diff options
| author | Eric Paris <[email protected]> | 2009-08-13 13:44:57 +0000 |
|---|---|---|
| committer | James Morris <[email protected]> | 2009-08-14 01:18:37 +0000 |
| commit | 9188499cdb117d86a1ea6b04374095b098d56936 (patch) | |
| tree | 7c0dd23f2c98630c426cbd0bfbf5e46cc689091e /security/selinux/include/class_to_string.h | |
| parent | Networking: use CAP_NET_ADMIN when deciding to call request_module (diff) | |
| download | kernel-9188499cdb117d86a1ea6b04374095b098d56936.tar.gz kernel-9188499cdb117d86a1ea6b04374095b098d56936.zip | |
security: introducing security_request_module
Calling request_module() will trigger a userspace upcall which will load a
new module into the kernel. This can be a dangerous event if the process
able to trigger request_module() is able to control either the modprobe
binary or the module binary. This patch adds a new security hook to
request_module() which can be used by an LSM to control a processes ability
to call request_module().
Signed-off-by: Eric Paris <[email protected]>
Acked-by: Serge Hallyn <[email protected]>
Signed-off-by: James Morris <[email protected]>
Diffstat (limited to 'security/selinux/include/class_to_string.h')
0 files changed, 0 insertions, 0 deletions