On Fri, Jun 24, 2016 at 10:36:55AM -0400, Stefan Berger wrote: > Introduce TPM_VTPM_PROXY_NO_SYSFS flag that prevents a vtpm_proxy driver > instance from having the typical sysfs entries that shows the state of the > TPM. The flag is to be set in the ioctl creating the vtpm_proxy device > pair and maps on a new chip flags TPM_CHIP_FLAG_NO_SYSFS.
No other subsystem does something so goofy, this really needs to be part of namespace support for TPM. Why can't you just make the sysfs files unreadable in user space? If a container can make them readable again can't it also just create the chardev node? Jason
