diff options
| author |   Matthew Garrett <mjg59@srcf.ucam.org> | 2019-08-19 17:17:42 -0700 |
|---|---|---|
| committer |   James Morris <jmorris@namei.org> | 2019-08-19 21:54:15 -0700 |
| commit | 7d31f4602f8d366072471ca138e4ea7b8edf9be0 (patch) | |
| tree | d6c84bb75d5972c3c2ba086f6e7179d82f36393d /tools/perf/scripts/python/export-to-postgresql.py | |
| parent | lockdown: Restrict /dev/{mem,kmem,port} when the kernel is locked down (diff) | |
| download | wireguard-linux-7d31f4602f8d366072471ca138e4ea7b8edf9be0.tar.xz wireguard-linux-7d31f4602f8d366072471ca138e4ea7b8edf9be0.zip | |
kexec_load: Disable at runtime if the kernel is locked down
The kexec_load() syscall permits the loading and execution of arbitrary
code in ring 0, which is something that lock-down is meant to prevent. It
makes sense to disable kexec_load() in this situation.
This does not affect kexec_file_load() syscall which can check for a
signature on the image to be booted.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Matthew Garrett <mjg59@google.com>
Acked-by: Dave Young <dyoung@redhat.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
cc: kexec@lists.infradead.org
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'tools/perf/scripts/python/export-to-postgresql.py')
0 files changed, 0 insertions, 0 deletions