Searched hist:"3 d43321b7015387cfebbe26436d0e9d299162ea1" (Results 1 – 1 of 1) sorted by relevance
| /openbmc/linux/kernel/ |
| H A D | sysctl.c | diff 3d43321b7015387cfebbe26436d0e9d299162ea1 Thu Apr 02 17:49:29 CDT 2009 Kees Cook <kees@ubuntu.com> modules: sysctl to block module loading
Implement a sysctl file that disables module-loading system-wide since
there is no longer a viable way to remove CAP_SYS_MODULE after the system
bounding capability set was removed in 2.6.25.
Value can only be set to "1", and is tested only if standard capability
checks allow CAP_SYS_MODULE. Given existing /dev/mem protections, this
should allow administrators a one-way method to block module loading
after initial boot-time module loading has finished.
Signed-off-by: Kees Cook <kees.cook@canonical.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
|