Re: [PATCH 2/2] x86: Allow disabling of sys_iopl, sys_ioperm

From: Alan Cox
Date: Thu Jul 14 2011 - 18:47:22 EST

Next message: Mike Waychison: "Re: [PATCH 2/2] x86: Allow disabling of sys_iopl, sys_ioperm"
Previous message: H. Peter Anvin: "Re: [PATCH 2/2] x86: Allow disabling of sys_iopl, sys_ioperm"
In reply to: Alan Cox: "Re: [PATCH 2/2] x86: Allow disabling of sys_iopl, sys_ioperm"
Next in thread: Mike Waychison: "Re: [PATCH 2/2] x86: Allow disabling of sys_iopl, sys_ioperm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 14 Jul 2011 13:34:53 -0700
Mike Waychison <mikew@xxxxxxxxxx> wrote:

> In some build environments, it is useful to allow disabling of IO
> accesses to hardware, without having to rely on CAP_SYS_RAWIO (which is

And others include mmap and the tty driver and the PCI config space
(various devices can be manipulated via pci config space to do I/O cycles)

It strikes me that

a) you can do this with a security module
b) its rather incomplete

and as such you don't need kernel hacks to do it because everything you
want is already there.

Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Mike Waychison: "Re: [PATCH 2/2] x86: Allow disabling of sys_iopl, sys_ioperm"
Previous message: H. Peter Anvin: "Re: [PATCH 2/2] x86: Allow disabling of sys_iopl, sys_ioperm"
In reply to: Alan Cox: "Re: [PATCH 2/2] x86: Allow disabling of sys_iopl, sys_ioperm"
Next in thread: Mike Waychison: "Re: [PATCH 2/2] x86: Allow disabling of sys_iopl, sys_ioperm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]