Now we have the capability to load only that code which is signed using sys_kexec(). so there is no need to disable kexec when secure_modules is enabled.
Signed-off-by: Vivek Goyal <[email protected]> --- kernel/kexec.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/kernel/kexec.c b/kernel/kexec.c index f15e302..a801d10 100644 --- a/kernel/kexec.c +++ b/kernel/kexec.c @@ -966,13 +966,6 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments, if (!capable(CAP_SYS_BOOT)) return -EPERM; - /* - * kexec can be used to circumvent module loading restrictions, so - * prevent loading in that case - */ - if (secure_modules()) - return -EPERM; - result = check_task_signature(); if (result) return result; -- 1.8.3.1 _______________________________________________ kernel mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/kernel
