On Wed, 6 May 2020 15:38:16 -0400
Peter Xu <pet...@redhat.com> wrote:
> If this is going to be added... I am thinking whether it should be easier to
> add another value for unprivileged_userfaultfd, rather than a new sysctl.
> E.g.:
>
> "0": unprivileged userfaultfd forbidden
> "1": unprivileged userfaultfd allowed (both user/kernel faults)
> "2": unprivileged userfaultfd allowed (only user faults)
>
> Because after all unprivileged_userfaultfd_user_mode_only will be meaningless
> (iiuc) if unprivileged_userfaultfd=0. The default value will also be the same
> as before ("1") then.
It occurs to me to wonder whether this interface should also let an admin
block *privileged* user from handling kernel-space faults? In a
secure-boot/lockdown setting, this could be a hardening measure that keeps
a (somewhat) restricted root user from expanding their privilege...?
jon
