On Thu, 4 Oct 2012, Kees Cook wrote: > Now that kernel module origins can be reasoned about, provide a hook to > the LSMs to make policy decisions about the module file. This will let > Chrome OS enforce that loadable kernel modules can only come from its > read-only hash-verified root filesystem. Other LSMs can, for example, > read extended attributes for signatures, etc. > > Signed-off-by: Kees Cook <keesc...@chromium.org> > Acked-by: Serge E. Hallyn <serge.hal...@canonical.com> > Acked-by: Eric Paris <epa...@redhat.com> > Acked-by: Mimi Zohar <zo...@us.ibm.com>
Acked-by: James Morris <james.l.mor...@oracle.com> -- James Morris <jmor...@namei.org> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/