I installed a muck-around vserver guest as an Ubuntu desktop (though
never finished setting it up to log in remotely). Doing an upgrade now
wants to run dmidecode as part of the postinstall. This wants access to
/dev/mem, which of course doesn't exist in the guest. Plus to be useful
I guess I'll have to grant the SYS_RAWIO capability to the guest too?
What are the security implications of having /dev/mem plus RAWIO
capabilities in a guest? My armchair guess is that a root process in
the guest would have read (and write?) access to the entire memory space.
Vserver mailing list
Received on Tue Mar 14 00:03:48 2006