On Sun, 16 Nov 2008 15:45:41 +0000
Alan Cox <alan(a)lxorguk.ukuu.org.uk> wrote:
ules that circumvent that
> protection.
With your patch I get crap in the kernel I don't need. In every kernel
including those on memory tight devices like wireless routers that
don't need it.
You are turd polishing, and what is needed is a shovel.
Even if you want to turd polish there are cleaner solutions. A process
with CAP_SYS_RAWIO can cheerfully bypass any restriction you try and
place
because it can load kernel modules?
or because it can bypass the iommu?
the point of the /dev/mem restrictions is to not allow things you know
you don't need, while still allowing X to function where it can access
the crap it does. Now in Bernhard's case he DOES need them, so he
shouldn't use the restrictions.
There are proper ways to deal with X, modern video cards and modern
security models. They involve using framebuffer mappings off the PCI
device node itself and DRI.
when X has this for all hw that matters /dev/mem could go away for the
people who then no longer have any need for it.
--
Arjan van de Ven Intel Open Source Technology Centre
For development, discussion and tips for power savings,
visit
http://www.lesswatts.org