I'm having difficulty dumping the memory from a Ubuntu 6.10 PC. When I try and run it (yes both using sudo and as root) I get
dd reading '/dev/mem' Operation not permitted
2056+0 records in
2056+0 records out
1.1MB copied
I've tried this on both my physical machine and a VMWare session. Can anybody shed some light?
dd if=/dev/mem bs=4096 of=/home/xxx/dd.dd
Hi,
Could it be a patched kernel restricting access to /dev/mem perhaps (even to root)? I Googled a little and found that removing CAP_SYS_RAWIO from the capability bounding set would also (I believe) prevent root access to /dev/mem, although I'm not very familiar with the terminology.
Jamie
Jamie is right, it's a permissions thing. Check out the man page for mem for a solution to the ownership problem. The character device file may already exist so the mknod command might not be necessary, and the chown will need sudo.
Jamie, thank you. You are correct. It's a capabilities issue as opposed to a permissions issue. Getting around this without a reboot should prove interesting. I'll report my findings.
Can't take too much credit, just a Google-inspired lucky guess…must buy a lottery ticket tomorrow lol
Good luck with it anyway, do let us know how you get on!
Cheers,
Jamie