Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / 9188499cdb117d86a1ea6b04374095b098d56936
commit9188499cdb117d86a1ea6b04374095b098d56936[log] [tgz]
authorEric Paris <eparis@redhat.com>Thu Aug 13 09:44:57 2009 -0400
committerJames Morris <jmorris@namei.org>Fri Aug 14 11:18:37 2009 +1000
tree7c0dd23f2c98630c426cbd0bfbf5e46cc689091e
parenta8f80e8ff94ecba629542d9b4b5f5a8ee3eb565c [diff]
security: introducing security_request_module

Calling request_module() will trigger a userspace upcall which will load a
new module into the kernel.  This can be a dangerous event if the process
able to trigger request_module() is able to control either the modprobe
binary or the module binary.  This patch adds a new security hook to
request_module() which can be used by an LSM to control a processes ability
to call request_module().

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
4 files changed
tree: 7c0dd23f2c98630c426cbd0bfbf5e46cc689091e
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. MAINTAINERS
  28. Makefile
  29. README
  30. REPORTING-BUGS