Then open O_RDONLY (with CAP_SYS_RAWIO). Then the utility won't have
write access. If that's all you are worried about.
or.
If you have only one capability (CAP_SYS_RAWIO), you are not owner of
/dev/kmem, you are in group kmem, and /dev/kmem is 0640, then all you will
get is read-only access to /dev/kmem. This does not require kernel changes.
thanks,
-chris
-- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/