Eric Paris 9188499cdb security: introducing security_request_module ...

Calling request_module() will trigger a userspace upcall which will load a
new module into the kernel.  This can be a dangerous event if the process
able to trigger request_module() is able to control either the modprobe
binary or the module binary.  This patch adds a new security hook to
request_module() which can be used by an LSM to control a processes ability
to call request_module().

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>

2009-08-14 11:18:37 +10:00

..

integrity/ima

integrity: add ima_counts_put (updated)

2009-06-29 08:59:10 +10:00

keys

kernel: rename is_single_threaded(task) to current_is_single_threaded(void)

2009-07-17 09:10:42 +10:00

selinux

Security/SELinux: seperate lsm specific mmap_min_addr

2009-08-06 09:02:23 +10:00

smack

security/smack: Use AF_INET for sin_family field

2009-08-06 08:46:15 +10:00

tomoyo

TOMOYO: Remove next_domain from tomoyo_find_next_domain().

2009-06-19 18:48:18 +10:00

capability.c

security: introducing security_request_module

2009-08-14 11:18:37 +10:00

commoncap.c

Security/SELinux: seperate lsm specific mmap_min_addr

2009-08-06 09:02:23 +10:00

device_cgroup.c

devcgroup: skip superfluous checks when found the DEV_ALL elem

2009-06-18 13:03:47 -07:00

inode.c

securityfs: securityfs_remove should handle IS_ERR pointers

2009-05-12 11:06:11 +10:00

Kconfig

Security/SELinux: seperate lsm specific mmap_min_addr

2009-08-06 09:02:23 +10:00

lsm_audit.c

smack: implement logging V3

2009-04-14 09:00:19 +10:00

Makefile

Security/SELinux: seperate lsm specific mmap_min_addr

2009-08-06 09:02:23 +10:00

min_addr.c

Security/SELinux: seperate lsm specific mmap_min_addr

2009-08-06 09:02:23 +10:00

root_plug.c

rootplug: Remove redundant initialization.

2009-05-27 13:30:46 +10:00

security.c

security: introducing security_request_module

2009-08-14 11:18:37 +10:00