Removal of the kernel code/data/bss resources does break kexec/kdump

Dave Young dyoung at
Tue Apr 19 18:13:07 PDT 2016

On 04/19/16 at 09:20am, Linus Torvalds wrote:
> On Tue, Apr 19, 2016 at 2:04 AM, Dave Young <dyoung at> wrote:
> >
> > It is not clear how to handle it, maybe we can assume nobody is using it as
> > non-root, leave it as is or just add |CAP_SYS_BOOT for /proc/iomem?
> Pretty much nobody uses fine-grained capabilities anyway - they are
> one of those bad security things that generally add more complexity
> than value(*) - so I wouldn't worry about it unless you actually find
> something that cares.

Agreed that leaving it as is should be fine according to you said about
fine-grained capabilities usage.


More information about the kexec mailing list