I think this reply has been somewhat overtaken by others, but I'll send it anyway.
On 08/11/2024 11:04, Mark Hindley wrote: > Reading the original thread, I share some of the concerns[1] about enabling > this > globally. > > Are these still valid? I don't know. I was going from the fact that it is now apparently enabled by default in systemd, so I assumed it can't be all that bad, and while it might not be a good idea, it does put pressure on other init systems to follow suit. I agree with what Thorsten Glaser has written in his reply and if debugfs is problematic then it shouldn't be enabled by default anywhere. Part of the problem seems to lie with rasdaemon, which relies on a system of doubtful security being enabled just to read information about errors from ECC memory, but doesn't provide any instructions on how to enable it yourself. Doing this is simple enough once you've found out how, and I now have the following in /etc/fstab: debugfs /sys/kernel/debug debugfs defaults 0 0 But I don't know how ill-advised that is from a security standpoint. Thanks for looking into this, Roger > [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539352#18