Re: [PATCH 06/12] x86: Require CAP_COMPROMISE_KERNEL for IO portaccess
From: Matthew Garrett
Date: Tue Mar 19 2013 - 21:05:35 EST
Easiest way to do that would be to replace some existing users of CAP_RAW_IO with CAP_SYS_ADMIN and then just insert a couple of extra RAW_IO checks. That would break some existing userspace, but so would introducing a new capability. I'm happy to go that way, but would appreciate some broader feedback that that's the way to go.
--
Matthew Garrett | matthew.garrett@xxxxxxxxxx¢éì®&Þ~º&¶¬+-±éÝ¥w®Ë±Êâmébìdz¹Þ)í
æèw*jg¬±¨¶Ýj/êäz¹Þà2Þ¨èÚ&¢)ß«a¶Úþø®G«éh®æj:+v¨wèÙ>W±êÞiÛaxPjØm¶ÿÃ-»+ùd_