On Fri, 8 Nov 2024, Mark Hindley wrote: >Reading the original thread, I share some of the concerns[1] about >enabling this globally.
I’ve recently worked with debugfs+relayfs in a project, and I share the opinion of the kernel documentation that it should not be enabled by default (or rather, it should not be mounted by default in this case — enabling in the kernels is probably good). However, if the other thing mounts it by default, that will cause unnecessary friction we would do best to avoid. I’d suggest asking the security team about this and then adjust either initscripts or the other thingy to match. bye, //mirabilos -- 22:20⎜<asarch> The crazy that persists in his craziness becomes a master 22:21⎜<asarch> And the distance between the craziness and geniality is only measured by the success 18:35⎜<asarch> "Psychotics are consistently inconsistent. The essence of sanity is to be inconsistently inconsistent