linux-hardened/fs/efivarfs
Peter Jones ed8b0de5a3 efi: Make efivarfs entries immutable by default
"rm -rf" is bricking some peoples' laptops because of variables being
used to store non-reinitializable firmware driver data that's required
to POST the hardware.

These are 100% bugs, and they need to be fixed, but in the mean time it
shouldn't be easy to *accidentally* brick machines.

We have to have delete working, and picking which variables do and don't
work for deletion is quite intractable, so instead make everything
immutable by default (except for a whitelist), and make tools that
aren't quite so broad-spectrum unset the immutable flag.

Signed-off-by: Peter Jones <pjones@redhat.com>
Tested-by: Lee, Chun-Yi <jlee@suse.com>
Acked-by: Matthew Garrett <mjg59@coreos.com>
Signed-off-by: Matt Fleming <matt@codeblueprint.co.uk>
2016-02-10 16:25:52 +00:00
..
file.c efi: Make efivarfs entries immutable by default 2016-02-10 16:25:52 +00:00
inode.c efi: Make efivarfs entries immutable by default 2016-02-10 16:25:52 +00:00
internal.h efi: Make efivarfs entries immutable by default 2016-02-10 16:25:52 +00:00
Kconfig fs: Make efivarfs a pseudo filesystem, built by default with EFI 2015-01-05 14:15:58 +00:00
Makefile efivarfs: Move to fs/efivarfs 2013-04-17 13:25:09 +01:00
super.c efi: Make efivarfs entries immutable by default 2016-02-10 16:25:52 +00:00