mem and kmem are really in /dev, so this does us no good.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
# block some other dangerous paths
deny @{PROC}/kcore rwklx,
- deny @{PROC}/kmem rwklx,
- deny @{PROC}/mem rwklx,
deny @{PROC}/sysrq-trigger rwklx,
# deny writes in /sys except for /sys/fs/cgroup, also allow
# block some other dangerous paths
deny @{PROC}/kcore rwklx,
- deny @{PROC}/kmem rwklx,
- deny @{PROC}/mem rwklx,
deny @{PROC}/sysrq-trigger rwklx,
# deny writes in /sys except for /sys/fs/cgroup, also allow
"/proc/sys/kernel/shmmax",
NULL };
-char *files_to_deny[] = { "/proc/mem", "/proc/kmem",
+char *files_to_deny[] = {
"/sys/kernel/uevent_helper",
"/proc/sys/fs/file-nr",
"/sys/kernel/mm/ksm/pages_to_scan",