[PATCH 06/12] x86: Require CAP_COMPROMISE_KERNEL for IO port access

Matthew Garrett matthew.garrett at nebula.com
Tue Mar 19 21:05:23 EDT 2013


Easiest way to do that would be to replace some existing users of CAP_RAW_IO with CAP_SYS_ADMIN and then just insert a couple of extra RAW_IO checks. That would break some existing userspace, but so would introducing a new capability. I'm happy to go that way, but would appreciate some broader feedback that that's the way to go. 
-- 
Matthew Garrett | matthew.garrett at nebula.com


More information about the kexec mailing list