Re: [linux-pm] [RFC] userland swsusp

From: Arjan van de Ven
Date: Fri Nov 18 2005 - 16:23:06 EST


On Fri, 2005-11-18 at 19:36 +0000, Alan Cox wrote:
> On Maw, 2005-11-15 at 17:25 -0500, Dave Jones wrote:
> > Just for info: If this goes in, Red Hat/Fedora kernels will fork
> > swsusp development, as this method just will not work there.
> > (We have a restricted /dev/mem that prevents writes to arbitary
> > memory regions, as part of a patchset to prevent rootkits)
>
> Perhaps it is trying to tell you that you should be using SELinux rules
> not kernel hacks for this purpose ?

actually no. SELinux can't work, we've looked at that bigtime. Basically
/dev/mem has 3 types in one, and to apply security you need different
roles for each in selinux. so the only option to apply selinux
*anything* is to first split /dev/mem up.

types:
1) accessing non-ram memory (eg PCI mmio space) by X and the likes
(ideally should use sysfs but hey, changing X for this will take
forever)
2) accessing bios memory in the lower 1Gb for various emulation like
purposes (including vbetool and X mode setting)
3) accessing things the kernel sees as RAM

they are very distinct security wise.


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/