Access to raw memory: remove or make boolean?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: selinux-refpolicy@xxxxxxxxxxxxxxx
- Subject: Access to raw memory: remove or make boolean?
- From: Topi Miettinen <toiwoton@xxxxxxxxx>
- Date: Mon, 24 Feb 2020 17:11:46 +0200
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0
Hi,
I made a PR 192 (https://github.com/SELinuxProject/refpolicy/pull/192)
for introducing a new boolean to disable access to raw memory devices
(/dev/mem, /dev/kmem, /dev/mergemem, dev/oldmem, /dev/port) because on
modern systems, direct access shouldn't be needed anymore. Chris
PeBenito asked to propose to this list whether instead of boolean, the
access should be removed unconditionally if it's no longer needed. I
think boolean could be useful for those systems where this is still
needed but still use latest reference policy.
-Topi Miettinen
[Index of Archives]
[AMD Graphics]
[Linux USB Devel]
[Linux Audio Users]
[Yosemite News]
[Linux Kernel]
[Linux SCSI]
