Re: restricting access to /dev/mem
Posted Jul 25, 2005 16:23 UTC (Mon) by sweikart
In reply to: Re: restricting access to /dev/mem
Parent article: Kernel Summit 2005: The ExecShield patches
But I don't think the kernel should enforce *any* specific policy on access rights to /dev/mem; I think this policy should be left to userspace (which can drop the SYS_RAWIO capability from the Capability Bounding set, using /proc/sys/kernel/cap-bound). Other drivers and applicatins (including mine :-) need access to /dev/mem during the boot sequence, and we can drop SYS_RAWIO when we're done.
So, my proposal is that the kernel not enforce access rights. Instead, the distributors can drop SYS_RAWIO in their boot scripts, and people (like me) who need temporary access to /dev/mem can modify the boot scripts as needed.
to post comments)