diff options
author | Steven Rostedt (VMware) <rostedt@goodmis.org> | 2019-10-12 02:41:41 +0200 |
---|---|---|
committer | Steven Rostedt (VMware) <rostedt@goodmis.org> | 2019-10-13 02:49:07 +0200 |
commit | bf8e602186ec402ed937b2cbd6c39a34c0029757 (patch) | |
tree | 06d4ed33b44d822c1a04e7239f23a0db722e6d82 | |
parent | tracing: Add locked_down checks to the open calls of files created for tracefs (diff) | |
download | linux-bf8e602186ec402ed937b2cbd6c39a34c0029757.tar.xz linux-bf8e602186ec402ed937b2cbd6c39a34c0029757.zip |
tracing: Do not create tracefs files if tracefs lockdown is in effect
If on boot up, lockdown is activated for tracefs, don't even bother creating
the files. This can also prevent instances from being created if lockdown is
in effect.
Link: http://lkml.kernel.org/r/CAHk-=whC6Ji=fWnjh2+eS4b15TnbsS4VPVtvBOwCy1jjEG_JHQ@mail.gmail.com
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
-rw-r--r-- | fs/tracefs/inode.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c index eeeae0475da9..0caa151cae4e 100644 --- a/fs/tracefs/inode.c +++ b/fs/tracefs/inode.c @@ -16,6 +16,7 @@ #include <linux/namei.h> #include <linux/tracefs.h> #include <linux/fsnotify.h> +#include <linux/security.h> #include <linux/seq_file.h> #include <linux/parser.h> #include <linux/magic.h> @@ -390,6 +391,9 @@ struct dentry *tracefs_create_file(const char *name, umode_t mode, struct dentry *dentry; struct inode *inode; + if (security_locked_down(LOCKDOWN_TRACEFS)) + return NULL; + if (!(mode & S_IFMT)) mode |= S_IFREG; BUG_ON(!S_ISREG(mode)); |