--- linux-2.4.28/kernel/sysctl.c.secure_io~	2005-01-07 20:52:42.000000000 +0100
+++ linux-2.4.28/kernel/sysctl.c	2005-01-07 20:52:44.000000000 +0100
@@ -322,7 +322,7 @@
 GS_SOCKET_ALL, GS_SOCKET_ALL_GID, GS_SOCKET_CLIENT,
 GS_SOCKET_CLIENT_GID, GS_SOCKET_SERVER, GS_SOCKET_SERVER_GID,
 GS_GROUP, GS_GID, GS_ACHDIR, GS_AMOUNT, GS_AIPC, GS_DMSG, GS_RANDRPC,
-GS_TEXTREL, GS_FINDTASK, GS_SHM, GS_LOCK};
+GS_TEXTREL, GS_FINDTASK, GS_SHM, GS_IO, GS_LOCK};
 
 static ctl_table grsecurity_table[] = {
 #ifdef CONFIG_GRKERNSEC_LINK
@@ -494,6 +494,10 @@
 	{GS_SHM, "destroy_unused_shm", &grsec_enable_shm, sizeof (int),
 	0600, NULL, &proc_dointvec},
 #endif
+#ifdef CONFIG_GRKERNSEC_IO
+	{GS_IO, "secure_io", &grsec_enable_secure_io, 
+	 sizeof (int), 0600, NULL, &proc_dointvec},
+#endif
 	{GS_LOCK, "grsec_lock", &grsec_lock, sizeof (int), 0600, NULL,
 	 &proc_dointvec},
 	{0}
--- linux-2.4.28/include/linux/grsecurity.h.secure_io~	2005-01-07 20:52:42.000000000 +0100
+++ linux-2.4.28/include/linux/grsecurity.h	2005-01-07 20:52:44.000000000 +0100
@@ -174,6 +174,7 @@
 extern __u32 ip_randomisn(void);
 extern unsigned long get_random_long(void);
 
+extern int grsec_enable_secure_io;
 extern int grsec_enable_dmesg;
 extern int grsec_enable_randid;
 extern int grsec_enable_randisn;
--- linux-2.4.28/arch/i386/kernel/ioport.c.secure_io~	2005-01-07 20:52:42.000000000 +0100
+++ linux-2.4.28/arch/i386/kernel/ioport.c	2005-01-07 20:52:44.000000000 +0100
@@ -65,14 +65,16 @@
 
 	if ((from + num <= from) || (from + num > IO_BITMAP_SIZE*32))
 		return -EINVAL;
-#ifdef CONFIG_GRKERNSEC_IO
+#ifdef CONFIG_GRKERNSEC
 	if (turn_on) {
+	    if (grsec_enable_secure_io) {
 		gr_handle_ioperm();
 #else
 	if (turn_on && !capable(CAP_SYS_RAWIO))
 #endif
 		return -EPERM;
-#ifdef CONFIG_GRKERNSEC_IO
+#ifdef CONFIG_GRKERNSEC
+	    }
 	}
 #endif
 	/*
@@ -132,9 +134,11 @@
 		return -EINVAL;
 	/* Trying to gain more privileges? */
 	if (level > old) {
-#ifdef CONFIG_GRKERNSEC_IO
+#ifdef CONFIG_GRKERNSEC
+	    if (grsec_enable_secure_io) {
 		gr_handle_iopl();
 		return -EPERM;
+	    }
 #else
 		if (!capable(CAP_SYS_RAWIO))
 			return -EPERM;
--- linux-2.4.28/grsecurity/grsec_init.c.secure_io~	2005-01-07 20:52:42.000000000 +0100
+++ linux-2.4.28/grsecurity/grsec_init.c	2005-01-07 20:52:44.000000000 +0100
@@ -49,6 +49,7 @@
 int grsec_socket_client_gid;
 int grsec_enable_socket_server;
 int grsec_socket_server_gid;
+int grsec_enable_secure_io;
 int grsec_lock;
 
 spinlock_t grsec_alert_lock = SPIN_LOCK_UNLOCKED;
@@ -241,6 +242,9 @@
 	grsec_enable_socket_server = 1;
 	grsec_socket_server_gid = CONFIG_GRKERNSEC_SOCKET_SERVER_GID;
 #endif
+#ifdef CONFIG_GRKERNSEC_IO
+	grsec_enable_secure_io = 1;
+#endif
 #endif
 
 	return;