Hi! > > > modules_disabled surely is not the right interface to disable hibernation > > > and I don't really think there's a bug because it doesn't work as you'd like > > > it to. In fact, there would be a bug if it did work that way. > > > > What do you mean here? Do you agree that you may read kernel image, > > slightly change it (including e.g. possible checksums, I didn't bother > > to check how much one should change), and write it back? > > Yes, you can, but that's not the point. The point is that calling an interface > that disables all possible functionality modifying kernel memory > "modules_disabled" is completely dumb. Sorry, but that's how it goes. Fully agreed. If you want a subset of cap_sys_admin than can't install rootkit... just do it like that. Create cap_small_admin with such subset and migrate people that don't need full admin to it. Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html _______________________________________________ linux-pm mailing list linux-pm@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/linux-pm
