tracing: Do not create tracefs files if tracefs lockdown is in effect

If on boot up, lockdown is activated for tracefs, don't even bother creating the files. This can also prevent instances from being created if lockdown is in effect. Link: http://lkml.kernel.org/r/CAHk-=whC6Ji=fWnjh2+eS4b15TnbsS4VPVtvBOwCy1jjEG_JHQ@mail.gmail.com Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
author: Steven Rostedt (VMware) <rostedt@goodmis.org> 2019-10-11 20:41:41 -0400
committer: Steven Rostedt (VMware) <rostedt@goodmis.org> 2019-10-12 20:49:07 -0400
commit: bf8e602186ec402ed937b2cbd6c39a34c0029757 (patch)
tree: 06d4ed33b44d822c1a04e7239f23a0db722e6d82
parent: 17911ff38aa58d3c95c07589dbf5d3564c4cf3c5 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/fs/tracefs/inode.c b/fs/tracefs/inode.c
index eeeae0475da9..0caa151cae4e 100644
--- a/fs/tracefs/inode.c
+++ b/fs/tracefs/inode.c
@@ -16,6 +16,7 @@
 #include <linux/namei.h>
 #include <linux/tracefs.h>
 #include <linux/fsnotify.h>
+#include <linux/security.h>
 #include <linux/seq_file.h>
 #include <linux/parser.h>
 #include <linux/magic.h>
@@ -390,6 +391,9 @@ struct dentry *tracefs_create_file(const char *name, umode_t mode,
        struct dentry *dentry;
        struct inode *inode;
+        if (security_locked_down(LOCKDOWN_TRACEFS))
+                return NULL;
        if (!(mode & S_IFMT))
                mode |= S_IFREG;
        BUG_ON(!S_ISREG(mode));
author	Steven Rostedt (VMware) <rostedt@goodmis.org>	2019-10-11 20:41:41 -0400
committer	Steven Rostedt (VMware) <rostedt@goodmis.org>	2019-10-12 20:49:07 -0400
commit	bf8e602186ec402ed937b2cbd6c39a34c0029757 (patch)
tree	06d4ed33b44d822c1a04e7239f23a0db722e6d82
parent	17911ff38aa58d3c95c07589dbf5d3564c4cf3c5 (diff)