KOSAKI Motohiro <kosaki.motohiro <at> gmail.com> writes: > > (3/11/13 7:57 PM), Luigi Semenzato wrote: > > Greetings linux-mmers, > > > > before we can fully deploy zram, we must ensure it conforms to the > > Chrome OS security requirements. In particular, we do not want to > > allow user space to read/write the swap device---not even root-owned > > processes. > > Could you explain Chrome OS security requirement at first? We don't want > to guess your requirement. I'll try to add a little more flavor. We're continuing to reduce the exposure from root-equivalent users wherever possible. Enabling swap support to a block device means an alternative means to access/modify swapped out user-context memory with a single discretionary access control check, bypassing any per-process checks in /proc/<pid>/mem (like mm_open(..., PTRACE_MODE_ATTACH)), and so on. hth! will -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>