Re: [PATCH] tpm: vtpm_proxy: Introduce flag to prevent sysfs entries

From: Jason Gunthorpe
Date: Fri Jun 24 2016 - 13:48:20 EST

Next message: Kees Cook: "Re: [PATCH v4 4/3] LSM: Improve context interface for proc attrs"
Previous message: Andy Lutomirski: "Re: [PATCH v3 00/13] Virtually mapped stacks with guard pages (x86, core)"
In reply to: Stefan Berger: "[PATCH] tpm: vtpm_proxy: Introduce flag to prevent sysfs entries"
Next in thread: Stefan Berger: "Re: [PATCH] tpm: vtpm_proxy: Introduce flag to prevent sysfs entries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jun 24, 2016 at 10:36:55AM -0400, Stefan Berger wrote:
> Introduce TPM_VTPM_PROXY_NO_SYSFS flag that prevents a vtpm_proxy driver
> instance from having the typical sysfs entries that shows the state of the
> TPM. The flag is to be set in the ioctl creating the vtpm_proxy device
> pair and maps on a new chip flags TPM_CHIP_FLAG_NO_SYSFS.

No other subsystem does something so goofy, this really needs to be
part of namespace support for TPM.

Why can't you just make the sysfs files unreadable in user space?
If a container can make them readable again can't it also just create
the chardev node?

Jason

Next message: Kees Cook: "Re: [PATCH v4 4/3] LSM: Improve context interface for proc attrs"
Previous message: Andy Lutomirski: "Re: [PATCH v3 00/13] Virtually mapped stacks with guard pages (x86, core)"
In reply to: Stefan Berger: "[PATCH] tpm: vtpm_proxy: Introduce flag to prevent sysfs entries"
Next in thread: Stefan Berger: "Re: [PATCH] tpm: vtpm_proxy: Introduce flag to prevent sysfs entries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]