[linux-pm] [RFC] userland swsusp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2005-11-18 at 19:36 +0000, Alan Cox wrote:
> On Maw, 2005-11-15 at 17:25 -0500, Dave Jones wrote:
> > Just for info: If this goes in, Red Hat/Fedora kernels will fork
> > swsusp development, as this method just will not work there.
> > (We have a restricted /dev/mem that prevents writes to arbitary
> >  memory regions, as part of a patchset to prevent rootkits)
> 
> Perhaps it is trying to tell you that you should be using SELinux rules
> not kernel hacks for this purpose ?

actually no. SELinux can't work, we've looked at that bigtime. Basically
/dev/mem has 3 types in one, and to apply security you need different
roles for each in selinux. so the only option to apply selinux
*anything* is to first split /dev/mem up.

types:
1) accessing non-ram memory (eg PCI mmio space) by X and the likes
   (ideally should use sysfs but hey, changing X for this will take 
   forever)
2) accessing bios memory in the lower 1Gb for various emulation like
   purposes (including vbetool and X mode setting)
3) accessing things the kernel sees as RAM

they are very distinct security wise.



[Index of Archives]     [Linux ACPI]     [Netdev]     [Ethernet Bridging]     [Linux Wireless]     [CPU Freq]     [Kernel Newbies]     [Fedora Kernel]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]

  Powered by Linux