From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jason Gunthorpe Subject: Re: [PATCH] tpm: vtpm_proxy: Introduce flag to prevent sysfs entries Date: Fri, 24 Jun 2016 11:48:03 -0600 Message-ID: <20160624174803.GA14506@obsidianresearch.com> References: <1466779015-26965-1-git-send-email-stefanb@linux.vnet.ibm.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline In-Reply-To: <1466779015-26965-1-git-send-email-stefanb-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: tpmdd-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org To: Stefan Berger Cc: linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org List-Id: tpmdd-devel@lists.sourceforge.net On Fri, Jun 24, 2016 at 10:36:55AM -0400, Stefan Berger wrote: > Introduce TPM_VTPM_PROXY_NO_SYSFS flag that prevents a vtpm_proxy driver > instance from having the typical sysfs entries that shows the state of the > TPM. The flag is to be set in the ioctl creating the vtpm_proxy device > pair and maps on a new chip flags TPM_CHIP_FLAG_NO_SYSFS. No other subsystem does something so goofy, this really needs to be part of namespace support for TPM. Why can't you just make the sysfs files unreadable in user space? If a container can make them readable again can't it also just create the chardev node? Jason ------------------------------------------------------------------------------ Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751950AbcFXRsS (ORCPT ); Fri, 24 Jun 2016 13:48:18 -0400 Received: from quartz.orcorp.ca ([184.70.90.242]:36884 "EHLO quartz.orcorp.ca" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751522AbcFXRsQ (ORCPT ); Fri, 24 Jun 2016 13:48:16 -0400 Date: Fri, 24 Jun 2016 11:48:03 -0600 From: Jason Gunthorpe To: Stefan Berger Cc: tpmdd-devel@lists.sourceforge.net, jarkko.sakkinen@linux.intel.com, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org Subject: Re: [PATCH] tpm: vtpm_proxy: Introduce flag to prevent sysfs entries Message-ID: <20160624174803.GA14506@obsidianresearch.com> References: <1466779015-26965-1-git-send-email-stefanb@linux.vnet.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1466779015-26965-1-git-send-email-stefanb@linux.vnet.ibm.com> User-Agent: Mutt/1.5.23 (2014-03-12) X-Broken-Reverse-DNS: no host name found for IP address 10.0.0.160 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jun 24, 2016 at 10:36:55AM -0400, Stefan Berger wrote: > Introduce TPM_VTPM_PROXY_NO_SYSFS flag that prevents a vtpm_proxy driver > instance from having the typical sysfs entries that shows the state of the > TPM. The flag is to be set in the ioctl creating the vtpm_proxy device > pair and maps on a new chip flags TPM_CHIP_FLAG_NO_SYSFS. No other subsystem does something so goofy, this really needs to be part of namespace support for TPM. Why can't you just make the sysfs files unreadable in user space? If a container can make them readable again can't it also just create the chardev node? Jason