Re: [PATCH v4 next 2/3] modules:capabilities: automatic module loading restriction

On Mon, May 22, 2017 at 4:57 AM, Djalal Harouni wrote: > [...] > diff --git a/kernel/module.c b/kernel/module.c > index 4a3665f..ce7a146 100644 > --- a/kernel/module.c > +++ b/kernel/module.c > @@ -282,6 +282,8 @@ module_param(sig_enforce, bool_enable_only, 0644); > > /* Block

Re: [PATCH v4 next 2/3] modules:capabilities: automatic module loading restriction

On Mon, May 22, 2017 at 4:57 AM, Djalal Harouni wrote: > [...] > diff --git a/kernel/module.c b/kernel/module.c > index 4a3665f..ce7a146 100644 > --- a/kernel/module.c > +++ b/kernel/module.c > @@ -282,6 +282,8 @@ module_param(sig_enforce, bool_enable_only, 0644); > > /* Block module

[PATCH v4 next 2/3] modules:capabilities: automatic module loading restriction

Currently, an explicit call to load or unload kernel modules require CAP_SYS_MODULE capability. However unprivileged users have always been able to load some modules using the implicit auto-load operation. An automatic module loading happens when programs request a kernel feature from a module

[PATCH v4 next 2/3] modules:capabilities: automatic module loading restriction

Currently, an explicit call to load or unload kernel modules require CAP_SYS_MODULE capability. However unprivileged users have always been able to load some modules using the implicit auto-load operation. An automatic module loading happens when programs request a kernel feature from a module