis.org> Cc: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'include/linux/security.h')
-rw-r--r--include/linux/security.h1
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 152824b6f456..429f9f03372b 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -121,6 +121,7 @@ enum lockdown_reason {
LOCKDOWN_KPROBES,
LOCKDOWN_BPF_READ,
LOCKDOWN_PERF,
+ LOCKDOWN_TRACEFS,
LOCKDOWN_CONFIDENTIALITY_MAX,
};