Linus Torvalds writes: (Summary) We
could make the rate-limiting be some completely generic thing, not
tying it to efivars itself, but just saying "this is for random
"occasional" things where we are ok with a user doing a hundred
operations per second, but if somebody tries to do millions, they get
shut down".
shut down".
Realistically, even root is fine with those, but letting root in the initial namespace be entirely unlimited is obviously a pretty reasonable thing to do.
reasonable thing to do.
So it might be a few tens of lines of code or something, including the initialization of that new user struct entry.
initialization of that new user struct entry.
I think the real issue is testing and just doing it.
shut down".
Realistically, even root is fine with those, but letting root in the initial namespace be entirely unlimited is obviously a pretty reasonable thing to do.
reasonable thing to do.
So it might be a few tens of lines of code or something, including the initialization of that new user struct entry.
initialization of that new user struct entry.
I think the real issue is testing and just doing it.