security: introducing security_request_module - linux-dev - Linux kernel development work

diff options

author	Eric Paris <eparis@redhat.com>	2009-08-13 09:44:57 -0400
committer	James Morris <jmorris@namei.org>	2009-08-14 11:18:37 +1000
commit	9188499cdb117d86a1ea6b04374095b098d56936 (patch)
tree	7c0dd23f2c98630c426cbd0bfbf5e46cc689091e /security/selinux/include/av_permissions.h
parent	Networking: use CAP_NET_ADMIN when deciding to call request_module (diff)
download	linux-dev-9188499cdb117d86a1ea6b04374095b098d56936.tar.xz linux-dev-9188499cdb117d86a1ea6b04374095b098d56936.zip

security: introducing security_request_module

Calling request_module() will trigger a userspace upcall which will load a new module into the kernel. This can be a dangerous event if the process able to trigger request_module() is able to control either the modprobe binary or the module binary. This patch adds a new security hook to request_module() which can be used by an LSM to control a processes ability to call request_module(). Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>

Diffstat (limited to '')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: