On 04/14/16 at 06:02pm, Linus Torvalds wrote: > On Thu, Apr 14, 2016 at 1:27 PM, Emrah Demir <ed at abdsec.com> wrote: > > On 2016-04-14 13:40, Linus Torvalds wrote: > >> > >> > >> Actually, %pK is horrible in /proc and /sys files, and does the wrong > >> thing. > > > > I agree with that, but for now there is no way to make things right in /proc > > or /sys. > > Well, there is now. > > I've pushed out my attempt at fixing things properly. Please check > that kexec works - and if kexec ends up reading that file as non-root, > I don't know what to say/do. > Checked kexec/kdump, for kdump it will read /proc/kcore, /proc/kcore is root only thus it will be fine with the changes. Though in the comment of kexec_load syscall it says "for obvious reasons only root may call it", but in the code it is using: if (!capable(CAP_SYS_BOOT) || kexec_load_disabled) return -EPERM; So for kexec CAP_SYS_BOOT is enough, not necessarily to be root. It is not clear how to handle it, maybe we can assume nobody is using it as non-root, leave it as is or just add |CAP_SYS_BOOT for /proc/iomem? Thanks Dave