Not allowing write access to /dev/mem will not get us very far. Essentially it means you cannot start an accellerated X server when the grsecurity patches are in. Currently we do need write access to /dev/mem to write to the fb and the HW registers.
Egbert. Brian Richardson writes: > Hello all, > > I have solved the problem with the int10 module that I posted 2 weeks ago. The > answer, (of course) is surprisingly simple. For those that didn't read the > initial post, here is the specific problem: > > (EE) NVIDIA(0): Cannot map SYS BIOS > (EE) NVIDIA(0): Unable to initialize the XFree86 Int10 module; the console may > (EE) NVIDIA(0): not be restored correctly on your TV. > > The reason for this is an option in the grsecurity patch to the Linux kernel; > do not enable the option that says > > "Deny writing to /dev/kmem, /dev/mem, and /dev/port" > > The mmap() call that is made when the video BIOS segment is initialized will > fail without write access to the video memory. Perhaps devfsd could be > configured to allow this write only to root when the X server starts. > > Regards, > Brian > > -- > Commoner's three laws of ecology: > (1) No action is without side-effects. > (2) Nothing ever goes away. > (3) There is no free lunch. _______________________________________________ XFree86 mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/xfree86
