who will actually do some kind of gfn-epfn etc. mapping, how we'll
forbid access to this memory e.g., via /proc/kcore or when dumping memory
It's not aimed to prevent root to shoot into his leg. Root do root.
IMHO being root is not an excuse to read some random file (actually used
in production environments) to result in the machine crashing. Not
acceptable for distributions.
I just realized that reading encrypted memory should be ok and only
writing is an issue, right?
--
Thanks,
David / dhildenb