On Wed, Sep 11, 2013 at 11:02:36AM +0800, Dave Young wrote:
On 09/04/13 at 09:56pm, Vivek Goyal wrote:
> With secureboot enabled, we don't even trust root. And when kexec is launched
> it might happen that root has already rigged /proc and /sys which kexec
> reads to get important data.
>
> So create a private mount namespace which is not visible to root, unmount
> old /proc and /sys and remount these to get to actual data kernel exported.
Hello Vivek
kexec will also use /sys/kernel/debug/boot_params, I want to copy efi_info from
there for efi runtime support. So could you remount debugfs as well?
Ok, will do. Thanks.
Vivek