Hello! On Sun, Aug 09, 2009 at 06:48:05PM +0200, olafbuddenha...@gmx.net wrote: > On Mon, Aug 03, 2009 at 07:12:22PM +0200, Thomas Schwinge wrote: > > There are two ways to use it: either the GNU Mach RPCs > > i386_io_perm_create and i386_io_perm_modify (see > > [gnumach]/i386/include/mach/i386/mach_i386.defs) can directly be used, > > or the more standard (at least on x86) glibc ioperm function (see > > [glibc]/sysdeps/mach/hurd/i386/ioperm.c), which makes use of the > > former two RPCs. > > > > Note that you currently have to be the root user to make use of all > > this. This is what the envisioned (not yet existing, but which we've > > once been chatting about) ioperm server, sitting on /servers/ioperm, > > is meant to change. > > The ironic thing is that with the iopl device, it was already possible > without any special server...
But iopl is a all-or-nothing-like thing (all I/O ports), and also is for root only (the device_master port is needed). > I still wonder why the extra RPCs are considered better. Because they use the capability system for allowing access to arbitrarily restricted ranges of I/O ports; these capabilities can then be passed to arbitrary non-root clients. What the ioperm server will do is allowing non-root clients to request access to I/O ports, and then had out these rights according to some policy. Regards, Thomas
signature.asc
Description: Digital signature
