Ubuntu
systemd package

debugfs shouldn't be mounted by default

Bug #1912855 reported by Simon Déziel
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
systemd (Ubuntu)
New
Wishlist
Unassigned

Bug Description

On modern Ubuntu systems, /sys/kernel/debug is mounted by default due to sys-kernel-debug.mount being enabled by default.

AFAIK, this FS doesn't need to be mounted for normal operations and back in the day, there were concerns about the security implications of having it enabled/mounted by default (https://lists.ubuntu.com/archives/kernel-team/2011-January/013418.html).

Would it be possible to not have it mounted by default?

$ apt-cache policy systemd
systemd:
  Installed: 245.4-4ubuntu3.4
  Candidate: 245.4-4ubuntu3.4
  Version table:
 *** 245.4-4ubuntu3.4 500
        500 http://us.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     245.4-4ubuntu3 500
        500 http://us.archive.ubuntu.com/ubuntu focal/main amd64 Packages
$ lsb_release -rd
Description: Ubuntu 20.04.1 LTS
Release: 20.04

Revision history for this message
Seth Arnold (seth-arnold) wrote :

I'm inclined to say an admin should ask to mount this explicitly, however stgraber pointed out on irc that lxd premounts /sys/kernel/debug in part to placate upstart in guests. This may have implications for disabling /lib/systemd/system/sys-kernel-debug.mount by default.

Thanks

Revision history for this message
Simon Déziel (sdeziel) wrote :

However, lxd seems to deal with /sys/kernel/debug itself by mounting it unconditionally, irrespective of what systemd would do.

This was tested by running `systemctl mask sys-kernel-debug.mount` in a container and seeing /sys/kernel/debug being mounted nevertheless.

Revision history for this message
Dan Streetman (ddstreet) wrote :

as Debian/Ubuntu inherit the mount unit from upstream, this would probably be best proposed there first, unless there is some compelling reason that Debian and/or Ubuntu should diverge behavior with upstream for debugfs.

Nick Rosbrook (enr0n)
Changed in systemd (Ubuntu):
importance: Undecided → Wishlist
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.