On Sunday 23 September 2012 06:25:40 Len Brown wrote: > > +config ACPI_INITRD_TABLE_OVERRIDE > > + bool > > + default y > > Do distros in addition to SuSE concur they want to ship this way? Whether distros ship this in their enterprise, community or just in a -debug kernel flavor is up to them. I cannot see why this cannot be enabled by default on all. That is what the TAINT flag is for... > The last time we tried to make debugging easier we added > ACPI_CUSTOM_METHOD, which allowed root to over-ride an AML method > on a running system. Distro security-minded people were not amused. Yep and therefore you have to remove this one from the tools for ACPI debugging you listed. The issue is/was, that root can inject code at runtime which is then executed in kernel environment. Afaik there are "security" provisions or say setups, which do hide modprobe/insmod and do not allow root to load any kernel drivers or similar. If one can write the kernel or initrd which gets booted, I guess there are not much security restrictions anymore you could put on this user... But thanks for the pointer, I'll go and double check with some security guys. > thanks, > -Len Brown, Intel Open Source Technology Center > > ps I noticed your reference to acpidump in the README. > That reminded me to push it to the kernel source tree. > Its new home will be tools/power/acpi This is the one which I tried to/did adjust to acpica headers? This sounds like a very good idea. I'll adjust the docs. pss: Can this tool live there as well: ftp://ftp.suse.com/pub/people/trenn/sources/ec/ec_access.c It's the userspace tool for examining EC values (and changes) via ec_sys debug driver and a corresponding /sys/kernel/debug/.. file. It's more ore less doing the same what the old thinkpad_acpi driver could, but offers this to all machines with an EC device. Thomas -- To unsubscribe from this list: send the line "unsubscribe linux-acpi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
