git.kernel.dk Git - linux-2.6-block.git/commit

author	Eric Paris <eparis@redhat.com>
	Thu, 13 Aug 2009 13:44:57 +0000 (09:44 -0400)
committer	James Morris <jmorris@namei.org>
	Fri, 14 Aug 2009 01:18:37 +0000 (11:18 +1000)
commit	9188499cdb117d86a1ea6b04374095b098d56936
tree	7c0dd23f2c98630c426cbd0bfbf5e46cc689091e	tree \| snapshot
parent	a8f80e8ff94ecba629542d9b4b5f5a8ee3eb565c	commit \| diff

security: introducing security_request_module

Calling request_module() will trigger a userspace upcall which will load a
new module into the kernel. This can be a dangerous event if the process
able to trigger request_module() is able to control either the modprobe
binary or the module binary. This patch adds a new security hook to
request_module() which can be used by an LSM to control a processes ability
to call request_module().

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>

include/linux/security.h		diff \| blob \| blame \| history
kernel/kmod.c		diff \| blob \| blame \| history
security/capability.c		diff \| blob \| blame \| history
security/security.c		diff \| blob \| blame \| history