On Fri, 15 May 2026 15:40:07 -0400 Anubhav Shelat <[email protected]> wrote:
> Change the default tracefs mount mode from 0700 to 0755. This allows > unprivileged users to access the eventfs directories underneath which > already use 0755. > > Tracing data files use mode 0440 and 0640 so they are not exposed by > this change. Only the format and id files, which have been marked as > work-readable, become accessible. > > Directory listings of kprobes and uprobes, which contain functions or > binaries, become visible to unprivileged users but do not contain kernel > addresses. Admins using probes can restore the previous behavior with > chmod or mount -o mode=700. > I've been thinking about this and I believe a better approach is to make a eventfs that is mounted at: /sys/kernel/events and be the same directory structure as /sys/kernel/tracing/events but only contain read only files like "id" and "format". This directory would be mounted as 555 and readable by all. -- Steve
