Following are two patches against clean 2.3.10 which I'd like to submit
for 2.3.near_future.
The first is a forward port (re-diff :) of the capability bounding set
patch which is in Alan's proposed 2.2.11pre2. This goes some way towards
restoring 2.0's securelevel functionality.
Hopefully, it's pretty uncontroversial.
The second requires CAP_SYS_RAWIO to open /dev/mem, /dev/kmem, /dev/port
and /proc/kcore. (Something similar should also be done to Alan's
dmaram.c.)
This one may be slightly more contentious, as 2.0 securelevel restricted
only _write_ to mem and kmem. I intend to submit something like this for
2.2, but I think that 2.3 and onwards could and should be more aggressive
on issues like this.
Comments?
Matthew.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/