On Sun, 16 Nov 2008 15:45:41 +0000 Alan Cox <alan@xxxxxxxxxxxxxxxxxxx> wrote: ules that circumvent that > > protection. > > With your patch I get crap in the kernel I don't need. In every kernel > including those on memory tight devices like wireless routers that > don't need it. > > You are turd polishing, and what is needed is a shovel. > > Even if you want to turd polish there are cleaner solutions. A process > with CAP_SYS_RAWIO can cheerfully bypass any restriction you try and > place because it can load kernel modules? or because it can bypass the iommu? the point of the /dev/mem restrictions is to not allow things you know you don't need, while still allowing X to function where it can access the crap it does. Now in Bernhard's case he DOES need them, so he shouldn't use the restrictions. > There are proper ways to deal with X, modern video cards and modern > security models. They involve using framebuffer mappings off the PCI > device node itself and DRI. > when X has this for all hw that matters /dev/mem could go away for the people who then no longer have any need for it. -- Arjan van de Ven Intel Open Source Technology Centre For development, discussion and tips for power savings, visit http://www.lesswatts.org -- Crash-utility mailing list Crash-utility@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/crash-utility
