Thanks for that pointer. To what extent does the user need access to the device nodes? I would expect that removing user-writability from the nodes would cause direct rendering via libGL to fail; is this indeed the case?
If we can safely restrict these devices to root, then we're done.
Thanks for that pointer. To what extent does the user need access to the device nodes? I would expect that removing user-writability from the nodes would cause direct rendering via libGL to fail; is this indeed the case?
If we can safely restrict these devices to root, then we're done.