2012.Május 17.(Cs) 15:07 időpontban Maxim Kammerer ezt írta: > On Thu, May 17, 2012 at 3:04 PM, Anthony G. Basile > <[email protected]> wrote: >> Liberte, last I looked, has quite a few hardening features off. > > True — this is made necessary by having to support virtualized > environments (and, of course, Xorg, wrt. GRKERNSEC_IO). Since out last > discussion on the subject, I have “discovered” the > GRKERNSEC_HARDENED_VIRTUALIZATION profile, which fits quite well the > settings that were carefully selected previously. > > By the way, Liberté also mounts /dev with noexec, and I received no > complaints so far (see bug #92921). I also grepped the driver sources > before making the change, and didn't find any attempts to map /dev/mem > with PROT_EXEC. No idea if the noexec issue is still present with > proprietary drivers, though.
How would I change the way /dev gets mounted? I don't have noexec as an option listed by mount for the udev entry. In my policy file Xorg is permitted to execute /dev/mem: is that no longer needed? I use the radeon driver, not the proprietary. Regards: Dw. -- dr Tóth Attila, Radiológus, 06-20-825-8057 Attila Toth MD, Radiologist, +36-20-825-8057 > > -- > Maxim Kammerer > Liberté Linux (discussion / support: http://dee.su/liberte-contribute) > >
