diff options
author | Eric Paris <eparis@redhat.com> | 2009-08-13 09:44:57 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-08-14 11:18:37 +1000 |
commit | 9188499cdb117d86a1ea6b04374095b098d56936 (patch) | |
tree | 7c0dd23f2c98630c426cbd0bfbf5e46cc689091e /security/integrity/ima/ima_policy.c | |
parent | a8f80e8ff94ecba629542d9b4b5f5a8ee3eb565c (diff) |
security: introducing security_request_module
Calling request_module() will trigger a userspace upcall which will load a
new module into the kernel. This can be a dangerous event if the process
able to trigger request_module() is able to control either the modprobe
binary or the module binary. This patch adds a new security hook to
request_module() which can be used by an LSM to control a processes ability
to call request_module().
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/integrity/ima/ima_policy.c')
0 files changed, 0 insertions, 0 deletions