debugfs shouldn't be mounted by default
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
systemd (Ubuntu) |
New
|
Wishlist
|
Unassigned |
Bug Description
On modern Ubuntu systems, /sys/kernel/debug is mounted by default due to sys-kernel-
AFAIK, this FS doesn't need to be mounted for normal operations and back in the day, there were concerns about the security implications of having it enabled/mounted by default (https:/
Would it be possible to not have it mounted by default?
$ apt-cache policy systemd
systemd:
Installed: 245.4-4ubuntu3.4
Candidate: 245.4-4ubuntu3.4
Version table:
*** 245.4-4ubuntu3.4 500
500 http://
100 /var/lib/
245.4-4ubuntu3 500
500 http://
$ lsb_release -rd
Description: Ubuntu 20.04.1 LTS
Release: 20.04
Changed in systemd (Ubuntu): | |
importance: | Undecided → Wishlist |
I'm inclined to say an admin should ask to mount this explicitly, however stgraber pointed out on irc that lxd premounts /sys/kernel/debug in part to placate upstart in guests. This may have implications for disabling /lib/systemd/ system/ sys-kernel- debug.mount by default.
Thanks