On Fri, 8 Nov 2024, Mark Hindley wrote:

>Reading the original thread, I share some of the concerns[1] about
>enabling this globally.

I’ve recently worked with debugfs+relayfs in a project,
and I share the opinion of the kernel documentation that
it should not be enabled by default (or rather, it should
not be mounted by default in this case — enabling in the
kernels is probably good).

However, if the other thing mounts it by default, that will
cause unnecessary friction we would do best to avoid.

I’d suggest asking the security team about this and then
adjust either initscripts or the other thingy to match.

bye,
//mirabilos
-- 
22:20⎜<asarch> The crazy that persists in his craziness becomes a master
22:21⎜<asarch> And the distance between the craziness and geniality is
only measured by the success 18:35⎜<asarch> "Psychotics are consistently
inconsistent. The essence of sanity is to be inconsistently inconsistent

Reply via email to