Re: [PATCH 2/4] security: introduce kernel_module_from_file hook

From: James Morris
Date: Fri Oct 05 2012 - 06:18:29 EST

Next message: Inderpal Singh: "[PATCH v2 2/4] DMA: PL330: Change allocation method to properly free DMA descriptors"
Previous message: Inderpal Singh: "[PATCH v2 4/4] DMA: PL330: unregister dma_device in module's remove function"
In reply to: Kees Cook: "[PATCH 2/4] security: introduce kernel_module_from_file hook"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 4 Oct 2012, Kees Cook wrote:

> Now that kernel module origins can be reasoned about, provide a hook to
> the LSMs to make policy decisions about the module file. This will let
> Chrome OS enforce that loadable kernel modules can only come from its
> read-only hash-verified root filesystem. Other LSMs can, for example,
> read extended attributes for signatures, etc.
>
> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
> Acked-by: Serge E. Hallyn <serge.hallyn@xxxxxxxxxxxxx>
> Acked-by: Eric Paris <eparis@xxxxxxxxxx>
> Acked-by: Mimi Zohar <zohar@xxxxxxxxxx>

Acked-by: James Morris <james.l.morris@xxxxxxxxxx>

--
James Morris
<jmorris@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Inderpal Singh: "[PATCH v2 2/4] DMA: PL330: Change allocation method to properly free DMA descriptors"
Previous message: Inderpal Singh: "[PATCH v2 4/4] DMA: PL330: unregister dma_device in module's remove function"
In reply to: Kees Cook: "[PATCH 2/4] security: introduce kernel_module_from_file hook"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]