On Thu 2018-04-19 15:35:47, David Howells wrote:
> Pavel Machek <pavel@ucw.cz> wrote:
> 
> > >  (1) chmod and chown are disallowed on debugfs objects (though the root dir
> > >      can be modified by mount and remount, but I'm not worried about that).
> > 
> > This has nothing to do with the lockdown goals, right? I find chown of
> > such files quite nice, to allow debugging without doing sudo all the time.
> 
> It allows someone to give everyone access to files that should perhaps only be
> accessible by root.  Besides, if you disable lockdown then you can do this if
> you want.

As I said this has nothing to do with lockdown, so does not belong in
this series. (And besides, it is bad idea.)

									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html